Legal
Privacy Policy
What we collect, why, and what we do with it.
Effective Date: May 14, 2026 Last Updated: May 14, 2026
1. Plain-English Summary
Connect Live AI is the marketplace for Christian touring at connectlive.ai. It helps Artists and Venues find each other, book Shows, and sell Tickets. We collect the information you give us when you sign up, list a tour or Venue, send an offer, buy a Ticket, or chat with our Ask AI feature. We also collect technical information your device sends automatically. We use this data to run the Platform, process payments through Stripe, verify identities, prevent fraud, and improve the product. We share data only with the Sub-processors we need to operate the service, with the other side of a Booking when you choose to transact with them, and when the law requires. We do not sell your Personal Information. We do not let advertisers track you across the internet through our site. You can access, correct, export, or delete your data at any time from your account settings or by emailing privacy@connectlive.ai.
This policy applies to everyone who uses Connect Live AI: Artists, Venues, Anchors, Agency Managers, Team Members, and Ticket Buyers. It applies whether you reach us from the United States or from outside the US. If you are in the European Economic Area, the United Kingdom, or Switzerland, additional rights apply to you and are described throughout this policy and in the EU/EEA/UK section.
Capitalized terms used in this policy (Artist, Venue, Booking, Show, Ticket, Connected Account, Sub-processor, Personal Information, and others) have the meanings given in Section 3 of our Terms of Service at /legal/terms. We repeat key definitions here for ease of reference and they match the canonical Terms.
2. Who We Are
Connect Live AI is operated by Connect Live AI, Inc. (a Delaware corporation in formation), headquartered in Franklin, Tennessee. References to "we," "us," "our," and "Connect Live AI" in this policy refer to Connect Live AI, Inc. (a Delaware corporation in formation) operating the Connect Live AI Platform. References to "you" and "your" refer to any individual who visits the Platform, creates an account, or interacts with us.
For most of what we do with your data, we act as the data controller. When we handle Ticket Buyer information on behalf of an Artist or Venue running a Show, we act as a data processor for that Artist or Venue. This dual role is called out where it matters in the sections below.
3. Scope
This policy covers Personal Information processed in connection with the Connect Live AI website at connectlive.ai, our mobile-optimized web app, our APIs, our transactional emails, our Ask AI feature, and any other service we offer that links to this policy. It does not cover third-party websites or services that link to or integrate with Connect Live AI. When you leave our Platform to view a payment receipt at Stripe, a map tile at Mapbox, or a Facebook Page during verification, the policy of that third party governs that interaction.
4. Information We Collect
Notice at collection is provided through this Privacy Policy, linked at every point of data collection (signup, Ticket purchase, support contact). We collect the following categories of Personal Information. We list them once here and explain why we collect each one in Section 6 (How We Use Personal Information).
4.1 Information you give us directly
- Account identifiers. Name, email address, phone number, username, password (stored as a one-way hash, not in readable form), and the role you choose at signup (Artist, Venue, Anchor, Agency Manager, Team Member, or Ticket Buyer).
- Profile content. Bio, photos, social links, performance or Venue history, ratings you write, and any other Content you publish on your profile.
- Booking and offer data. Offer terms, counter-offers, Deposit amounts, payment schedules, cancellation terms, messages you exchange with the other party, and contract details.
- Ticket purchase data. Ticket Buyer name, email, phone, quantity, attendee names if you supply them, and the event details for the Ticket you bought.
- Verification artifacts. When you verify your identity through Stripe Identity, you provide a government-issued ID to Stripe directly. We do not see or store that ID. We receive only the verification outcome (passed, failed, pending). When you verify authority another way, we may collect a domain-match email token, an Anchor endorsement record, a Facebook Page OAuth token scoped to admin verification, or a Sign in with Apple identifier.
- Support and feedback content. Anything you write to us through support, feedback forms, or surveys.
- Ask AI queries. The questions you ask our AI feature and any conversation history you choose to save in your account.
4.2 Information we collect automatically
- Device and connection data. IP address, browser type, operating system, device identifiers, language preferences, time zone.
- Usage data. Pages viewed, click events, search queries within the Platform, referring URLs, UTM parameters, time spent on each surface, and similar interaction logs.
- Cookies and similar technologies. See Section 11 (Cookies and Tracking) for the full list.
- Server and security logs. Records of requests to our servers, authentication events, errors, and security alerts.
4.3 Information we receive from third parties
- Stripe. Verification status from Stripe Identity, last 4 digits of payment cards, payout-account status, dispute notifications, and transaction events from Stripe Connect.
- Meta / Facebook. When you connect a Facebook Page for Artist verification, we receive an OAuth token scoped only to confirm your Page admin status (
pages_show_listandpages_read_engagement). We do not see your Facebook profile, friends, posts, or messages. - Apple. When you use Sign in with Apple, we receive the email Apple shares with us (usually a private relay address) and your name on first signup only.
- Mapbox. When we geocode a Venue address, Mapbox returns coordinates we attach to that Venue.
- Anchors. When an Anchor endorses an Artist or Venue, we receive the endorsement record naming the endorser.
4.4 Sensitive Personal Information
Under California law and similar state statutes, some of the information above counts as Sensitive Personal Information: government identification (processed by Stripe, not retained by us), account credentials, and precise geolocation when you choose to share it for routing features. We use Sensitive Personal Information only for the purpose you gave it to us for and for security and fraud prevention. We do not use it for advertising. Because we use it only for these limited purposes, the California "Limit the Use of My Sensitive Personal Information" right does not apply at present. If we ever expand our use, we will update this policy and add the limit-use control.
5. How We Collect Personal Information
We collect Personal Information through three channels:
- Directly from you when you create an account, fill out your profile, send a Booking offer, buy a Ticket, contact support, or use Ask AI.
- Automatically from your device and browser through server logs, error monitoring, and the limited cookies described in Section 11.
- From third parties including Stripe (verification, payment, dispute outcomes), Meta or Apple (when you connect those accounts), Mapbox (geocoding results), and Anchors who endorse you.
We are a mandatory reporter under Tennessee Code section 37-1-403 and federal CSAM-reporting law (18 U.S.C. section 2258A). See Section 5 of the Acceptable Use Policy at /legal/acceptable-use for our safeguarding framework, including how reporting obligations may affect what we disclose and to whom.
Shine the Light (California Civil Code 1798.83). We do not share Personal Information with third parties for those third parties' direct marketing purposes.
6. How We Use Personal Information
We use Personal Information for the purposes listed below. For Users in the European Economic Area, the United Kingdom, and Switzerland, the legal basis under the General Data Protection Regulation is named in parentheses.
- Run the Platform. Authenticate you, deliver the features you ask for, run the marketplace, send transactional emails about your account and Bookings (contract performance).
- Process payments. Route Deposits, milestone captures, post-Show transfers, Ticket purchases, and Love Offering Donations through Stripe Connect (contract performance and legal obligation). Fee structure is described in Section 9 of the Terms of Service at /legal/terms.
- Verify identity and authority. Confirm that Artists and Venues are who they say they are using Stripe Identity, Anchor endorsements, domain-match email, Facebook Page admin OAuth, and Sign in with Apple (legitimate interest in fraud prevention and contract performance).
- Prevent fraud and abuse. Detect chargebacks, identity misrepresentation, off-Platform circumvention, and other policy violations (legitimate interest).
- Provide Ask AI. Send your question to Anthropic, return an answer, and retain your conversation in your account history if you choose to save it (contract performance and legitimate interest; consent for saved history).
- Improve the product. Analyze usage patterns to find bugs, prioritize features, and make the Platform faster and easier to use (legitimate interest).
- Communicate with you. Send account, transactional, and (with your opt-in for marketing) marketing emails (contract performance for transactional; consent for marketing).
- Comply with law. Issue 1099-K or 1099-NEC tax forms where IRS thresholds apply, respond to subpoenas, and meet other legal obligations (legal obligation).
- Defend our rights. Investigate disputes, enforce our Terms of Service, and protect Connect Live AI, our Users, and the public from harm (legitimate interest).
We do not use automated decision-making to produce legal or similarly significant effects on you. Ask AI is an information tool. It does not decide whether you are verified, whether your account is suspended, or whether a Booking is accepted. The Connect directory uses algorithmic ranking to surface Artists and Venues, but that ranking is not automated decision-making under GDPR Article 22 because you remain free to ignore or override our suggestions, and a human at Connect Live AI makes any decision that affects your account standing. If we ever change this, we will update this policy and give you a way to request human review.
7. Ask AI Data Handling
When you use Ask AI on Connect Live AI, your question is sent to Anthropic, our AI provider, to generate the answer. Anthropic retains your question and the response for up to seven (7) days for abuse detection and then deletes them. Anthropic does not use your questions or answers to train its AI models. This is a commitment Anthropic has made publicly to its commercial API customers and we have confirmed it in our agreement with them.
On our side, we retain your Ask AI history in your account for twelve (12) months by default so you can refer back to past conversations. You can clear your history at any time in your account settings, and if you delete your account, your saved Ask AI history is deleted immediately. We may retain anonymized, aggregated query patterns (with personal details removed) for product analytics indefinitely. These cannot be re-linked to you.
If we ever change how Ask AI works in a way that meaningfully affects your privacy, we will update this section and notify you before the change takes effect.
8. Stripe Identity Verification
Identity verification is the most sensitive thing the Platform touches, so we want to be specific about how it works.
When you verify your identity, you provide your government-issued ID, a selfie, and (where applicable) biometric data directly to Stripe Identity. Connect Live AI does not see, access, or store the image of your ID or the selfie. We receive only the verification outcome: passed, failed, or pending. Stripe retains the underlying data under its own privacy policy and retention schedule. Stripe currently retains biometric data for no longer than one year or upon revocation of your consent, whichever is earlier. Stripe may ask you to re-verify periodically to keep your record current.
If you delete your Connect Live AI account, we delete your verification status from our database. Stripe retains its verification record independently. If you want to delete the verification record at Stripe as well, contact us at privacy@connectlive.ai and we will help you submit that request to Stripe.
If you verify authority through other methods, we keep the following:
- Anchor endorsement. A record naming the Anchor who endorsed you, visible to you and to our admins.
- Domain-match email. The verifying email address for thirty (30) days after verification, then we delete it. The verification status itself persists on your profile.
- Facebook Page OAuth token. A hashed reference to the token, scoped only to admin verification (
pages_show_listandpages_read_engagement). You can revoke this at any time from your Facebook settings or from your Connect Live AI Settings page. - Sign in with Apple identifier. A pseudonymous identifier provided by Apple. You can sever this connection from your Apple account at any time.
For the full scope and limits of identity verification (including what background checks we explicitly do not run), see Section 11 of the Terms of Service at /legal/terms and Section 6 of the Acceptable Use Policy at /legal/acceptable-use.
9. How We Share Personal Information
We share Personal Information only as described in this section. We do not sell or rent Personal Information.
9.1 With the other side of a Booking or Ticket
When you send a Booking offer, the recipient sees your name, profile, and the offer terms. When you accept a Booking, both parties see contract details and contact information needed to perform the Show. When you buy a Ticket, the Artist or Venue sees your name and the details needed for door check-in. We share only what is necessary to complete the transaction you initiated.
9.2 With Sub-processors
A Sub-processor is a third-party service we use to operate the Platform, like Stripe for payments or Supabase for our database. We share with each Sub-processor only the data needed for its specific purpose. We require each Sub-processor by contract to protect your data, use it only for the purposes we authorize, and meet applicable data protection law. Our current Sub-processor list is below and is also published at https://connectlive.ai/legal/sub-processors. We update the standalone page whenever we add or remove a Sub-processor and notify Users in the European Economic Area at least thirty (30) days before a new Sub-processor begins processing their data.
