Last updated: April 2026

Privacy Policy

1. Data Controller

TicketWave (“we”, “us”, or “our”) is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, you can contact us at support@ticketwavehq.com.

2. What Data We Collect

We collect the following categories of personal data:

  • Account Data: Name, email address, business name, password (hashed), and account preferences when you register for an account.
  • Transaction Data: Purchase history, ticket details, payment information (processed securely by Stripe — we do not store full card numbers), refund records, and commission data.
  • Usage Data: IP address, browser type and version, device information, pages visited, time spent on pages, and other diagnostic data collected automatically when you use our platform.
  • Cookies: We use essential cookies to operate the platform. See our Cookie Policy for full details.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Contract Performance: Processing necessary to perform our contract with you, including account management, ticket sales, and payment processing.
  • Legitimate Interest: Processing necessary for our legitimate interests, such as fraud prevention, platform security, analytics, and improving our services, provided these interests are not overridden by your rights.
  • Consent: Where we rely on your consent, such as for marketing communications. You can withdraw consent at any time.

4. How We Use Your Data

  • Service Delivery: To create and manage your account, process ticket transactions, generate QR codes, facilitate check-ins, and provide customer support.
  • Communications: To send transactional emails (order confirmations, ticket delivery), and, with your consent, marketing communications about new features and promotions.
  • Analytics: To understand how our platform is used, identify trends, and improve the user experience.
  • Fraud Prevention: To detect and prevent fraudulent transactions, abuse, and security threats.

5. Data Sharing and Third-Party Processors

We share your data with the following trusted third-party processors, each bound by data processing agreements:

  • Stripe: Payment processing, including Stripe Connect for venue payouts. Stripe processes payment card data in accordance with PCI-DSS standards.
  • Resend: Transactional and marketing email delivery.
  • Neon: Cloud database hosting and storage of application data.

We do not sell your personal data to any third party.

6. International Data Transfers

Your data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or equivalent mechanisms recognised by the European Commission to protect your data.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained for the duration of your account and for 30 days after deletion to allow recovery.
  • Transaction data: Retained for 7 years to comply with tax and accounting obligations.
  • Usage data: Retained for up to 26 months, then anonymised or deleted.
  • Marketing consent records: Retained for as long as consent is active, plus 3 years after withdrawal for compliance records.

8. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Data Portability: Request a machine-readable copy of your data to transfer to another service.
  • Right to Object: Object to processing based on legitimate interests, including profiling.
  • Right to Restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

9. How to Exercise Your Rights

To exercise any of the rights above, please contact us at support@ticketwavehq.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

TicketWave is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at support@ticketwavehq.com and we will promptly delete the data.

11. Cookie Policy

We use cookies and similar technologies to operate our platform. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date. We encourage you to review this policy periodically.

13. Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us: