This policy explains what personal data ticketable.events collects, why, who we share it with, and the choices and rights you have. It applies to event organisers who use ticketable.events to sell or give away tickets, and to ticket buyers (attendees) who book through it.
Who we are and our role
ticketable.events is free event-ticketing software. In this policy, “we”, “us” and “ticketable.events” refer to the operator of the ticketable.events service.
For an organiser’s account data (the person or team running events) we are the controller. For attendee data captured when someone books a ticket, the organiser running that event decides how it is used and is the controller of their attendee list; we process that data on the organiser’s behalf to run the booking, deliver tickets and handle check-in. If you booked a ticket and want your data changed or removed, the event organiser is usually your first point of contact, but you can also reach us and we will help.
Data we collect
Organiser account data
- Your name and email address, and your organisation name.
- Account credentials — a password (stored only in hashed form by our authentication provider) or, if you sign in with Google or Apple, the identifier they share with us. We never see your Google/Apple password.
- Settings you configure: public page details, branding, ticket instructions, booking-fee configuration, and your team members and their roles.
- Your connected payment account identifier (so payouts reach you) — see Payment data below.
Booking & attendee data
- The buyer’s name and email address, and a phone number if provided.
- What was booked: event, ticket type(s), quantity, price, booking reference, and the time of booking.
- Ticket and check-in records, including whether and when a ticket was scanned at the door.
Payment data
Card payments are processed by our payment provider, Stripe. We do not receive or store full card numbers or security codes — those go directly to Stripe, which is certified to the PCI-DSS standard. We store only limited payment metadata returned by Stripe, such as the card brand, the last four digits, the payment status, and a payment reference. Free (£0) bookings involve no payment.
Usage, device and location data
- Technical information such as your browser and device type, and the pages and features you use.
- Your approximate country, derived from your IP address at our hosting edge, which we use to show pricing in your local currency. We do not store your full IP address in your account.
- Analytics about how the site is used, to help us improve it (see the Cookies Policy).
Communications
Emails we send you — booking confirmations and tickets, team invitations, account and password emails, and occasional setup reminders — together with delivery information (for example whether an email was delivered or bounced) so we can keep ticket delivery reliable.
How and why we use data
- To provide the service — create and run accounts, publish events, take bookings, deliver tickets and wallet passes, and run door check-in.
- To process payments and payouts — via Stripe, so an organiser’s ticket revenue reaches them directly.
- To communicate — send transactional emails such as confirmations, invitations, password resets and important account notices.
- To keep the service secure — prevent and investigate fraud, abuse and technical problems.
- To improve the product — understand how the site is used through privacy-friendly analytics.
- To comply with the law — meet legal, tax and regulatory obligations.
Where data-protection law (such as the UK GDPR or EU GDPR) applies, we rely on these legal bases: performance of a contract (to provide the service you signed up for), our legitimate interests (to secure and improve the service), your consent (for non-essential analytics cookies), and compliance with legal obligations.
Who we share data with
We do not sell personal data. We share it only with:
- Event organisers — if you book a ticket, your booking details are shared with the organiser of that event, who controls their own attendee list.
- Service providers who help us run ticketable.events, acting on our instructions:
- Stripe — payment processing and payouts.
- Supabase — account authentication and the account/membership database.
- Amazon Web Services (AWS) — application hosting, database, file storage (ticket PDFs) and outbound email, primarily in the EU (Ireland).
- Vercel — website and dashboard hosting, and privacy-friendly aggregate web analytics.
- Microsoft Clarity — product analytics (aggregated usage and session insights) to improve the experience.
- Google / Apple — only if you choose to sign in using their single sign-on.
- Authorities or advisers — where we are legally required to, or to establish, exercise or defend legal claims.
- A successor — if the service is transferred to another operator, in which case this policy continues to apply.
International transfers
Account and booking data is stored primarily in the EU (AWS, Ireland). Some of our providers are based in or process data in other countries, including the United States. Where personal data is transferred outside your country, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect it.
How long we keep data
We keep organiser account data for as long as the account is active, and for a reasonable period afterwards to meet legal, accounting and dispute-resolution needs. Booking and attendee data is kept while it is needed to run the event and for the organiser’s legitimate record-keeping. When an organiser deletes their organisation from the dashboard, we permanently remove that organisation’s events, bookings and ticket files, and remove the related sign-in access (deleting the account entirely if it is no longer linked to any organisation). Cached ticket files and aggregated analytics may persist for a short time before being cleared.
Your rights
Depending on where you live, you may have rights to access the personal data we hold about you, to have it corrected or deleted, to restrict or object to certain processing, to receive a copy in a portable format, and to withdraw consent where we rely on it. To exercise any of these, contact us using the details below. If you booked a ticket, the event organiser may need to act on requests about their attendee records, and we will help coordinate. You also have the right to complain to your local data-protection authority.
Cookies
We use a small number of cookies and similar technologies. See the Cookies Policy for what they are and how to manage them.
Security
We take reasonable measures to protect personal data — see our Security page. No online service can be completely secure, but we work to keep your data safe and to address issues promptly.
Children
ticketable.events is not directed at children, and organiser accounts are intended for adults. We do not knowingly collect personal data from children. Organisers running events aimed at children are responsible for any additional consents required.
Changes to this policy
We may update this policy from time to time. When we make material changes we will update the “last updated” date above and, where appropriate, let you know.
Contact us
For any privacy question or to exercise your rights, email privacy@ticketable.events.