Last updated June 30, 2026
Privacy notice
This notice explains how Tixi Ticket handles personal data in the ticketing platform, including accounts, checkout, orders, tickets, cookies, event operations, payments, and organiser payouts.
Who we are
Tixi Ticket provides ticketing, checkout, event management, order management, and payout tools for organisers and ticket buyers.
For platform operations, account management, checkout, payments, payouts, security, and support, Tixi Ticket is the controller of the personal data described in this notice. Event organisers may be separate controllers for how they use attendee and buyer data outside Tixi Ticket, such as their own event communications, exports, or venue operations.
You can contact us about privacy at support@tixiticket.com.
Who this notice covers
This notice covers people who create or manage organiser accounts, organisation members who use the dashboard, ticket buyers, attendees, people who contact support, and visitors who use our public event pages or website.
Some public event information, such as event names, descriptions, dates, locations, ticket categories, prices, and availability, is intentionally published by organisers so buyers can find and purchase tickets.
Data we collect
Account and organisation data includes names, email addresses, verification status, profile images, organisation names, organisation logos, organisation roles, invitations, membership records, and authentication identifiers provided through our authentication and organisation-management provider.
Event and organiser data includes event content, ticket types, prices, fees, coupons, inventory, seat maps, table or VIP area selections, event status, dashboard notifications, and aggregate sales analytics.
Checkout, reservation, order, and ticket data includes buyer first name, buyer last name, email address, phone number, selected tickets or seats, reservation ownership data, applied coupons, order totals, currency, payment status, refund status, ticket codes, ticket holder names when provided, and check-in status.
Payout and verification data includes payout account type, payout country, representative name, email address, phone number, date of birth, address, business legal name, business entity type, business tax or VAT number, business address, payout IBAN, bank name, BIC, payout schedule, and non-sensitive display details such as the final digits of the IBAN.
Technical and security data includes session and reservation identifiers, checkout presence identifiers, cart lock identifiers, checkout abuse-prevention identifiers, local or session storage used for checkout continuity, cookie consent choices, payment provider identifiers, account-term acceptance metadata, operational delivery records, error records, device or browser information, IP-derived security metadata processed by our providers, and support messages you send to us.
Do not include special-category data, government identifiers, health information, or other sensitive personal data in event descriptions, ticket names, support messages, or organisation profile fields unless we have explicitly asked for it.
How we use data
We use personal data to create and secure accounts, manage organisation memberships, publish events, reserve inventory, process checkout, issue tickets, support check-in, handle refunds, show organiser analytics, provide support, send operational notifications, prevent abuse, and maintain audit records.
For buyers, checkout contact and payment-related data is required to complete a purchase, deliver tickets, confirm payment, support refunds, and help organisers run the event. If you do not provide required checkout information, we may not be able to complete the order.
For organisers, organisation and payout data is required to manage events, invite team members, receive ticket revenue, and administer orders. If an organisation does not provide required payout details, we may not be able to pay out ticket revenue.
Legal bases
Where GDPR or similar laws apply, we process account, checkout, order, ticket, membership, and payout data when it is necessary to perform a contract with you or take steps at your request before entering into a contract.
We process records needed for tax, accounting, legal, consumer protection, chargeback, dispute, and regulatory obligations where this is necessary to comply with the law.
We process security logs, abuse-prevention data, operational analytics, support records, operational records, and product diagnostics where we have a legitimate interest in operating, improving, securing, and defending the platform.
We use consent where the law requires it, including optional cookies, optional marketing technologies, and any optional marketing messages we may introduce. You can withdraw consent without affecting processing that happened before withdrawal.
Payments and payouts
Our payment service provider (PSP) processes card, wallet, payment, refund, chargeback, and payment security data for checkout. We store payment references such as checkout session IDs and payment intent IDs, order amounts, status, currency, refund state, and timestamps, but we do not store full card numbers.
When an organisation sets up payouts, we or our PSP may collect identity, business, business entity type, tax or VAT, representative, beneficial owner, bank, agreement-acceptance, and risk details for KYC/KYB, AML, sanctions, fraud, tax, and payment compliance.
When payout bank details are previewed or saved, we may send the IBAN to the PSP or another bank-account validation service through a secure connection to validate the format and retrieve bank metadata such as bank name and BIC.
After payout setup, dashboard users see only limited payout status and display details, such as bank metadata and the final digits of the IBAN. We store PSP account references, payout status, payout schedule, and non-sensitive display metadata unless a legal obligation requires otherwise.
