AudienceView Spotlight
Services Description

Functionality

Functionality – including white labeling, digital ticketing, content building, push messaging, analytics, segmentation & personalization

Last updated January 17, 2023

Frame – White-Labeled Mobile Applications

App Building & White Labeling

AudienceView Spotlight’s Frame tool allows us to build iOS and Android mobile applications quickly and efficiently, allowing you to get your app to market quickly so you can start realizing value. Each app is fully customizable to reflect your brand’s color scheme, fonts and imagery and can be updated with each new app version.

Remote Configuration

Manage critical functionality using feature toggles and settings, allowing you to make real-time adjustments without the need for an app release.

Ticketing

Digital Ticket Display

Deliver easy-to-scan digital tickets to your customers. Tickets are displayed in the app’s ticket wallet, complete with display features including QR codes, customer profiles and seat and entrance information. Tickets are organized in the ticket wallet by event and can be accessed from anywhere in the app or by push notification.

Fraud Prevention

A continuously rotating animation appears on digital tickets, allowing security staff to easily identify a real ticket from a screenshot.

Ticket Sharing

Securely transfer selected tickets to other app account holders, enabling venues to identify ghost attendees.

Third-party Ticketing Integrations

For clients that do not use AudienceView as their primary ticketing provider, AudienceView Spotlight supports selected third-party ticketing integrations which can be accessed from anywhere in the app or by push notification.

Single Sign-On (SSO) Authentication

Register or log in to the app using a single sign-on flow integrated with selected identity providers. Customers can create an account, or log into the same account associated with their purchases, and automatically synced their tickets to their profiles.

Screens & Content

Screens

Build and manage your mobile app experience with the platform’s dynamic content building tool, Screens. Screens allows you to create up to five fixed screens which are accessible from the main navigation bar of the app. In addition, you can build an unlimited number of screens which live in the background of the app and can be accessed via a deep link. Linking these screens together allows you to build powerful customer journeys and virtually unlimited configuration options.

Each Screen begins as a blank canvas, which can be designed, built, and updated in real-time, without the need for an app store release. Populate each Screen with Widgets, which come in a range of styles and sizes, and can be filled with content from the platform’s library.

Content

Curate your customer experience using a range of content options, including banners & buttons, events, fixtures, full screen galleries, news, video and many more. Other app features can be accessed from Screen content via a deep link.

Content Personalization

Screens can use AudienceView Spotlight’s personalization engine to target specific sets of customers.

Campaigns

Push Notifications

Integrate in-app messaging into your marketing strategies, providing a direct communication channel to your customers. Send notifications straight away or schedule them for a later date. Preview your notification before sending to prevent any errors.

Push Notification Personalization

Use AudienceView Spotlight’s personalization engine to target specific sets of customers with push notifications.

Push Consent

Customize the notification types that customers can opt in and out of and ensure your GDPR/CCPA compliance. 

Audiences

Audiences & Audience Attributes

Curate sophisticated, personalization strategies to use in combination with the Screens & Push Notification tools. Build dynamic segments of users, known as Audiences, according to customer attributes. Audiences can be defined according to customer ticket type, demographics, seat location and selected in-app actions. Use Audiences to build intelligent personalization campaigns.

Personalizing Content with Audiences

Target specific widgets, or even entire screens, to different Audiences. By creating personalized content variations, you’ll create tailored experiences for premium or regular ticket holders, and event-specific takeovers or multi-venue experiences. You can also personalize content to audiences based on seat location, ticket price code, age and more.

Restrict certain pieces of content so they only ever show for a particular Audience, enabling experiences such as member-only news, age-restricted content and nearest-to-your-seat concession information.

Personalizing Push Notifications with Audiences

Target your push notification to one or multiple Audiences, ensuring the right customer is receiving the right notification at the right time. Preview the number of users in each Audience to maximize the value of your time.

Portal

Manage the various functions of your AudienceView Spotlight app through your content management system.

Analytics

Selected in-app actions are tracked and stored as analytics data by AudienceView Spotlight. Standard page views and session data are also tracked and can be made available

Accessibility

Last updated January 17, 2023

AudienceView creates usable and feature-rich products for the ticketing industry. We aim to make these products as functional and as intuitive as possible for everyone who uses them, including client users and ticket buyers. 

We make every reasonable effort to conform to the current Web Content Accessibility Guidelines (WCAG) levels A and AA and want client users and ticket buyers, regardless of potential impairment, to be able to freely and easily navigate all of our web interfaces without frustration or confusion. 

We validate and improve our products through both accessibility consultants and user testing. We respond as quickly as reasonably possible to accessibility issues brought to our attention regarding our public user interfaces. 

We believe that everyone regardless of disability or impairment should have access to our products and the excitement of purchasing tickets for live events in the same way as those without barriers. 

