Privacy Policy

As of October 1, 2024

Wicket, LLC (“Wicket,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

1. Who we Are

Wicket is a software company that has developed a unique cloud-based authentication management and registration platform (“Platform”) that enables a variety of authentication services on behalf of our clients, which include hosts or organizers of events as well as employers that own and operate various facilities (our “Clients”). Through our Platform, we provide you with a variety of facial authentication services (“Facial Authentication Services”) on behalf of our Clients, which uses your own face to seamlessly interact through a venue or facility. For instance, using our Facial Authentication Services, we can provide you with fast access for admissions to venues or facilities, VIP suite credentialing, touchless purchasing of food, beverages, and merchandise, verification of age and/or payment information (on behalf of third party point-of-sale devices), safe pairing of your tickets, mobile wallets, identification, and more. In addition, employees and staff of our Clients, can enroll for secure, touchless access to physical or virtual spaces.

“You” refers to individuals who access and use our Platform and Facial Authentication Services. You may be an attendee of an event operated by one of our Clients, or an employee of one of our Clients. In addition, You may be an agent of a Client, who is authorized to access the Platform as an administrator. Or, You may be a visitor to various websites and domains operated by us (including our website located at www.wicketsoft.com and/or from which You are accessing this Privacy Policy; collectively “Websites”) and are interested in browsing and learning about our Facial Authentication Services, or any other services or products offered by Wicket (“Services”). Our Platform, Facial Authentication Services, Websites, and Services may collectively refer to as our “Site” and “Services.”

Please note that enrolling and registering in our Facial Authentication Services is entirely optional. If You are invited to, register for, check into, or receive information regarding a Client event through a Wicket Site or in connection with our Facial Authentication Services, You will be considered an “Event Attendee” and we will provide any Personal Information You submit through our Site or in connection with your use of our Facial Authentication Services to the Client of the event (but we do not provide any of your Personal Information to any other third parties). Wicket does not control the Client’s venue or management process. We are not responsible for any decisions or actions taken by the Client with respect to your information (or by any third-party with whom the Client may share your information). Client is responsible for managing your information appropriately if and when they receive it. Please read the applicable privacy policies of the Client of an event or that operates a facility before submitting Personal Information.

2. About this Privacy Policy

This Privacy Policy applies to all information that Wicket may collect about You or that You may provide us in connection with your access and use of our Site and Services, as well as our social media pages, mobile apps, edge devices, and any electronic messages we receive from You or that we send You that link to this Privacy Policy (including texts, emails, or QR codes that You receive), and other communications in which You may provide Personal Information to Wicket.

This Privacy Policy does not apply to 1) information collected by any third party, including our Clients and any third party link that may be accessible from or on our Site and Services; and 2) any third party software or applications that integrate with our Site and Services.

Please read this Privacy Policy carefully to familiarize yourself with Wicket’s privacy practices and procedures. If You do not agree with this Privacy Policy, please do not access or use our Site and Services.

BY CLICKING “I AGREE TO THE USER PRIVACY TERMS DEFINED IN WICKET’S PRIVACY POLICY” WHEN REGISTERING WITH WICKET OR A PROGRAM AT A CLIENT BEING ADMINISTERED BY WICKET, OR BY ACCESSING, USING, OR INTERACTING WITH ANY PART OF OUR SITE AND SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, THAT YOU UNDERSTAND IT AND ITS TERMS AND CONDITIONS, AND THAT YOU AGREE TO BE BOUND LEGALLY BY IT AND ITS TERMS AND CONDITIONS.

We may update this Privacy Policy periodically to reflect new features or changes in our personal information practices, so please check it periodically for updates. When we update this Privacy Policy, we will state the date when this Privacy Policy was most recently updated. We will provide other notice to you as required by law. Your access and continued use of our Site and Services, after we make changes to this Privacy Policy is deemed to be acceptance of those changes.

3. Compliance with Children’s Online Privacy Protection Act

Our Site and Services and its contents are intended for adults 18 years of age and are not intended for individuals under 16 years of age. We do not knowingly collect any Personal Information from individuals under 16 years of age, in compliance with the General Data Protection Regulation (GDPR). We therefore are also compliant with the Children’s Online Privacy Protection Act (COPPA), which addresses the collection of personal data of children under 13.

Individuals under the age of 16 may not use or provide any information to or through our Site and Services. If we discover that we have any information from an individual under 16, we will delete it. If You believe we might have any information from or about a child under 16, please contact us immediately at:

security@wicketsoft.com

4. Opting Into Wicket’s Facial Authentication Services

Our Facial Authentication Services verify the identity of an individual who has already provided consent to be in the system via Wicket’s opt-in procedure. Using our facial authentication technology, we analyze certain data points from your uploaded photo to create a 3D numeric representation of your face (called an “Embedding”) that is stored on our encrypted cloud servers and edge devices. The stored data cannot be reverse engineered or used to create an image of your face.

The following approach is generally used when deploying our Facial Authentication Services for our Clients:

5. Your Photo

Please note that when You submit a photo (selfie), we store it as a source image only on our secure cloud servers (unless You send us an email to opt-out as detailed below). We then create the Embedding of your photo, which is stored on our cloud servers and on one or more edge devices at a Client’s venue or facility. Accordingly, when You enter a venue or facility, an edge device will take measurements of your face to create an embedding which is then compared to Embeddings of all registered users at that Client. If a match is found and You have necessary permissions to proceed, You will be given appropriate access.

We do not store your source photo on any of our edge devices, but do store your embedding on the edge device, which is not usable to recreate a photo or rendering of your face. As such, anyone who inappropriately accesses an edge device will not have access to your photo, only the Embedding (i.e., the 3D mathematical representation of your photo), which cannot be recognizable as anything except a de-identified series of numbers. In addition, we take every reasonable step to limit the collection of your Personal Information to what is reasonably necessary to provide our Facial Authentication Services.

We do not share your photo, face data, or Embedding collected by our edge devices with any third parties.

6. Information We Collect and How We Collect It

We collect information from and about you, including:

We collect this information:
7. Information We Collect Through Automatic Data Collection Technologies

As You navigate through our Website (www.wicketsoft.com), we may collect certain information about you, your actions and patterns, and other-related information via automated technologies, such as cookies and web beacons.

Such information may include details of your visits to our Website, including, without limitation, traffic data, communications data, and information about your computer or mobile device.

The technologies we use for this automatic data collection may include:

In addition, when you visit our Website at www.wicketsoft.com, or use our Platform, we collect information about your computer, device, equipment, browsing actions, and patterns using Heap. This information may include, but is not limited to:

Please note that we do not combine the information collected through the use of Heap with your Personal Information we may have collected as part of your opt-in to our Platform. Please note that Heap’s ability to use and share information collected by Heap about your visits to our Site is restricted by the Heap Terms of Use and the Heap Privacy Policy. You can prevent Heap from recognizing You on return visits to the Site by disabling cookies on your browser.

The information we collect automatically is used to help us improve our Website and continue to deliver an improved experience.

8. Third-Party Content and Tracking Technologies

Our Platform and/or Website may include content from our Clients. Clients may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about You when You click on this content. We do not control our Client’s tracking technologies or how they may be used. If You have any questions about a Client’s advertisement or content, You should contact the Client directly.

Please note that once You leave our Platform or Website, You are no longer governed by this Privacy Policy.

9. How We Use Your Information

We will only use information that we collect about You or that You provide to us, including any Personal Information, for purposes described in this Privacy Policy and when applicable law allows us to do so. We will generally use your information to:

We also use information that we collect about You or that You provide to us, including any Personal Information, for the following purposes:

If You have agreed to receive marketing communications from us, You can always opt out at any time.

10. Disclosure of Your Information

Except as provided in this Privacy Policy, Wicket will not disclose, transfer, sell, trade, rent, or otherwise provide your Personal Information to any third party.

We may disclose information that we collect about You or that You provide us, including Personal Information, to the following third-parties and in the following circumstances:

Please note that once we disclose your information in one of the above-listed circumstances, the information received by the other company is controlled by that company and becomes subject to the other company’s privacy practices.

11. Choices About How We Use and Disclose, Retain and Destroy Your Information

We strive to provide You with choices regarding the Personal Information You provide to us. Please note that You can always choose not to provide information, even though that means You might not be able to access or use our Site and Services. In addition, we have created mechanisms to provide You with the following control over your Personal Information as detailed below.

12. Your Data Protection Rights

Wicket is dedicated to safeguarding the personal data of our customers and employees. In accordance with this commitment, we comply with the principles of the GDPR when collecting, utilizing, and handling personal data. This includes:

In accordance with these principles You have certain data protection rights:

To exercise any of these rights or to inquire about these rights, please email us at security@wicketsoft.com.

If You are an EU or UK citizen you may submit a Subject Access Request (SAR) to gdpr@wicketsoft.com or use the following contact information.

If You are an EU/UK citizen and You believe we are violating your rights, You can file a complaint with your local supervisory authority. If You are a resident of the United Kingdom, You can lodge a complaint with the UK Information Commissioner’s Office:

https://ico.org.uk/for-the-public.

