Ticket Privacy Policy

Ticket is a competitive intelligence product for restaurant operators. Ticket is operated by Alive Labs (“Alive Labs,” “we,” “us,” or “our”), a product company based in Dallas–Fort Worth, Texas, and is powered by the Vatic intelligence platform.

This Privacy Policy explains what information we collect through getticket.ai and the Ticket product (together, the “Service”), how we use and share it, and the choices you have.

For information about Alive Labs more broadly, see the Alive Labs Privacy Policy. This Ticket-specific policy controls for anything relating to the Ticket Service.

Questions? Contact privacy@getticket.ai.

1. Who This Policy Applies To

Two groups of people have information processed through the Service:

Ticket Operators (our customers)

Restaurant owners, operators, and marketing leaders who sign up for a Ticket account — from single-location independents to multi-location brands. If you hold or are associated with a Ticket account, you are an Operator for purposes of this Policy. Alive Labs is the data controller for Operator information.

Individuals Whose Public Signals We Process

Ticket monitors public signalsabout restaurants to deliver competitive intelligence. This includes public websites, publicly posted menus and prices, public local-search listings, public social content, and publicly published reviews. Where this public information includes personal information about individuals — for example, a review author's public display name, or a business owner's name publicly listed on a restaurant's website — Alive Labs processes that information as a controller for the limited purpose of producing competitive intelligence briefings for our Operator customers. See Section 4.

2. Scope

This Policy applies to:

• Visitors to getticket.ai.
• People who request Early Access, submit a demo request, join the waitlist, or otherwise contact Ticket.
• Operators (account holders and their authorized users).
• Billing and support interactions with Operators.

This Policy does not apply to:

• Third-party websites linked from the Service.
• Personal information that Operators themselves collect from their own customers in the course of running their restaurants (Operators are responsible for their own privacy practices).
• Deployments of Cerno, Veris, or other Alive Labs products — each has its own terms.

3. Information We Collect From Operators

3.1 Account and Profile Information

When you request Early Access, sign up, or use the Service, we collect:

• Name, email, phone, job title, business name, business address.
• Restaurant details — locations, concepts, competitive set, business context you choose to share.
• Account credentials and authentication details.
• Billing information (handled by our payment processor; Alive Labs does not store card numbers).
• Communications you send us (support tickets, emails, chat messages, survey responses, meeting recordings you consent to).

3.2 Usage and Device Data

When you use the Service, we and our service providers automatically collect:

• Log and device data — IP address, browser, operating system, device identifiers, time zone.
• Feature usage — what you view, click, configure, and export; session data; error logs.
• Cookies and similar technologies (see Section 10).

3.3 Configuration and Content You Provide

To operate the Service, we process:

• Competitive sets you define— the restaurants you want Ticket to monitor (names, locations, menu URLs, social handles, and similar identifiers).
• Notification preferences— how and when you want to be alerted.
• Feedback and annotations— marks on briefings that help us tune relevance.

3.4 Third-Party Information

We may receive information from:

• Data enrichment providers (for B2B sales and account verification).
• Analytics partners.
• Integrated services you connect to your Ticket account.
• Referrals from partners or other Operators.

4. Information We Collect About Third Parties Through Public Monitoring

4.1 What We Collect

To deliver competitive intelligence to Operators, Ticket monitors public, defensible signals about restaurants in competitive sets defined by our Operators. This can include:

• Publicly posted menu items, prices, promotions.
• Publicly listed business information (hours, addresses, ownership names where publicly posted).
• Public local search listings and Google Business Profiles.
• Public social content posted by businesses and, where publicly available, related public content mentioning those businesses.
• Publicly published reviews and customer sentiment.
• Public SEO and visibility signals.

4.2 What We Do Not Collect

• Private operational data (POS data, back-office systems, internal pricing models, employee records).
• Private messages or private social content.
• Non-public customer information.
• Content behind authentication walls, unless we have explicit authorization.

4.3 Our Role and Legal Basis

Alive Labs acts as a data controller for the limited personal information that appears inside public business signals we process. We process this information because:

• Under US state privacy laws, publicly available information generally falls outside the definition of protected “personal information,” and our processing is for legitimate business intelligence purposes.
• Under GDPR, we rely on legitimate interests(Art. 6(1)(f)) — delivering competitive intelligence to business customers about public information, balanced against the reasonable expectations of individuals whose public business signals are being summarized.

4.4 Your Rights If You Are Referenced in Ticket Content

If you believe Ticket references personal information about you — for example, your review, a public listing, or a post — and you want it reviewed, email privacy@getticket.ai with the subject line “Signal Review.” We will:

• Evaluate the request within 30 days.
• Remove or suppress the signal where applicable law requires.
• For public-business-record content (menus, hours, business-account social posts), apply a legitimate-interests balancing test.
• Respond to GDPR, CCPA, CPA, VCDPA, CTDPA, UCPA, TDPSA, and other state privacy requests under the rights listed in Section 11.

5. How We Use Information

We use information collected through the Service to:

• Provide the Service— maintain accounts, deliver briefings and alerts, enable features, support exports and integrations.
• Operate our intelligence pipeline— capture public signals, synthesize them, score confidence (High / Medium / Directional), and deliver intelligence in the Operator's preferred format and tempo.
• Communicate with you— respond to inquiries, send transactional messages (billing, security, service changes), and — where you have opted in — send updates, tips, and marketing about Ticket and related products.
• Improve the Service— analyze how Operators use Ticket, evaluate relevance, tune models, and develop new features.
• Train and evaluate models— use de-identified, aggregated, or consented Operator data to improve detection, scoring, and synthesis. We do not send Operator competitive sets or briefing content to AI providers for training general-purpose models.
• Secure the Service— detect and prevent fraud, abuse, and unauthorized access.
• Meet legal obligations— respond to legal requests, enforce our terms, and comply with applicable law.