| Sub-processor | Purpose | Data shared | Location | Privacy policy |
|---|---|---|---|---|
| Stripe, Inc. (including Stripe Identity)* | Payments, Connect platform payouts, Identity verification | Name, email, phone, payment instrument, government ID (for Identity), business info | US, EU, India | stripe.com/privacy |
| Supabase, Inc. | Database, authentication, file storage | All account and Platform data | US (AWS us-east-1) | supabase.com/privacy |
| Vercel, Inc. | Hosting, edge functions, scheduled tasks | Application logs, server-side request data | Global edge with US storage | vercel.com/legal/privacy-policy |
| Cloudflare, Inc. | DNS, edge caching, DDoS protection | IP addresses, request metadata | Global edge, US headquarters | cloudflare.com/privacypolicy |
| Mapbox, Inc. | Map display, geocoding | Venue addresses, IP for tile delivery | US (AWS) | mapbox.com/legal/privacy |
| Anthropic, PBC | Ask AI feature, content analysis | User queries to Ask AI, content submitted for AI analysis | US | anthropic.com/legal/privacy |
| Resend, Inc. | Transactional email | Recipient email, message body and metadata | US | resend.com/legal/privacy-policy |
| Google LLC (Gmail SMTP) | Transactional email fallback during migration | Recipient email, message body and metadata | Global | policies.google.com/privacy |
| Meta Platforms, Inc. | Facebook Page admin OAuth for Artist verification | OAuth token scoped to Page admin status | US | facebook.com/privacy/policy |
| Apple Inc. | Sign in with Apple authentication | Apple-provided email, name on first signup only | US | apple.com/legal/privacy |
*Stripe Identity processes biometric data under Stripe's separate retention schedule (no longer than one year per Stripe Privacy Center, or upon revocation of your consent, whichever is earlier).
9.3 With legal authorities and in legal proceedings
We disclose Personal Information when we believe in good faith that disclosure is required by law, by a court order, by a subpoena, or by another legal process. We disclose when needed to protect the rights, safety, or property of Connect Live AI, our Users, or the public. We notify Users of legal demands directed at their data unless we are legally prohibited from doing so or doing so would create a risk of harm.
We will publish an annual transparency report. The first report will cover May 2026 to December 2026 and will be published by March 31, 2027. It will summarize the volume of law enforcement requests we receive, the percentage we comply with, and the percentage we challenge or reject.
9.4 In a business transaction
If Connect Live AI is involved in a merger, acquisition, financing, reorganization, or sale of assets, Personal Information may be transferred to the surviving or acquiring entity, subject to the same protections described in this policy. We will notify you before your Personal Information is subject to a different privacy policy.
9.5 With your consent
We share Personal Information with anyone else only with your express consent or at your direction.
10. International Data Transfers
Connect Live AI is based in the United States. We process Personal Information in the United States. Some of our Sub-processors operate globally and may process limited data outside the United States. Where data of a User in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States, the transfer is supported by the European Commission Standard Contractual Clauses (2021 modernized version) and, where applicable, the EU-US Data Privacy Framework or the UK Extension to it. Each Sub-processor in our table has confirmed an adequate transfer mechanism. We have not self-certified Connect Live AI under the EU-US Data Privacy Framework at this stage of the company. We may do so as we grow our European operations. If we do, we will update this policy.
11. Cookies and Tracking
We use a limited set of cookies and similar technologies. We do not use third-party advertising cookies, cross-site tracking pixels, or fingerprinting.
11.1 First-party cookies and analytics
We may use first-party analytics that do not set persistent cookies and do not identify you personally. If we use Vercel Analytics, it identifies sessions through a hash of incoming request data, retains session signals for twenty-four (24) hours, and collects only city- and country-level geography from your IP address.
11.2 Functional third-party cookies
Stripe.js sets cookies during payment flows for fraud detection. Cloudflare sets cookies for security and DDoS protection. These are functional cookies essential to operating the site safely. If you disable them, parts of the Platform will not work.
11.3 Mapbox
When a map renders on your screen, Mapbox receives your IP address and the tiles your browser requests. Mapbox retains this for up to thirty (30) days per its own privacy policy.
11.4 Marketing cookies
We do not run third-party marketing cookies at launch. If we add any in the future, we will update this section and (where required) ask for your consent before setting them.