13. Data Controller and Processors

When we collect information from you, we may be doing so on our own behalf (in which case we will be considered a “controller” of your data), or on behalf of an Wicket Client who is using our Facial Authentication Services in connection with access to an venue, event, or facility and manage access-related activities (in which case, the Client will be the “controller” and Wicket will be considered a “processor” of your data). In either case, Wicket may collect and use your Personal Information as described in this Privacy Policy. We use trusted third parties as our sub-processors for technical and organizational purposes, including for payments and email marketing. We use reasonable efforts to make sure our sub-processors are GDPR-compliant, via the use of Data Processing Agreements (DPA) and other means.

14. Storage, Retention, and Transfer of Your Information

We may store data or other information that we collect about you, including Personal Information, in our databases and servers maintained by us, our affiliates, agents or service providers (sub-processors). If You access or use our Website and Platform services outside of the United States, information that we collect about You may be transferred to servers inside the United States, which may involve the transfer of information out of countries located in the European Economic Area (EEA) and other parts of the world unless otherwise prohibited by applicable law or agreed by Wicket and you. All transfers of data from the EEA to the US are governed by GDPR-compliant signed DPAs. By allowing Wicket to collect information about you, You consent to such transfer and processing of such information without restriction. We may also store some information locally on your computer or other devices. For example, we may store information as local cache so that You can open the Site and view its content faster.

In the event we store your data or information while operating as a “controller”, we will retain it only for the length of time needed to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we store your data or information while operating as a “processor” for our Client, it will be retained in accordance with this Privacy Policy, and no longer than 90 days after termination of our contract with our Client. In addition, application settings within our Platform allow our Client (the controller) to enforce the purging of your data on a predetermined schedule, which is determined by the Client. The purging schedule is based on your most recent use of our Facial Authentication Services.

15. Data Security & Storage

We understand that the security of your Personal Information is important. We have implemented reasonable technical and physical measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information You provide to us is stored on our secure servers behind firewalls at rest and in transit. The safety and security of your information also depends on you. Where we have given You (or where You have chosen) a password for access and use of certain parts of our Site and Services, You are responsible for keeping this password confidential. We ask You not to share your password with anyone.

All Personal Information collected will be protected from disclosure using a reasonable and appropriate standard of care recognized within the industry and to the same degree as Wicket’s confidential and sensitive information.

Unfortunately, the transmission of information via the internet is not completely secure; however, we implement additional generally accepted industry standards to protect your Personal Information; however, we cannot guarantee the security of your Personal Information transmitted to our website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.

16. Privacy Rights for US States
If You are a California resident, the California Consumer Privacy Act of 2018, as amended on January 1, 2023, (“CCPA”) may grant You the following rights:
16.a. California

California Consumer Privacy Act (“CCPA”). The CCPA (as amended by the California Privacy Rights Act) gives California residents enhanced rights with respect to their Personal information that is collected by businesses. The CCPA also provides that California consumers can opt out of the “sale” or “sharing” of their Personal Information for certain purposes. Please note, however, that Wicket does not sell or share your Personal Information.

In accordance with the CCPA, the follow disclosures provide additional information about (1) the categories of Personal Information we collect; (2) the sources from which we collect Personal Information; (3) the purposes for collecting and disclosing Personal Information; and (4) the categories of third parties to whom each category of Personal Information is disclosed for a “business” purpose. Nothing in this section limits our ability to collect, use or disclose Personal Information as described elsewhere in this Privacy Policy for US residents.  

In the previous 12 months we have collected and disclosed for business purposes the following categories of Personal Information:

Category Examples Collected Categories of Third Parties to Whom We Disclose for a Business Purpose Sold or Shared
A. Identifiers
Name, postal address, e-mail address, IP address.

Yes. Please refer to Sections 6 and 7 of this Privacy Policy for details.

  • Vendors and Service Providers
No
B. Personal information categories listed in the California Customer Records statute

Name, telephone number, credit card and debit card information or other financial information

Yes for non-financial information. No credit or debit card information is collected. Please refer to Sections 6 and 7 of this Privacy Policy for details.

  • Vendors and Service Providers
No
C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes only for Age. No for every other category. Please refer to Sections 6 and 7 of this Privacy Policy for details.

  • Vendors and Service Providers
No
D. Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

No

N/A

No
E. Biometric information

Genetic, physiological, biological or behavioral characteristics.

Yes
  • Vendors and Service Providers
No
F. Internet or other similar network activity

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Yes. Please refer to Sections 6 and 7 of this Privacy Policy for details.

N/A

No
G. Geolocation data

Physical location or movements.

No

N/A

No
H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

Yes only for Visual (photos). Please refer to Sections 6 and 7 of this Privacy Policy for details

  • Vendors and Service Providers
No
I. Professional or employment-related information

Current or past job history or performance evaluations.

No

N/A

No
J. Non-public education information collected by certain federally funded institutions

Education records directly related to a student maintained by an educational institution or party acting on its behalf.