Recipients and processors
We use hosting, data storage, and application operations providers to store and run platform data, including event records, reservations, orders, tickets, analytics, notifications, operational logs, and organiser payout settings.
We use authentication and organisation-management providers for sign-in, session management, user profiles, organisation membership, organisation roles, invitations, profile images, organisation logos, and related security checks.
We use payment service providers for payment processing, payment security, refunds, chargebacks, payment identifiers, receipts, KYC/KYB verification, tax or VAT checks, connected-account setup, payout account setup, and related financial records.
We use seat-map and inventory providers for interactive seat maps, chart keys, event keys, seat or table object references, hold tokens, booking, and release operations for map-based events.
We use email, bank-account validation, security, and infrastructure providers for operational notifications, payout-detail checks, bot detection, challenge pages, routing, caching, secure connections, logging, and protection against abuse.
Organisers and authorised organisation members can access buyer, attendee, order, ticket, check-in, refund, and analytics data for events owned by their organisation. We may also disclose data to professional advisers, service providers, payment networks, law enforcement, regulators, courts, or other parties where required by law or necessary to protect the platform, users, or others.
Where required by law, contract, or a verified privacy request, we can provide more specific information about the subprocessors used for a particular service or data flow.
Security and compliance references
Our security and privacy controls are designed with reference to recognised frameworks such as ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, and ISO/IEC 27018.
These references do not mean that Tixi Ticket is ISO certified. We will only state that Tixi Ticket holds an ISO certification if a current certificate has been issued and published or made available.
Cookies and similar technologies
We use necessary cookies and similar storage for authentication, checkout, payment security, reservation ownership, abuse prevention, and cookie consent. These are required for the platform to work.
Checkout uses an anonymous session cookie for reservation ownership and abuse prevention. Checkout may also use browser storage for cart locks, checkout presence, and continuity across refreshes or tabs.
Our cookie banner lets you choose optional preference, analytics, and marketing cookies where those technologies are enabled. The consent choice is stored for 180 days unless you clear cookies or update your choice.
We do not sell personal data. If we enable optional marketing or attribution technologies, we will ask for consent where required and make those choices available through the cookie banner.
International transfers
Our providers may process personal data in countries other than the country where you live, including outside the European Economic Area or United Kingdom. Where required, we rely on appropriate safeguards such as adequacy decisions, data processing agreements, and Standard Contractual Clauses.
Our hosting, authentication, payment, seat-map, bank-account validation, support, and infrastructure providers may process data according to their own infrastructure and security practices.
Retention
We keep account, organisation, event, order, ticket, payment reference, refund, analytics, and support records for as long as needed to provide the service, comply with legal and accounting obligations, resolve disputes, prevent abuse, and enforce agreements.
Reservations and temporary checkout holds expire or are released when the checkout is completed, cancelled, or times out. Checkout presence records are short-lived operational records used to count active sessions.
Order, ticket, payment reference, refund, chargeback, notification, analytics, operational, and audit records may be retained after an event or account deletion where needed for accounting, tax, payment reconciliation, fraud prevention, legal claims, consumer protection, and provider dispute windows.
We keep current payout settings while the organisation is active and needs payouts through Tixi Ticket. When an organisation is deleted, active payout settings are deleted from our application records as part of the deletion flow.
Limited financial, security, backup, and audit records may be retained after account or organisation deletion where required by law or necessary for accounting, fraud prevention, dispute handling, provider backup lifecycles, or platform security.
Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of your personal data. You may also have the right to withdraw consent and to lodge a complaint with your local data protection authority.
To exercise privacy rights, contact support@tixiticket.com. We may need to verify your identity before acting on a request. Some rights may be limited where we must retain records for legal, accounting, payment, security, fraud-prevention, or dispute-resolution reasons.
If you bought a ticket for an organiser's event, we may direct some requests to that organiser where the organiser controls how attendee data is used outside Tixi Ticket.
Automated checks
We do not use solely automated decisions that produce legal or similarly significant effects on you.
The platform does run automated checks for reservations, inventory availability, payment confirmation, fraud or abuse prevention, refunds, and operational processing. Our PSP and other payment network participants may also run their own fraud, security, KYC/KYB, AML, sanctions, tax, and payment compliance checks.
Children
Tixi Ticket is not intended for children to create organiser accounts or manage organisations. If an event allows minors to attend, the buyer or organiser is responsible for ensuring they have the right permissions to provide attendee information.
Changes to this notice
We may update this notice when the product, providers, laws, or data practices change. The date at the top shows when the notice was last updated.