11.5 Global Privacy Control
We detect and honor the Global Privacy Control (GPC) signal in your browser. When your browser sends GPC, we treat it as a request to opt out of any sale or sharing of Personal Information for cross-context behavioral advertising and as an opt-out signal for state privacy laws that recognize it. You can learn about GPC at https://globalprivacycontrol.org.
11.6 Cookie controls
You can clear cookies through your browser settings, set your browser to refuse cookies, or use a privacy-focused browser. We surface a cookie banner to visitors from the European Economic Area, the United Kingdom, Switzerland, Brazil, and other regions where prior consent for non-essential cookies is required. The banner lets you accept or decline non-essential cookies. You can change your choice at any time through the "Cookie Preferences" link in the footer.
12. Email Communications
We send three categories of email. The legal treatment of each is different.
- Account and transactional email. Sign-in codes, password resets, Booking offer notifications, Deposit capture receipts, milestone capture receipts, payout notices, Ticket QR codes, refund confirmations, and similar messages tied to actions you took. We send these because they are necessary to deliver the service. CAN-SPAM does not require an unsubscribe option for transactional content, but we let you mute non-essential transactional notifications (for example, new offer notifications) in your account settings.
- Booking-related notifications. Reminders about upcoming Shows, dispute notifications, and similar messages tied to your active engagement on the Platform. You can mute granular categories of these in account settings.
- Marketing email. Tour announcements, newsletters, feature updates, and offers. We send marketing email only if you opt in. For Users in the United States, opt-in is the checkbox at signup; you can opt out at any time using the unsubscribe link in every marketing email or by emailing privacy@connectlive.ai. We honor opt-outs within ten (10) business days as required by CAN-SPAM. For Users in the European Economic Area, the United Kingdom, and Switzerland, opt-in is unchecked by default at signup; we collect affirmative consent before we send any marketing message.
Every marketing email includes our identity, our Franklin, Tennessee business address, and an unsubscribe link. Our subject lines and "From" addresses accurately identify the sender. We never use deceptive headers or subject lines.
13. How Long We Retain Personal Information
We retain Personal Information only as long as we need it for the purposes described in this policy or as long as the law requires. Where two retention rules conflict, the longer rule wins. The IRS's 7-year rule wins over a shorter product-utility rule. Where a litigation hold attaches (because we have notice of a dispute, subpoena, or government inquiry), we pause auto-deletion of the relevant records until the hold lifts.
| Category | Active retention | Post-deletion retention | Why |
|---|---|---|---|
| Account profile (name, email, photo) | Lifetime of account | 30 days for restoration window, then deleted | Allow short window to reverse an accidental deletion. |
| Inactive accounts (no login for 24 months) | 24 months | 30 days after auto-deletion | We email warnings at 18 and 23 months before auto-deletion. |
| Booking records (completed Shows) | 7 years from Show date | Archived, then deleted | IRS retention rule for business records supporting tax filings; 1099-K reporting cycle. |
| Booking records (cancelled or disputed) | 7 years from final resolution | Archived, then deleted | Litigation and chargeback defense window. |
| Direct messages between Booking parties | 24 months from last activity in the thread | 30 days after retention period | Product utility and dispute reference. |
| Verification status (passed/failed/pending) | Lifetime of account | 30 days, then deleted | We retain the status only, not the underlying ID. Stripe retains the ID per its own schedule. |
| Facebook Page OAuth tokens | Until revoked or 90 days inactive | Immediate | Rotation hygiene; tokens are short-lived. |
| Anchor endorsement records | Lifetime of endorsed account | 30 days after endorsed account deletion | Endorsement integrity. |
| Domain-match email tokens | 30 days post-verification | Immediate | Token itself is short-lived; status persists on profile. |
| Ask AI conversation history | 12 months from query date | Immediate on account deletion | You can clear at any time. Anthropic-side retention is 7 days. |
| Analytics event logs (IP, page views) | 90 days raw, 24 months aggregated | Aggregated metrics retained indefinitely | Security investigation window; aggregated metrics for product analytics. |
| Ticket purchase records | 7 years | Per Stripe schedule | Tax reporting and chargeback defense. |
| Marketing email logs (content) | 24 months | Immediate on opt-out for content | Standard email deliverability. We retain unsubscribe metadata indefinitely to honor your opt-out. |
| Support tickets | 36 months from resolution | Immediate on request | Customer service history. |
| Security and audit logs | 12 months | Retained | Security incident response and SOC 2 alignment. |
After the retention period for a category ends, we either delete the data or anonymize it so it cannot be re-linked to you. Anonymized data is not Personal Information and may be retained indefinitely for analytics and product improvement.
