Eventbrite

Overview

Eventbrite is a global event ticketing and registration platform headquartered in San Francisco. Founded in 2006, it serves over 5 million events annually across more than 180 countries, spanning conferences, workshops, concerts, festivals, and community meetups. Eventbrite provides embeddable widgets that event organizers can place on their own websites, enabling visitors to browse upcoming events, check ticket availability, and complete ticket purchases without leaving the organizer's site. The embedded checkout flow is a core use case for business websites, association sites, nonprofits, and venue operators who want to sell tickets from their own web presence rather than directing visitors to Eventbrite.com.

What This Script Does

Script Files and Domains

Eventbrite embeds load resources from www.eventbrite.com, cdn.evbuc.com (Eventbrite's CDN for static assets), and eventbrite.com iframe endpoints. The Eventbrite Organizer Widget is initialized via a <div> with a data attribute and a script tag loading https://www.eventbrite.com/static/widgets/eb_widgets.js. Payment processing flows load additional scripts from js.stripe.com (when Stripe is the payment processor) or PayPal's JS SDK. Analytics telemetry fires to www.eventbrite.com/api/v3/analytics/ and pixel.eventbrite.com.

Cookies Set

• AN — Eventbrite's anonymous visitor identifier. Persistent, 2-year expiry. Set on eventbrite.com. Tracks visit history across Eventbrite-hosted event pages for internal analytics and event recommendation.
• ebEventToCheckout — Session cookie storing the event ID and ticket selection state during the purchase flow. Session-scoped.
• ebRegflow — Session cookie tracking the user's progress through the multi-step registration/checkout flow. Session-scoped.
• mgrefby — Marketing referral attribution cookie. Records the referrer source (affiliate, direct, search) for Eventbrite's internal channel attribution. Persistent, 1 year.
• csrftoken — CSRF protection token for form submissions during checkout. Session-scoped.
• TGT — Eventbrite authentication token for logged-in attendees. Set on eventbrite.com. Session-scoped.

Widget Functionality

The Eventbrite Organizer Widget renders an event listing panel showing: event name, date/time, venue, ticket tiers with pricing and availability counts, and a "Get Tickets" CTA button. When a visitor clicks to purchase, the widget opens an in-page or popup checkout modal handling ticket selection, attendee information collection (name, email, custom questions set by the organizer), and payment processing. Upon completion, a confirmation page is displayed within the modal and a confirmation email is dispatched from Eventbrite's servers.

Data Collected During Purchase

Eventbrite collects from ticket buyers: first name, last name, email address, ticket quantity and type, order value, payment method (processed by Stripe/PayPal, card data never touches Eventbrite's servers directly), and any custom questions defined by the event organizer (e.g., dietary preferences, T-shirt size, job title). Attendee data is provided to the event organizer via Eventbrite's dashboard.

Conversion Tracking

Eventbrite fires conversion events to pixel.eventbrite.com upon ticket purchase completion. When organizers configure Eventbrite's Google Ads or Facebook/Meta integration (available in Eventbrite's marketing tools settings), the platform can fire Google conversion tags or Meta Pixel purchase events from within the checkout flow. These third-party conversion fires represent marketing tracking that requires separate consent.

Eventbrite Analytics for Organizers

Eventbrite provides organizers with attendance analytics: ticket sales by channel, device type, geographic region, and conversion funnel drop-off points. These analytics are derived from session telemetry collected during the checkout flow and are for the organizer's own reporting purposes.

Consent & Compliance

Category: Functional

The core Eventbrite embed — displaying event information and processing ticket purchases — is a functional integration. Visitors who interact with an Eventbrite widget are doing so intentionally to register for or purchase tickets to an event. The data collected during checkout (name, email, payment) is strictly necessary to complete the transaction requested by the user.

Under GDPR and the ePrivacy Directive, session-scoped cookies used for checkout state management (ebEventToCheckout, ebRegflow, csrftoken) are strictly necessary for the requested service and do not require consent. The AN analytics cookie and mgrefby attribution cookie are not strictly necessary, but their primary purpose is Eventbrite's own internal analytics rather than cross-site advertising profiling.

Under CCPA, Eventbrite processes personal information as a service provider under contract to the event organizer. The data is not sold to third parties.

Third-Party Marketing Integration Caveat: If an organizer has configured Eventbrite to fire Google Ads, Meta Pixel, or other third-party marketing trackers upon purchase confirmation, those integrations require separate marketing consent. Check whether the Eventbrite account is configured with third-party marketing connections before classifying the embed as purely functional.

Eventbrite Inc. is a US company covered by the EU-US Data Privacy Framework for transatlantic transfers.

Should You Block This Without Consent?

No. The Eventbrite embed serves a functional ticketing and registration purpose that visitors explicitly engage with. Core checkout functionality and session cookies are strictly necessary to complete the user-requested transaction. The integration should not require a marketing consent gate for standard embed configurations. If the organizer has enabled third-party marketing pixel firing (Google Ads, Meta) within Eventbrite's settings, those components should be reviewed and consented to separately.