Onboarding

Last updated January 17, 2023

Once you’re ready to onboard, we work with you to get you up and running as soon as possible.

Kick-off

Your project manager coordinates a kick-off meeting to introduce the project team, review project details and confirm the timeline. You are responsible for providing brand assets for the app shortly after the project kick-off.

Training

You are issued a link to the AudienceView Spotlight Portal Guide that explains how the platform works and how to brand the app.

App Management Portal

You are given access to Portal, the app’s content management system, providing you with the following tools:

• Audiences
• Screens
• Campaigns
• Content

Collecting Brand Assets & App Creation

During this phase of the onboarding, we create your app using our standard template and the brand assets you provided after kick-off.

App Testing & Review

Once we have completed our internal testing, you get an end-to-end demo and feedback session to test key journeys within the app and provide immediate feedback.

We address your feedback and plan a final review session for sign-off.

We then submit necessary materials to Google Play and the App Store for approval.

App Release

Once approved, the is uploaded to Google Play and the App Store for use by consumers.

Support

Last updated April 24, 2024

You receive the following support services as part of our relationship: 

• Access to documentation and articles, watch training videos, register for live webinars and post on the client discussion boards.  

• Direct access to our team of solution experts during business hours. 
• After-hours emergency support via our on-call number. 
• Investigation and triage of cases related to application performance, defects, configuration issues, and technical tasks including system configuration and “How do I” type questions. 
• Assistance with app version updates as new versions of the software are released.
• Access to update and review open and historical cases. 
• Automated system monitoring – twenty-four-seven. 

All reported standard (non-emergency) issues will be responded to by Support staff during business hours within one (1) business day.

All reported emergency issues will be responded to by Support staff within fifteen (15) minutes. An emergency issue is defined as a complete loss of a core (mission critical) business process where work cannot reasonably continue. Examples of an emergency issue that needs immediate attention include:  end-users cannot login; end-users cannot access their mobile tickets; end-users are being charged, but orders are not being created; or end-users cannot collect their orders.

These response times are good faith estimates only, based on our current averages.

Security

Last updated January 17, 2023

As a global leader in both technology and consumer experiences for live events, processing billions of dollars each year in ticket sales, you trust us with your live events and the patrons who attend them. That trust is predicated upon us keeping you and your patrons’ data private and secure. Our services are compliant with PCI-DSS, and you can view our latest Attestation of Compliance. We also leverage best practices from other standards such as NIST, ISO, and SOC. where it makes sense to do so, but we don’t formally comply or attest to those standards. This information is intended to provide an overview of how we protect that data and will be updated as we continually review and enhance our processes. 

Security & Compliance

Our dedicated Security and Compliance team’s mandate is to protect the data you store in our services. Our Security and Compliance program includes: 

• Product security. 
• Protecting and securely transmitting cardholder data. 

• Vulnerability management. 
• Infrastructure controls (physical and logical). 
• Policies and Operating Procedures. 
• Employee education and awareness. 
• Intrusion prevention and detection. 
• Data loss prevention. 

We regularly assess our infrastructure and applications for vulnerabilities and remediate those that could impact the security of your data. Our Security and Compliance team continually evaluates new tools to increase the coverage and depth of these assessments. 

Perimeter Security 

We define and manage our network boundaries using a combination of network appliances including load balancers, firewalls and VPNs. We use these to control how services are exposed and to segment our production network from the rest of our computing infrastructure. We use role-based access control protocols that are based on business needs to define and authenticate access to our production infrastructure. 

Application/Product Security 

Application security is by means of an individual username and password. We provide you with the ability to manage application security to best meet your own needs and standards. It’s the responsibility of each client to ensure application-level roles are defined, implemented and managed to comply with any protocols or standards to which they may subscribe. Securing our Internet-facing web service is critically important to protecting your data. Our Security and Compliance team drives an application security program to improve code security hygiene and regularly assess our service against OWASP for common application security issues. 

Client Segregation 

Our services are designed and developed with multi-tenant architectures. We take great care to ensure your data is accessible only to you. We consider your data private and do not permit any other user to access it. 

Data Retention & Deletion 

We retain client data for the purposes of performing the services and after termination or expiration of the agreement we make available, return or delete the data as agreed with the client and in accordance with applicable law. 

Activity Logging

We consolidate logs from all production servers into a security information and event management tool. Logs are consistently monitored and reviewed by our Security and Compliance Team. 

Transport Encryption

We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (TLS) V1.2 or above, or secure socket layer (SSL) technology. 

Encryption at Rest

Where necessary we encrypt cardholder and other sensitive data while at rest in the database tables. For the security of our systems and your data, we do not publish the encryption standards used in this process. 

Physical Security

We leverage Cloud-based hosting and the physical security is managed by the approved Cloud based organization

Resiliency/Availability 

Our goal is to ensure our services are available to you at all times. As every system requires maintenance, we have regularly planned maintenance windows during which times we complete all essential maintenance work. We may also perform emergency maintenance from time to time. We have a global footprint and, in most cases, can be flexible and schedule planned maintenance windows at a time most convenient for you. We provide notice well in advance of any maintenance that may require a service outage. We also work with you to schedule those outages at times that are convenient. However, this is not always possible. You also have varying needs when it comes to disaster recovery or service failover. We can offer a range of options to best meet the needs of the individual client. 

Incident Response Plan

Our incident response plan lays out the steps we follow when suspicious activity is detected. 

• Containment: We take immediate action to contain any suspicious activity. This may involve isolating components or taking services offline. 
• Confirmation: We move to confirm that any suspicious activity is a cause for concern and warrant further action. 
• Engagement: Within 48 hours of confirmation of an issue we communicate with affected clients. We also engage relevant third parties such as crisis management, forensic specialists, cybersecurity professionals and where required law enforcement. 
• Remediation: We work with all parties involved to remedy the immediate issue, re-secure the environment and return to normal operations

System Audit 

All changes to data are stored in audit tables. Users with appropriate permissions can search the audit logs and view what changes were made, by who and when for robust troubleshooting. 

User Permissions

Control user access to application features and functions with a flexible permissions management tool. Access can be configured on an individual user-level or by user group. Specific pages and individual fields can be exposed or hidden by user. 

PCI-DSS Responsibility Matrix 

The table below outlines our mutual responsibilities: 

PCI-DSS requirement	Our responsibilities	Your responsibilities
REQ-1: Install and maintain a firewall configuration to protect cardholder data.	Install and maintain a firewall configuration to protect the Cardholder Data Environment. Ensuring vendor default settings are changed where appropriate/required by this standard.	N/A
REQ-2: Do not use supplied defaults for system passwords and other security parameters.	Our owned systems are installed and managed with hardened minimum security baselines using industry best practices, including changing or deleting vendor defaults where appropriate/required by this standard.	N/A
REQ-3: Protect stored cardholder data	NA: No cardholder data	N/A
REQ-4: Encrypt transmission of cardholder data across open, public networks.	NA: No cardholder data	N/A
REQ-5: Use and regularly update anti-virus software or programs.	We ensure compliance with respect to all owned and managed infrastructure.	N/A
REQ-6: Develop and maintain secure systems and applications.	We use industry best practices Secure – Standard Development Life Cycle in the development of its products / services. We also maintain security patching on infrastructure it manages as part of payment processing.	N/A
REQ-7 : Restrict access to cardholder data by business need-to- know.	NA: No cardholder data	N/A
REQ-8: Assign a unique ID to each person with computer access.	We assign a unique ID, strong authentication and processes to properly manage access to the payment processing systems we maintain.	You’re responsible for providing unique access IDs (i.e., no shared IDs) to your employees accessing the GUI through your own network and devices. You will ensure User IDs and Passwords conform to the PCI-DSS standard.
REQ-9: Restrict physical access to cardholder data.	NA: No cardholder date	N/A
REQ-10: Track and monitor all access to network resources and cardholder data.	Our service tracks access to cardholder data.	PCI compliance for the POS devices (i.e., point of swipe/dip) aren’t in scope for this PCI Assessment, instead fall within the merchants’ PCI compliance programs.
REQ-11: Regularly test security systems.	We regularly test the security controls using an industry standard vulnerability management program including performing annual internal/external penetration testing, semi-annual segmentation testing, quarterly ASV scans for our payment processing systems and edge security.	N/A
REQ-12: Restrict.	We deploy a vendor management program to provide ongoing due diligence for the payment processors.	You are responsible for training staff on protecting devices that store, process, or transmit credit card data (e.g., POS devices). Introduce an Information Security Program, for your staff, including proper training. Instituting an Incident Response Program to alert your team and us (where appropriate) when you believe security of payment processing has been breached.

Finance operations

Last updated January 17, 2023

Service Fee Billing & Payment Terms 

You are assessed Service Fees as set out on your Order Form. Unless otherwise agreed in writing, subscription fees are due and payable annually in advance. If a minimum payment or Overage fees apply, you’ll receive an invoice at the end of each term year, typically within 15 business days. Transaction fees, if applicable, are billed monthly at the end of each month.

Unless otherwise agreed in writing, invoices are due and payable within 30 days of the invoice date. Our preferred payment method is ACH transfer. Refer to your invoice for remittance instructions. Our fees are final and will be timely paid. Delinquent balances are subject to suspension of your account.