14. Your Rights and How to Exercise Them
You have the following rights regardless of where you live. State and country laws give some Users additional rights, which are covered in Sections 15 and 16. To exercise any right, use one of our designated methods: (1) in-product controls (Settings > Privacy), where most controls are self-service; (2) email to privacy@connectlive.ai. For California consumers, these are our two designated methods under CCPA section 1798.130.
- Access. Get a copy of the Personal Information we hold about you, in a portable format.
- Correction. Update inaccurate or incomplete information. Most profile fields are directly editable in your settings.
- Deletion. Close your account and have your Personal Information deleted, subject to the retention rules in Section 13 (some records must be retained by law for up to 7 years).
- Portability. Receive a copy of your Personal Information in a structured, commonly used, machine-readable format.
- Opt-out of marketing. Click the unsubscribe link in any marketing email or change your preferences in account settings.
- Opt-out of sale or sharing. We do not sell or share Personal Information for cross-context behavioral advertising. You can confirm this status and, if it ever changes, opt out at https://connectlive.ai/legal/do-not-sell.
- No retaliation. We will never treat you worse, charge you a different price, or reduce the quality of the service because you exercised a privacy right.
14.1 How we verify a request
To protect your data, we verify requests before we act. For requests sent from your verified account email, we treat the email as verification. For requests sent from another channel, we may ask you to confirm details that match your account record. We do not require you to create an account to make a request if you do not already have one.
For requests for specific pieces of Personal Information (rather than categories), we apply a higher level of verification under CCPA standards, including matching at least three data points from your account record or accepting a sworn declaration under penalty of perjury.
You can authorize an agent to make a request on your behalf. We will require written authorization and verification of the agent's identity.
14.2 Response window
We respond to verifiable requests within forty-five (45) days, or sixty (60) days for residents of the United Kingdom and the European Economic Area. We may extend the period once by up to forty-five (45) days when the request is complex or we receive many requests, and we will tell you if we need the extension and why.
14.3 Cost
Exercising your rights is free. If a request is unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act, and we will explain the reason.
15. Your State-Specific Rights (US Consumer Privacy Notice)
The rights below apply to residents of specific US states. Where a state law sets a higher floor than this policy, the state law controls.
15.1 California (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you these rights:
- Right to know what categories and specific pieces of Personal Information we have collected, the sources, the purposes, and the categories of third parties we share with.
- Right to delete Personal Information we hold about you, subject to legal exceptions.
- Right to correct inaccurate Personal Information.
- Right to opt out of any sale or sharing of Personal Information for cross-context behavioral advertising. We do not sell or share. The opt-out link below confirms this and applies prospectively if our practice ever changes.
- Right to limit the use of Sensitive Personal Information beyond the limited purposes allowed by law. We use Sensitive Personal Information only for the purposes you gave it to us for and for fraud and security. The limit-use right does not currently apply because we do not use Sensitive Personal Information for any other purpose.
- Right to non-discrimination for exercising any of these rights.
- Categories of Personal Information collected in the prior 12 months. Identifiers, account profile, verification artifacts, commercial information, geolocation, financial information, communications, internet activity, inferences, and Sensitive Personal Information. Each category is described in Section 4.
- Sources, purposes, and recipients. See Sections 5, 6, and 9.
- Shine the Light (Civil Code 1798.83). We do not share Personal Information with third parties for their direct marketing purposes.
To exercise California rights, use one of our designated methods: (1) in-product controls (Settings > Privacy); (2) email to privacy@connectlive.ai. For California consumers, these are our two designated methods under CCPA section 1798.130. We respond within forty-five (45) days, extendable once by forty-five (45) days with notice.