Legal Bases (EU/UK)

Where GDPR applies:

• Contract— to provide the Service you have subscribed to.
• Legitimate interests— to operate, secure, and improve the Service, and to process public signals for competitive intelligence.
• Consent— for non-essential cookies and optional marketing.
• Legal obligation— for tax, accounting, and response to lawful requests.

6. How We Share Information

We share information in these circumstances:

Service Providers

Ticket is built on a stack of vendors that act as processors on our instructions under written agreements. Categories include:

• Infrastructure and hosting (including Railway, Vercel, Neon).
• Email delivery (including Resend).
• Operator communications and CRM (including HubSpot).
• Observability and logging (including Langfuse).
• Content management (including Sanity).
• Analytics providers.
• Payment processor for Ticket subscriptions.
• AI model providers, including Anthropic, used for intelligence synthesis. We minimize what is sent to model providers and use providers that commit to not training general-purpose models on our customer data.

Between Ticket and Alive Labs

Alive Labs operates Ticket. Internal administrative information (billing, security, escalations) may be shared between Ticket and Alive Labs' central operations.

At Operator Direction

If you integrate Ticket with a third-party service or authorize us to deliver briefings to a specific recipient, we share information as directed.

Legal and Safety

We may disclose information to comply with law, enforce our terms, protect rights, property, or safety, or respond to lawful requests by public authorities.

Business Transfers

If Alive Labs is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.

With Consent

For any other purpose, with your consent.

We do not sell Operator personal information for money. Where state law treats some analytics/advertising activity as “sale” or “sharing” for cross-context behavioral advertising, you can opt out — see Section 11.

7. “Intelligence Without Execution”

Ticket is a briefing system, not an execution platform. Ticket does not post content, schedule campaigns, manage channels, send marketing messages on your behalf, or claim attribution on any platform. Information flows from public sources → into Ticket → to you. We do not push Operator content out, and we do not transmit Operator information to competitors or to any third party for their marketing purposes.

8. Data Retention

• Active account data: for the life of your Ticket account plus a post-termination period for backup, audit, and dispute resolution (typically up to 90 days for active records, longer for financial/legal records).
• Public signal archives: for up to 24 months to support trend analysis. De-identified aggregates may be retained longer.
• Billing and tax records: as required by applicable law.
• Marketing records: while the business relationship is reasonably active, plus a limited follow-up window.
• Deleted data: when you delete your account, we initiate deletion or anonymization according to our standard process; some data may persist in backups for a limited period before expiring.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect information in the Service. These include access controls, encryption in transit and at rest where practicable, segmented infrastructure, least-privilege access, logging and monitoring, vendor diligence, and an incident response process.

No system is perfectly secure. If we experience a breach of personal information, we will notify affected Operators and regulators as required by applicable law.

10. Cookies and Tracking Technologies

The Service uses cookies and similar technologies to operate the site, keep you signed in, remember preferences, measure performance, and (with your consent) support marketing. Categories include strictly necessary, functional, analytics, and marketing. Where required by law, our cookie banner lets you accept, reject, or customize non-essential cookies. You can change your choices any time through the cookie preferences link in our footer.

We honor the Global Privacy Control (GPC)signal as a valid opt-out of “sale” and “sharing” where applicable law requires.

11. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information. Ticket extends the following rights to all individuals who interact with the Service, to the extent reasonable and consistent with law:

• Access— request a copy of personal information we hold about you.
• Correction— request that we fix inaccurate information.
• Deletion— request that we delete personal information, subject to legal exceptions.
• Portability— receive a portable copy of information you provided.
• Objection and restriction— object to or ask us to restrict certain processing.
• Opt out of targeted advertising, “sale,” or “sharing” where state law provides this right.
• Opt out of profiling that produces significant effects, where applicable.
• Withdraw consent where processing is based on consent.
• Non-discrimination— we will not deny service, charge different prices, or provide different quality because you exercise a privacy right.

How to Exercise Rights

Email privacy@getticket.ai or use the request form in your account. We will verify your identity and respond within the period required by applicable law (generally 30–45 days). If we deny a request, we will explain why and how to appeal.

Signal Review Requests

For requests about content Ticket has processed from public sources, use the subject line “Signal Review” as described in Section 4.4.

California, EU/UK, and Other Jurisdictions

California residents have rights under the CCPA/CPRA, including to opt out of “sale” and “sharing” and to limit use of sensitive personal information. EU, UK, and Swiss residents have GDPR rights and may lodge a complaint with their local supervisory authority. Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other US states with privacy laws have the rights provided by those laws, including appeal rights (send appeals to privacy@getticket.ai with subject “Appeal”).

12. International Data Transfers

Ticket is operated from the United States. Your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. For transfers out of the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. Request a copy at privacy@getticket.ai.

13. Children

The Service is directed to businesses and professional users. It is not intended for children under 16, and we do not knowingly collect personal information from children under 16.

14. Changes to This Policy

We may update this Policy from time to time. We will update the “Last Updated” date at the top of this page. For material changes, we will provide additional notice (a banner, email to Operators, or in-product notice). Continued use of the Service after changes take effect means you accept the updated Policy.

15. Contact

Ticket (a product of Alive Labs)
Dallas–Fort Worth, Texas, United States
Email (privacy): privacy@getticket.ai
Email (support): support@getticket.ai
Website: getticket.ai

This Privacy Policy is provided for informational purposes and does not constitute legal advice.