PassKit Privacy Policy

Learn how PassKit collects, uses, shares, and protects personal information, and understand your privacy rights and choices.

Last Updated: January 8, 2026.

PassKit, Inc. (“PassKit”, “we”, “us” or “our”) respects your privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our websites, products, and services, and describes your privacy rights and choices.

1. Privacy in plain English

Who we are

PassKit provides a cloud-based platform for creating, issuing, updating, and managing digital wallet passes such as loyalty cards, coupons, tickets, and membership cards.

When we're a controller vs a processor

  • Controller: When you visit our website, contact sales or support, attend events, apply for a job, or use PassKit as an authorised user, we decide how and why your data is used.
  • Processor: When our customers use PassKit to issue passes to their end-customers, we process that data on their behalf. Our customers are responsible for their own privacy notices.

What we collect

We collect information such as contact details, account information, usage and technical data, communications, and limited billing-related data.

Why we use it

Primarily to provide and operate the PassKit Platform, manage accounts and billing, communicate with you, improve our services, secure our systems, and comply with legal obligations.

Cookies & tracking

We use cookies and similar technologies to operate our sites, understand usage, and (where permitted) support analytics and marketing. You can manage your preferences at any time.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain uses of your personal information, and to lodge complaints with regulators.

2. When this Privacy Policy applies

This Policy applies when you interact with:

  • websites that link to this Privacy Policy, including https://passkit.com and https://app.passkit.com;
  • demo passes, mobile applications, and other software linking to this Privacy Policy;
  • our branded social media pages;
  • our communications with you (email, phone, messages);
  • events, meetings, and webinars;
  • job applications you submit;
  • business relationship enquiries; and
  • the PassKit Platform as an authorised user.

This Privacy Policy does not govern personal information processed by PassKit on behalf of customers within the PassKit Platform. That processing is governed by our Data Processing Agreement and the relevant customer's privacy notice.

3. Personal information we collect

3.1 Information you provide directly

Depending on how you interact with us, we may collect:

  • name, email address, phone number;
  • job title, company name, industry, and address;
  • account registration and login details;
  • communications with sales, support, or other teams;
  • event registrations and attendance details;
  • survey responses and feedback;
  • job application information; and
  • visitor registration details when you visit our offices.

3.2 Information collected automatically

When you use our websites, applications, or services, we may automatically collect:

  • IP address and approximate location;
  • device identifiers, browser type, operating system, and settings;
  • pages viewed, features used, links clicked, and timestamps;
  • app and pass activation, update, and version data;
  • usage, performance, and diagnostic data.

3.3 Information from other sources

We may receive information about you from:

  • publicly available sources;
  • marketing, event, or business partners;
  • social media platforms (in accordance with their terms); and
  • payment processors for billing-related purposes.

We require third parties to confirm that they are permitted to share such information with us.

3.4 Billing and payment information

Billing and payment processing is handled by third-party providers such as Stripe, Inc. PassKit receives limited billing-related information (such as contact details, billing address, and payment reference data). Payment method details are processed and stored by the payment provider in accordance with their own privacy notices.

Billing, invoicing, refunds, and charge disputes are governed by our Subscription Service Agreement and Refund Policy, which apply in addition to this Privacy Policy.

4. Customer Data processed on behalf of customers

When PassKit processes personal information as part of Customer Data submitted to or processed through the PassKit Platform, we act as a data processor or service provider on behalf of the customer.

Customers are responsible for:

  • providing legally compliant privacy notices to their end users;
  • obtaining all required rights and consents;
  • ensuring compliance with applicable data protection laws; and
  • ensuring that prohibited or sensitive data (such as government-issued identification numbers, health information, payment card data, financial account numbers, passwords, or special categories of personal data under GDPR) is not submitted to the PassKit Platform, except where expressly permitted under our agreements.

If you are an end user of a customer's pass and wish to exercise your privacy rights, please contact that customer directly.

