Privacy Policy

Last updated: November 2025

1. Introduction

This Privacy Policy describes how Tickr (“we”, “us”, “our”) processes personal data when users access or use our event ticketing platform. We comply with the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller for Tickr is:

Markus Digruber
6562 Mathon, Tyrol, Austria
Email: support@tickr.events

3. Personal Data We Process

We process the following categories of personal data:

  • Account Data: Email, password (hashed), profile information
  • Event Organizer Data: Name, organization name, currency, Stripe account ID
  • Ticket Buyer Data: Name, email, ticket quantity
  • Ticket Data: Public ticket ID, QR-code payload, event reference
  • Event Data: Titles, descriptions, images stored in Supabase
  • Technical Data: IP address, device info, logs
  • Billing & tax data: invoice details, country, and VAT-related information as required for invoicing and tax compliance (where applicable).

4. Purposes of Processing

  • Account creation and authentication via Supabase
  • Ticket generation and QR-code validation
  • Payment processing through Stripe Checkout & Connect
  • Delivery of transactional emails via Resend
  • Fraud prevention and security monitoring
  • Platform operation, debugging, and analytics

5. Legal Bases Under GDPR

  • Art. 6(1)(b): Contract performance (ticket sales, organizer subscription)
  • Art. 6(1)(c): Legal obligations (invoicing, tax and accounting obligations, VAT compliance).
  • Art. 6(1)(f): Legitimate interest (security, anti-fraud, service stability)

6. Payment Processing with Stripe

All payments, payouts, and subscription renewals are processed exclusively through Stripe. Tickr does not store credit card data.

Stripe acts as an independent data controller for financial information. See Stripe’s Privacy Policy at: https://stripe.com/privacy

7. Data Storage Providers

We use the following service providers:

Supabase (EU/US Data Centers)

  • Authentication (email & password)
  • Database storage for tickets, events, profiles
  • File storage for event images

Vercel

  • Hosting of the Tickr frontend & backend
  • Logging & debugging information

Resend

  • Transactional email delivery (verification & ticket emails) via Resend

GoDaddy

  • Domain name services (DNS only)

8. Data Retention

We retain personal data only as long as necessary for:

  • Providing the service
  • Billing obligations
  • Legal and tax requirements

Ticket buyer data may be kept for tax and reporting purposes.

9. No Marketing Emails

Tickr sends only transactional emails (verification, ticket confirmation, subscription-related emails). We do not send newsletters or marketing emails.

10. Data Sharing

We never sell personal data.

Data is shared only with:

  • Stripe – payments & payouts
  • Resend – transactional email delivery
  • Supabase – hosting of event and ticket data

11. Data Subject Rights

Under GDPR, you have the right to request:

  • Access to your personal data
  • Correction of inaccuracies
  • Deletion (“Right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to processing

12. International Data Transfers

Some providers (Supabase, Vercel, Resend, Stripe) may process data outside the EU. Transfers are covered by Standard Contractual Clauses (SCCs).

13. Cookies & Tracking

Tickr does not use third-party marketing cookies. Only essential cookies required for authentication and security are used.

14. Security Measures

  • Encrypted transport (HTTPS/TLS)
  • Password hashing
  • Access control via Supabase RLS
  • Secure hosting and firewalls

15. Updates to This Policy

We may update this Privacy Policy to reflect changes to our processing practices.

16. Contact

Email: support@tickr.events
Website: https://tickr.events