No

N/A

No
K. Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

N/A

No
L. Sensitive Information
Government identifiers (social security, driver’s license, state identification card, or passport number)

Complete account access credentials (user names, account numbers, or card numbers combined with required access/security code or password)

Precise geolocation

Racial or ethnic origin

Religious or philosophical beliefs

Union membership

Genetic data

Mail, email, or text messages contents not directed to us

Unique identifying biometric information

Health, sex life, or sexual orientation information

Yes only for Unique identifying biometric information.No for every other category. Please refer to Sections 6 and 7 of this Privacy Policy for details.

  • Vendors and Service Providers
No

The CCPA grants California consumers the following rights:

To exercise any of these CCPA rights you may call us at (800) 390-9009 or email: access-optoutcalifornia@wicketsoft.com. The email subject line and/or the content of your request should refer to the phrase “Your California Privacy Rights,” and include your name and email address. We will confirm receipt of your request within 10 business days. We will endeavor to provide the requested information or delete your Personal Information within 45 days of receipt of your request, but we can use up to an additional 45 days if we let you know that additional time is needed. Requests sent via written mail or facsimile will not be accepted.

Please note, the CCPA may limit Your rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to You.

Verification of your Identity. To verify your identity prior to responding to your requests, we may ask You to confirm the information that we have on file about You or your interactions with us. The verifiable request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. If we ask for additional Personal Information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer. You may only make a verifiable request for access or data portability twice within a 12-month period. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to You.

Authorized Agents. California residents can empower an “authorized agent” to submit requests on their behalf. If You do so, we may require the agent to present a signed written permission to act on your behalf for this purpose. In addition, You may still be asked to provide independent verification of your identity and confirm that You have provided permission to submit your request.

Other California Rights

As provided by California Civil Code 1798.83 (“Shine The Light Act”), if you are a California resident, you have the right to receive (a) information identifying any third party company(ies) to whom we have disclosed your Personal Information to third parties for their marketing purposes to in the past 12 months, if any; and (b) a description of the categories of Personal Information disclosed. To obtain such information, please email your request to: security@wicketsoft.com with “Shine The Light Privacy Rights Request” in the subject line.

For California residents under the age of 18 and registered users, California law (Business and Professionals Code § 22581) provides that you can request the removal of content or information you posted on our website. Any such request should be sent to us at: security@wicketsoft.com along with a description of the posted content or other information to be removed. Be advised, however, that other applicable law may not permit us to completely or comprehensively remove your deleted content or for other reasons as set forth in this California law.

16.b. Other States and Privacy Rights

Recent other US State consumer privacy laws may provide their residents with similar rights regarding our use of their Personal Information, such as:

To the extent applicable, we will honor these requests.  Please send an email to: security@wicketsoft.com or call us at: (800) 390-9009.  

For all verifiable requests under applicable State law, we will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at security@wicketsoft.com.

We will endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

As of the Effective Date of this Privacy Policy listed above, the following US States have enacted consumer privacy laws applicable to their residents:

State Privacy Law Effective Date
Colorado Privacy Act
July 1, 2023
Connecticut Data Privacy Act
July 1, 2023
Montana Consumer Data Privacy Act
October 1, 2024
Oregon Consumer Privacy Act
July 1, 2024
Tennessee Information Protection Act
July 1, 2024
Texas Data Privacy and Security Act
July 1, 2024
Utah Consumer Privacy Act
December 31. 2023
Virginia Consumer Data Protection Act
January 1, 2023

Wicket will comply as applicable with additional US State privacy laws as they become effective.

In addition, Nevada law (SB 220) requires website operators to provide a way for Nevada consumers to opt out of the sale of certain information that the website operator may collect about them. Wicket does not sell your Personal Information to third parties as defined in Nevada law and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law.

16.c. Illinois Biometric Law

For Illinois residents, in accordance with the Illinois Biometric Information Privacy Act (BIPA), Wicket will retain your biometric data per Section 14 of this Privacy Policy and only until the occurrence of the first of the following: a) The initial purpose for collecting or obtaining such biometric data has been satisfied; or b) Three years following your last interaction with Wicket.

16.d. Texas Biometric Law

For Texas residents, in compliance with the Texas Capture or Use of Biometric Identifier Act (CUBI), Wicket will retain your biometric data per Section 14 of this Privacy Policy and only until the initial purpose for collecting or obtaining such biometric data has been satisfied. Your biometric data will be permanently deleted within one year after such time. Wicket will not sell, lease, or disclose your biometric data to any third party.

17. Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

Wicket, LLC
1 Broadway, 14th Floor
Cambridge, MA 02142

Email address: security@wicketsoft.com