You may use an authorized agent to make requests. The agent must provide written authorization and we will verify the agent and the request.
We honor the Global Privacy Control as a valid opt-out signal.
Our "Do Not Sell or Share My Personal Information" link is in the footer of every page on connectlive.ai and resolves to https://connectlive.ai/legal/do-not-sell.
15.2 Texas (TDPSA)
If you are a Texas resident, the Texas Data Privacy and Security Act gives you the rights of access, correction, deletion, portability, and opt-out of targeted advertising, the sale of Personal Information, and certain profiling. We do not sell Personal Information and we do not run targeted advertising. We do not use Personal Information for profiling that produces legal or similarly significant effects on you.
We honor the universal opt-out signal in your browser (such as the Global Privacy Control) as a Texas opt-out.
Texas residents may appeal a denial of their privacy request by emailing privacy@connectlive.ai with the subject line "Texas appeal." If we deny the appeal, you may contact the Texas Attorney General at https://www.texasattorneygeneral.gov.
15.3 Tennessee (TIPA)
If you are a Tennessee resident, the Tennessee Information Protection Act provides similar rights to those described above. The TIPA, by its terms, applies only to businesses meeting certain revenue and consumer thresholds, and Connect Live AI does not currently meet those thresholds. We voluntarily extend the same access, correction, deletion, portability, and opt-out rights to Tennessee residents as a matter of policy. Use the controls in your account settings or email privacy@connectlive.ai.
15.4 Virginia, Colorado, Connecticut, Utah, and similar states
If you are a resident of Virginia, Colorado, Connecticut, Utah, or another state that has enacted a comprehensive consumer privacy law, you have the rights of access, correction, deletion, portability, and opt-out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, subject to each state's specific thresholds and exceptions. We do not sell Personal Information, we do not run targeted advertising, and we do not use Personal Information for legally significant profiling. We honor universal opt-out signals where state law requires.
To exercise these rights, use your account settings or email privacy@connectlive.ai. We extend these rights to residents of all qualifying states by policy, even where the law's thresholds do not technically reach Connect Live AI.
16. EU/EEA/UK Supplement
This section applies to you if you are in the European Economic Area, the United Kingdom, or Switzerland. The rights and protections in this section are in addition to those described above. Where this section conflicts with another section, this section controls for Users in the EEA, UK, and Switzerland.
16.1 Controller and contact
The controller of your Personal Information is Connect Live AI, Inc. (a Delaware corporation in formation), operating Connect Live AI, headquartered in Franklin, Tennessee. You can reach our privacy team at privacy@connectlive.ai. When we process Ticket Buyer information on behalf of an Artist or Venue running a Show, that Artist or Venue is the controller and we are the processor. For questions about a specific Show, contact the Artist or Venue directly.
We have not appointed an EU representative under Article 27 of the GDPR. We are not required to at our current scale because we do not target the EU as our primary market. We will appoint a representative if and when our EU operations grow to the level at which Article 27 applies.
We have not appointed a Data Protection Officer because our processing does not meet GDPR Article 37 thresholds. If our processing later meets those thresholds, we will appoint a DPO and update this section with contact information.
16.2 Legal bases for processing
We process Personal Information under one or more of the following legal bases under Article 6 of the GDPR:
- Contract performance for account creation, Booking processing, Ticket fulfillment, and account communications.
- Consent for marketing email and any optional features that require it.
- Legitimate interest for fraud prevention, security logging, anti-abuse, and product analytics with safeguards.
- Legal obligation for tax reporting, responding to lawful requests, and similar compliance duties.
You have the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing before the withdrawal.
16.3 Additional rights
In addition to the rights in Section 14, you have these rights:
- Right to restriction of processing in defined circumstances.
- Right to object to processing based on legitimate interest.
- Right to erasure (the right to be forgotten), subject to the retention rules in Section 13.
- Right not to be subject to automated decisions that produce legal or similarly significant effects. We do not make such decisions. Our Connect directory uses algorithmic ranking, but ranking is not Article 22 automated decision-making because you remain free to ignore or override our suggestions. If we ever do make Article 22 decisions, you have the right to request human review.
