MrStubs Privacy Policy
Effective date: July 10, 2026
Controller: Black Asterisk LLC, a Wyoming limited liability company, d/b/a MrStubs
This Privacy Policy explains how MrStubs collects, uses, shares, and protects personal information when you use our event-ticketing platform. The Services are offered in and directed to the United States only.
1. Who we are and how to reach us
MrStubs is operated by Black Asterisk LLC, 30 N Gould St Ste R, Sheridan, WY 82801-6317. For privacy questions or to exercise your rights, contact [email protected] or use the request method in Section 10.
2. Scope
This policy covers personal information we handle as a controller across our website, apps, and services. It does not cover: (a) the separate privacy practices of Organizers, who are independent controllers of their attendees' data; (b) third-party payment processors, who handle payment data under their own policies; or (c) third-party sites we link to.
3. Information we collect
From account holders (Buyers and Organizers): name, email, phone (if provided), password (stored hashed), and profile details you add.
From ticket purchases: the event, ticket type and quantity, order amount, service fee, tax, and order history. We do not collect or store full payment card numbers. Card and bank details are entered directly with our PCI-DSS-compliant payment processors (currently Stripe; additional processors such as Square or PayPal may be added later); we receive only limited, non-sensitive confirmation data (for example, a processor token, the last four digits, card brand, and authorization result).
From Organizers: business/tax identity details you provide for onboarding, and payout-account connection status (the connection itself is held by the processor).
Automatically: device and usage data — IP address, browser and device type, pages viewed, referring URLs, and similar analytics, collected via cookies and similar technologies (see our Cookie Notice).
From communications: messages you send us, support tickets, and survey responses.
We do not knowingly collect sensitive categories of data beyond what is needed to sell a ticket.
4. How we use information
We use personal information to: create and manage accounts; process and confirm ticket orders through the Organizer's payment processor; deliver tickets and receipts; provide customer and technical support; operate, secure, and improve the Services; detect and prevent fraud and abuse; send transactional messages; send marketing messages consistent with your choices and with CAN-SPAM (you can opt out of marketing at any time); and comply with law.
We do not sell your personal information for money. See Section 11 for how "sale" and "sharing" are defined under state law and how to opt out of cross-context behavioral advertising.
6. Payment data and processors
MrStubs never stores your full card number. Payment card and bank information is collected and stored by PCI-DSS-compliant processors under their own privacy policies (currently Stripe; additional processors such as Square or PayPal may be added later). We keep only order metadata and non-sensitive references.
8. Data retention
We keep personal information for as long as your account is active and as needed to provide the Services, then for the period required to meet legal, tax, accounting, dispute-resolution, and fraud-prevention obligations, after which we delete or de-identify it.
9. Data security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, and reliance on PCI-DSS-compliant processors for payment data. No system is perfectly secure; we cannot guarantee absolute security.
10. Your privacy rights (all users)
You may ask us to access, correct, or delete your personal information, and to receive a copy of it, by contacting [email protected]. We will verify your identity before acting. We will respond within the time the law requires (generally 45 days, extendable once where permitted). If we deny your request, you may appeal by replying to our response or emailing [email protected] with "Privacy Appeal" in the subject line. We do not discriminate against you for exercising your rights.
11. Your rights under U.S. state privacy laws
Residents of states with comprehensive privacy laws — including California (CCPA/CPRA), Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA) , and other states with similar laws — have the rights below, to the extent the law applies:
- Right to know / access the categories and specific pieces of personal information we collect, use, and disclose.
- Right to correct inaccurate personal information.
- Right to delete personal information, subject to legal exceptions.
- Right to data portability — a copy in a portable format.
- Right to opt out of the "sale" or "sharing" of personal information and of "targeted" or "cross-context behavioral" advertising. We honor opt-out preference signals such as Global Privacy Control (GPC) where required.
- Right to limit use of sensitive personal information (California), if we process any.
- Right to non-discrimination for exercising these rights.
- Right to appeal a denial of a request (Colorado, Virginia, Connecticut, and others).
How to exercise: email [email protected]. An authorized agent may submit on your behalf with proof of authorization. To opt out of sale/sharing/targeted advertising, use the cookie-preference controls described in our Cookie Notice or email [email protected].
California "shine the light": California residents may request information about disclosures to third parties for their direct marketing.
12. Children
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). Buyers must be 18 or the age of majority in their state. If you believe a child under 13 has provided us information, contact us and we will delete it.
13. Do Not Track and opt-out signals
Some browsers send "Do Not Track" or GPC signals. We honor GPC as an opt-out of sale/sharing where required by law.
14. Third-party links
The Services may link to third-party sites (including Organizer sites and payment processors). We are not responsible for their privacy practices; review their policies.
15. If you are not one of our users
We may still process limited information about people who do not have an account — for example, if an Organizer adds you to a guest list or you appear in content an Organizer uploads. The rights in this Policy apply to that information too; contact [email protected] to exercise them.
16. Changes to this policy
We may update this policy. We will post the updated version with a new effective date and, for material changes, provide reasonable notice.
17. Contact
Privacy contact: [email protected], or Black Asterisk LLC, 30 N Gould St Ste R, Sheridan, WY 82801-6317, Attn: Legal.