5. How and why we use personal information (legal bases)

Where applicable under GDPR and similar laws, we process personal information for the following purposes and legal bases:

Purpose of processing Legal basis
Providing and operating the Services Performance of a contract; legitimate interests
Account administration and billing Performance of a contract
Communications and support Legitimate interests
Marketing communications Legitimate interests; consent where required
Analytics and service improvement Legitimate interests; consent where required
Security, fraud prevention, and abuse detection Legitimate interests
Legal compliance and enforcement Legal obligation

6. Cookies, tracking technologies, and analytics

We use cookies, SDKs, and similar technologies to operate our Sites and Services, understand usage, and (where permitted) support analytics and marketing.

Types of cookies

  • Essential cookies: Required for functionality, security, and access.
  • Functional/performance cookies: Help us understand usage and improve performance.
  • Targeting/advertising cookies: Used to deliver relevant marketing where permitted.

Where required by law (including in the EEA and UK), non-essential cookies are not placed unless you have provided consent. You can manage your preferences using the Cookie Settings link on our Sites or through your browser or device settings.

We use tools such as Google Analytics and Microsoft Clarity to understand how our Sites are used.

Do Not Track

Our Sites do not currently respond to browser “Do Not Track” signals.

7. How we share personal information

We may share personal information with:

  • service providers (hosting, analytics, billing, communications, support);
  • business partners for joint offerings or events (where you register or express interest);
  • affiliates within the PassKit group;
  • authorities or other parties where required by law or to protect rights and safety; and
  • parties involved in a merger, acquisition, financing, or similar transaction.

All sharing is subject to appropriate contractual, security, and confidentiality safeguards.

PassKit engages trusted sub-processors to support the operation of the Services (such as cloud hosting, analytics, communications, and support providers). Sub-processors are subject to contractual obligations regarding confidentiality, data protection, and security, consistent with applicable data protection laws.

8. Aggregated and anonymised data

We may create and use aggregated or anonymised data that no longer identifies individuals for analytics, benchmarking, service improvement, and industry insights. Such data is not personal information.

9. International data transfers

We may process and store personal information in the United States, European Economic Area, United Kingdom, Hong Kong SAR, Thailand, and other countries where we or our service providers operate.

Where required by law, international transfers are conducted using appropriate safeguards such as Standard Contractual Clauses or equivalent lawful transfer mechanisms.

10. Security

We implement appropriate technical, organizational, and physical safeguards designed to protect personal information against unauthorised access, use, disclosure, alteration, or destruction.

No system is completely secure. You are responsible for maintaining the confidentiality of your account credentials. If you believe your information is no longer secure, please contact us immediately.

11. Data retention

We retain personal information only for as long as necessary to:

  • provide the Services;
  • fulfil the purposes described in this Privacy Policy;
  • comply with legal, accounting, and reporting obligations; and
  • resolve disputes and enforce agreements.

When no longer required, personal information is deleted, anonymised, or securely isolated.

12. Automated decision-making

PassKit does not itself carry out automated decision-making that produces legal or similarly significant effects within the meaning of applicable data protection laws.

Customers are solely responsible for the content, logic, rules, and data associated with the passes they create and manage using the PassKit Platform, including any automated decision-making or personal data processing they implement.

13. Your rights and choices

Marketing communications

You may opt out of marketing emails at any time using the “Unsubscribe” link or by contacting us. We may still send non-marketing service-related communications.

GDPR / UK GDPR (EEA & UK residents)

You may have the right to:

  • access your personal information;
  • correct inaccurate or incomplete data;
  • request deletion;
  • restrict or object to processing;
  • receive a copy of your data (portability); and
  • withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority.

US state privacy rights

Depending on your state of residence (including California, Colorado, Virginia, and Nevada), you may have additional rights. PassKit does not sell personal information as defined under applicable state laws.

Customer data rights

Requests relating to Customer Data processed on behalf of a customer must be directed to that customer.

14. Children

Our Services are not directed to individuals under 16, and we do not knowingly collect personal information from children under 16.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted on our Sites or otherwise communicated as required by law. Continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact us

For privacy-related enquiries, PassKit can be contacted via privacy@passkit.com, which is monitored by our privacy and compliance team.

PassKit's privacy and compliance team oversees data protection compliance and responds to privacy enquiries.

PassKit, Inc.
131 Continental Drive
Suite 301
Newark
Delaware, 19713
privacy@passkit.com
852-5804-9280