- Right to lodge a complaint with your member-state supervisory authority. A list is at https://edpb.europa.eu/about-edpb/about-edpb/members_en. We hope you will reach out to us first so we can resolve concerns directly.
16.4 International transfers
When we transfer your Personal Information to the United States or to a country outside the EEA, UK, or Switzerland that the European Commission has not deemed adequate, we use the European Commission Standard Contractual Clauses (2021 modernized version), the UK International Data Transfer Addendum, or, where applicable, the EU-US Data Privacy Framework or its UK Extension. Each Sub-processor in our table is bound by one of these mechanisms.
16.5 Retention
Retention periods in Section 13 apply. Where Section 13 conflicts with a shorter period required by EU, UK, or member-state law, the shorter period controls.
17. Children's Privacy
Connect Live AI is not directed to children under the age of thirteen (13). We do not knowingly collect Personal Information from children under thirteen (13). If we learn that we have collected Personal Information from a child under thirteen (13), we will delete it promptly. If you are a parent or guardian and believe your child has provided Personal Information to us, contact privacy@connectlive.ai.
Accounts for Artists, Venues, Anchors, Agency Managers, and Team Members require the User to be at least eighteen (18) years old. Ticket Buyers must be at least thirteen (13) to create an account; Ticket Buyers between thirteen (13) and seventeen (17) may not complete a Ticket purchase without the consent of a parent or guardian who is at least eighteen (18).
This is a Connect Live AI policy and aligns with the federal Children's Online Privacy Protection Act (COPPA). If you have COPPA-specific questions, the Federal Trade Commission publishes guidance at https://www.ftc.gov/business-guidance/privacy-security/childrens-privacy.
18. Security
We protect your data the way you would expect a modern app to: encryption in transit (HTTPS), encryption at rest where our Sub-processors support it, role-based access controls, regular security testing, audit logging, and a real incident response plan. No system is bulletproof. If we are breached and your data is affected, we will tell you what happened in plain English.
If you suspect your account has been compromised, contact security@connectlive.ai immediately and change your password.
19. Breach Notification
If we confirm a breach that affects your Personal Information, we will notify you without undue delay and consistent with applicable law. For Users in the European Economic Area, the United Kingdom, and Switzerland, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, as required by Article 33 of the GDPR, and we will notify affected individuals where Article 34 applies. For US Users, we follow the notification requirements of your state of residence.
Our notice will describe, in plain English, what happened, what Personal Information was affected, what we are doing about it, and what you can do to protect yourself.
20. Changes to This Policy
We may update this policy from time to time as our product evolves, as our Sub-processor list changes, or as the law requires. The "Effective Date" and "Last Updated" stamps at the top of this page show when changes take effect.
For material changes, we will notify you at least thirty (30) days before the change takes effect through one or more of: an in-product banner the next time you sign in, an email to your email of record, and a posting at https://connectlive.ai/legal/privacy. For Users in the European Economic Area, the United Kingdom, and Switzerland, when we add a new Sub-processor, we notify you at least thirty (30) days before that Sub-processor begins processing your data, and we explain your right to object. Continued use of the Platform after the effective date is acceptance of the updated policy.
Minor non-material changes (such as typo fixes or address updates) may be made without advance notice. The history of prior versions is available at https://connectlive.ai/legal/privacy/versions.
21. Contact Us
We welcome questions, concerns, and feedback about this policy.
- Privacy email: privacy@connectlive.ai
- Fallback email: hello@connectlive.ai
- Mailing address: Connect Live AI, Inc. (a Delaware corporation in formation), Franklin, Tennessee, United States (full street address available on request and on legal notices we send you)
- Security incidents: security@connectlive.ai
We try to respond to privacy questions within five (5) business days and to verifiable rights requests within the windows described in Section 14.
A note on our community. Connect Live AI exists to serve Christian touring Artists and the Venues that host them. Our team takes our work in this community seriously, and we know that handling User data with care is part of what makes Connect Live AI a place worth trusting. We welcome Users of every background to read this policy, use our Platform under its terms, and reach out if anything is unclear.
Last Updated: May 14, 2026