Tixster Privacy Policy

Effective date: Aug 14, 2025

We collect only what we need to run a safe, fan-to-fan ticket resale platform. We use escrow payments, do not sell personal data, and share data only with service providers or when legally required. You control your data—access, correct, delete, or object where applicable.

1) Who we are

Controller: Tixster Inc.

Contact: privacy@tixster.ph

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use Tixster’s websites, apps, and services (the “Services”). By using the Services, you agree to the practices described here.

2) The data we collect

A. Account & Profile Data

  • Name, email address, password (hashed), phone (if provided)
  • Age confirmation (18+)
  • Fan club affiliations (if you opt in)

B. Identity & KYC

  • Government ID images/details (e.g., name, date of birth, ID number)
  • Selfie/biometric check results (pass/fail, score where applicable)
  • Address or supporting documents (if required by law or risk)

C. Transaction & Listing Data

  • Listings you create or request, prices, caps compliance
  • Messages between buyers/sellers through the platform
  • Escrow/payment events (amounts, payout method; we do not store full card numbers)
  • Handover confirmations, one-time PIN events, dispute/resolution records

D. Device & Usage Data

  • Device identifiers, OS/browser version, IP address
  • Logs of activity (sign-in, listing actions, confirmations)
  • Cookies and similar technologies (see §9)

E. Location & Safety Signals

  • City/area from IP, coarse location for suggested meetup points
  • Optional user-shared locations for meetups (never public by default)

F. Marketing & Watchlists

  • Your event watchlists, interest tags, and communications preferences

G. Support & Feedback

  • Support tickets, emails, call/chat transcripts, surveys

Sensitive data: We do not intentionally collect special categories of sensitive data except where minimal identity information is required for KYC and fraud prevention.

3) How we collect data

  • Directly from you: Account creation, KYC, listings, transactions, support contacts
  • Automatically: Through cookies, logs, and analytics
  • From third parties: Payment processors, identity verification providers, anti-fraud tools, fan club/partner integrations (if you link them)

4) Why we use your data (purposes) & legal bases

Under the Philippines Data Privacy Act of 2012 (DPA), we process data on one or more of these bases: consent, contractual necessity, legal obligation, legitimate interests (balanced against your rights), and vital interests (safety-related scenarios).

Purposes, examples, and legal bases
Purpose Examples Legal basis
Provide the Services Account, listings, escrow, handovers, notifications Contract
Safety & verification KYC, anti-fraud checks, one-time PIN, dispute handling Legitimate interests; Legal obligation
Payments & payouts Escrow, payment processing, payouts, receipts Contract; Legal obligation
Compliance Record-keeping, responding to lawful requests Legal obligation
Improve & secure Debugging, analytics, abuse prevention Legitimate interests
Communications Transactional emails/SMS, waitlist updates Contract; Legitimate interests
Marketing (optional) Newsletters, launch updates Consent (opt-in)

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5) Sharing & disclosures

We do not sell your personal data. We share it only as needed with:

  • Payment processors & escrow partners (e.g., PayMongo; card networks; wallets like GCash/Maya)
  • Identity & KYC verification providers
  • Hosting & infrastructure (cloud providers, CDN, email delivery)
  • Analytics & anti-fraud tools
  • Fan club/partner integrations (only if you opt to link/verify membership)
  • Professional advisors under confidentiality
  • Regulators & law enforcement where legally required

We require processors to use data only on our instructions, protect it, and delete it when services end.

6) International transfers

We may store/process data on servers outside the Philippines. Where we transfer data internationally, we implement appropriate safeguards (contractual clauses, technical measures) consistent with applicable law.

7) Retention

  • Account data: while your account is active; delete or anonymize after closure (subject to legal holds)
  • KYC & transaction records: typically 5–7 years for compliance/audit
  • Logs & analytics: typically 12–24 months
  • Support tickets: typically 24 months

Actual periods may vary by legal requirement, disputes, and operational needs.

8) Your rights

Subject to the DPA and other laws, you may have the right to:

  • Be informed about processing; access your personal data
  • Rectify inaccurate or incomplete data
  • Erase/Block unlawful or excessive processing
  • Object to certain processing (including direct marketing)
  • Data portability (where technically feasible)
  • Damages for violations under the DPA

To exercise rights, email privacy@tixster.ph or use in-app controls. We may ask for proof of identity. If unresolved, you can contact the National Privacy Commission (NPC).

9) Cookies & similar technologies

We use cookies and similar technologies to keep you signed in and secure sessions, remember settings, and measure usage to improve performance. You can control cookies via browser settings. Essential cookies are required for core functions (e.g., login, checkout/escrow) and cannot be disabled in the app.

10) Security

We use technical and organizational measures to protect data, including encryption in transit and at rest, role-based access, MFA for staff, and regular audits. No system is 100% secure; report incidents to security@tixster.ph.

11) Children

Tixster is for 18+. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us to delete it.

12) Automated decision-making

We use automated checks (e.g., anti-fraud scoring, duplicate listing detection), but final enforcement decisions may include human review. You can contest an enforcement action via support@tixster.ph.

13) Third-party links & user content

Our Services may link to third-party sites. Their privacy practices are their own. Listings and messages are user-generated; do not share personal information in public fields.

14) Changes to this policy

We may update this policy to reflect changes in law or our Services. We’ll post updates here and, for material changes, notify you via email or in-app notice with reasonable lead time.

15) Contact us

Privacy questions/requests: privacy@tixster.ph
DPO: dpo@tixster.ph
Security issues: security@tixster.ph

Appendix A — Data inventory (at a glance)

Data categories, examples, purposes, and typical retention
Data category Examples Purpose Typical retention
Account Name, email, password (hashed) Provide Services Life of account + 12 mo
KYC ID images/details, selfie check Verify identity, anti-fraud 5–7 yrs
Transactions Listings, escrow events, payouts Fulfill contract, compliance 5–7 yrs
Communications Messages, support tickets Service delivery, safety 24 mo
Device/Usage IP, device info, logs Security, analytics 12–24 mo
Location Coarse location, meetups Safety features 12 mo (shorter where feasible)
Marketing Watchlists, preferences Opt-in updates Until opt-out

Appendix B — Legal bases quick map (Philippines DPA)

  • Contract: account, listings, escrow, payouts, notifications
  • Legal obligation: tax/audit records, lawful requests
  • Legitimate interests: anti-fraud, platform security, analytics (balanced with your rights)
  • Consent: marketing emails, certain optional integrations (e.g., fan club linking)