Privacy Policy

Last Updated: November 10, 2025

This Privacy Policy complies with the Data Protection Act, 2012 (Act 843) of Ghana

1. Introduction

Welcome to Locked ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy in accordance with the Data Protection Act, 2012 (Act 843) of Ghana and the Electronic Transactions Act, 2008 (Act 772).

Locked is an event discovery, ticketing, voting, and venue booking platform operating in Ghana. We facilitate connections between event organizers, venue owners, and attendees while providing comprehensive event management and ticketing services. As a data controller under the Data Protection Act, we are registered with the Data Protection Commission of Ghana.

By accessing or using our Platform at locked.com (the "Platform"), you consent to the collection and use of your personal data in accordance with this Privacy Policy and applicable Ghanaian data protection laws.

If you do not agree with our policies and practices, please do not use our Platform. Your continued use of the Platform constitutes acceptance of any updates to this Privacy Policy.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Platform:

  • Account Information: Name, email address, phone number, password, date of birth, profile photo, and account preferences
  • Profile Information: Bio, social media links, website, organization name, and professional details for organizers and venue owners
  • Event Information: Event titles, descriptions, dates, times, locations, categories, images, videos, pricing, and ticketing details
  • Venue Information: Venue name, address, capacity, amenities, photos, pricing, availability, and booking details
  • Payment Information: Mobile money details, bank account information (for organizers receiving payouts), and transaction history
  • Communication Data: Messages sent through our platform, customer support inquiries, feedback, and reviews
  • Verification Documents: Government-issued IDs, business registration documents for role verification
  • User-Generated Content: Event comments, ratings, reviews, photos uploaded to events or venues

2.2 Information Collected Automatically

When you access our Platform, we automatically collect certain information:

  • Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
  • Usage Data: Pages viewed, time spent on pages, click data, search queries, events browsed, events locked/saved
  • Location Data: General geographic location based on IP address; precise location if you grant permission
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies, and local storage data
  • Log Data: Server logs including access times, pages viewed, and error logs

2.3 Information from Third Parties

We may receive information from third-party services:

  • Social Media: Profile information when you sign in using Google, Facebook, or other social authentication
  • Payment Processors: Transaction confirmations and payment status from Hubtel and other payment providers
  • Analytics Services: Aggregated usage statistics from Vercel Analytics and other analytics tools
  • Verification Services: Identity verification results from third-party verification providers

3. How We Use Your Information

We use your information for the following purposes:

3.1 Platform Services

  • Create and manage your user account
  • Process event registrations and ticket purchases
  • Facilitate venue bookings and availability management
  • Enable event voting and contestant management
  • Generate and deliver QR code tickets
  • Process payments and manage financial transactions
  • Send event confirmations, reminders, and updates
  • Manage role requests (organizer, venue owner applications)

3.2 Communication

  • Send transactional emails (order confirmations, password resets, account notifications)
  • Provide customer support and respond to inquiries
  • Send marketing communications about featured events and platform updates (with your consent)
  • Notify organizers of new bookings, ticket sales, and revenue updates
  • Alert venue owners of booking requests and confirmations

3.3 Personalization

  • Recommend events based on your preferences, browsing history, and saved events
  • Customize your feed with relevant categories and locations
  • Remember your preferences and settings
  • Display personalized content and featured events

3.4 Analytics and Improvement

  • Analyze platform usage patterns and user behavior
  • Monitor event engagement metrics (views, locks, shares, clicks)
  • Calculate engagement scores for featured event algorithms
  • Track organizer and event performance analytics
  • Identify and fix technical issues
  • Improve platform features and user experience

3.5 Security and Fraud Prevention

  • Verify user identities and prevent fraud
  • Detect and prevent unauthorized access
  • Monitor for suspicious activity and policy violations
  • Investigate and resolve disputes
  • Enforce our Terms of Service

3.6 Legal Compliance

  • Comply with the Data Protection Act, 2012 (Act 843) and other Ghanaian laws
  • Respond to lawful requests from the Ghana Police Service, courts, and regulatory authorities
  • Comply with the Electronic Transactions Act, 2008 (Act 772) for electronic commerce
  • Meet obligations under the Income Tax Act, 2015 (Act 896) and VAT Act, 2013 (Act 870)
  • Protect our rights, property, and safety as permitted under Ghanaian law
  • Maintain financial records in accordance with Companies Act, 2019 (Act 992)

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Event Organizers and Venue Owners

When you purchase tickets or book venues, we share your contact information (name, email, phone number) with the respective organizer or venue owner to facilitate event coordination and communication.

4.2 With Payment Processors

We share payment information with Hubtel and other payment service providers to process transactions. These providers have their own privacy policies governing the use of your information.

4.3 With Service Providers

We share information with trusted third-party service providers who help us operate our Platform:

  • Supabase: Database and authentication services
  • Vercel: Platform hosting and deployment
  • Email Services: Transactional and marketing email delivery
  • SMS Providers: SMS notifications and alerts
  • Cloud Storage: Image and file hosting services
  • Analytics Tools: Vercel Analytics and Google Vision for image moderation

4.4 Public Information

Certain information is publicly visible on our Platform:

  • Organizer and venue owner public profiles (name, bio, social links)
  • Public event details (title, description, date, location, images)
  • Public venue information (name, address, photos, amenities)
  • Event ratings and reviews (with your display name)
  • Event engagement metrics (attendee count, popularity indicators)

4.5 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change.

4.6 Legal Requirements

We may disclose your information if required by Ghanaian law, including:

  • Court orders issued by Ghanaian courts under the Courts Act, 1993 (Act 459)
  • Lawful requests from the Ghana Police Service under the Police Service Act, 1970 (Act 350)
  • Compliance with the Economic and Organised Crime Office (EOCO) Act, 2010 (Act 804)
  • Requirements under the Anti-Money Laundering Act, 2020 (Act 1044)
  • Obligations under the Cybersecurity Act, 2020 (Act 1038)
  • Protecting our legal rights under the Constitution of Ghana, 1992
  • Preventing fraud and ensuring public safety as required by law

4.7 With Your Consent

We may share your information with third parties when you give us explicit consent to do so, in accordance with Section 11 of the Data Protection Act, 2012 (Act 843).

5. Data Storage and Security

5.1 Data Storage

Your information is stored on secure servers provided by Supabase and Vercel. While data may be processed internationally, we ensure compliance with the Data Protection Act, 2012 (Act 843) which permits cross-border data transfer when adequate safeguards are in place (Section 40). We maintain data processing agreements with our service providers to protect your rights under Ghanaian law.

5.2 Security Measures

In compliance with Section 19 of the Data Protection Act, we implement appropriate technical and organizational measures to protect your information:

  • Encryption of data in transit using SSL/TLS as required by the Electronic Transactions Act, 2008
  • Encryption of sensitive data at rest in compliance with security standards
  • Secure authentication using industry-standard protocols
  • Row-level security policies and access controls
  • Regular security audits in line with the Cybersecurity Act, 2020 (Act 1038)
  • Monitoring for unauthorized access and breach detection systems
  • Staff training on data protection obligations under Ghanaian law

5.3 Data Retention

In accordance with Section 20 of the Data Protection Act, we retain your information only as long as necessary to:

  • Provide our services and maintain your account
  • Comply with the Income Tax Act, 2015 (Act 896) - 6 years for financial records
  • Meet obligations under the Companies Act, 2019 (Act 992) for business records
  • Resolve disputes and enforce agreements
  • Comply with other legal retention requirements

After you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by Ghanaian law or legitimate business purposes as permitted under the Data Protection Act.

6. Your Privacy Rights Under Ghanaian Law

Under the Data Protection Act, 2012 (Act 843), you have the following rights regarding your personal data:

6.1 Right of Access (Section 31)

You have the right to request confirmation of whether we process your personal data and to access such data. You can view and download your data through your account settings or by submitting a formal request to our Data Protection Officer.

6.2 Right to Correction (Section 30)

You have the right to request correction of inaccurate or incomplete personal data. You can update your profile information, preferences, and account details at any time through your account settings.

6.3 Right to Erasure (Section 32)

You can request deletion of your personal data by:

  • Using the "Delete Account" option in your account settings
  • Contacting our Data Protection Officer at dpo@locked.com
  • Filing a request with the Data Protection Commission of Ghana

Note: We may retain certain information where required by law (e.g., tax records under the Income Tax Act) or where we have a legitimate interest as permitted under the Data Protection Act.

6.4 Right to Object to Processing (Section 33)

You can object to the processing of your personal data for direct marketing purposes at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Adjusting your email preferences in account settings
  • Contacting us at support@locked.com

Note: You will still receive transactional communications necessary for service delivery.

6.5 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Data Protection Commission of Ghana

Address: No. 18 Dr. Isert Road, North Ridge, Accra

Email: info@dataprotection.org.gh

Phone: +233 (0)302 971 370

Website: www.dataprotection.org.gh

6.6 Cookie Preferences

You can manage cookie preferences through your browser settings. However, disabling certain cookies may limit platform functionality.

6.6 Object to Processing

You have the right to object to certain types of data processing, including:

  • Direct marketing activities
  • Automated decision-making and profiling
  • Processing based on legitimate interests

6.7 Exercising Your Rights

To exercise any of these rights, please contact us at lockedeventsgh@gmail.com. We will respond to your request within 30 days.

7. Children's Privacy

Our Platform is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at lockedeventsgh@gmail.com, and we will delete such information.

Users between 13 and 18 years old must have parental consent to use our Platform and make purchases.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of standard contractual clauses and ensuring our service providers maintain appropriate security measures.

9. Third-Party Links and Services

Our Platform may contain links to third-party websites, including:

  • Event organizer websites and social media profiles
  • Venue websites and booking platforms
  • Social media platforms (Facebook, Twitter, Instagram, LinkedIn, TikTok)
  • Payment processor websites
  • Partner and affiliate websites

We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing any information.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

  • Essential Cookies: Required for platform functionality, including authentication, session management, and security
  • Preference Cookies: Remember your settings, view preferences, and language choices
  • Analytics Cookies: Help us understand how users interact with our Platform (Vercel Analytics)
  • Marketing Cookies: Track visits across websites for advertising purposes (with your consent)

10.2 Local Storage

We use browser local storage to:

  • Store user preferences (view modes, filters, saved searches)
  • Cache recently viewed events for recommendations
  • Maintain locked/saved events for quick access
  • Store authentication tokens securely

10.3 Managing Cookies

You can control cookies through your browser settings. For more information, see our Cookie Policy.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our Platform

Your continued use of the Platform after changes become effective constitutes your acceptance of the revised Privacy Policy.

8. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

privacy@locked.com

For privacy-specific inquiries

General Support

support@locked.com

For general questions and support

Phone

+233 XX XXX XXXX

Available Monday - Friday, 9AM - 5PM GMT

Mailing Address

Locked Platform
[Address Line 1]
[City], Ghana

15. Related Legal Documents

For more information about how we operate, please review our related legal documents:

Acknowledgment

By using Locked, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use our Platform.