This policy explains what data Ticketfolio (www.ticketfolio.app) collects, why, and what control you have over it. The short version: we collect the minimum needed to run the product, your photos stay private to your account, and we never sell your data.
1. Data we collect
- Account data. When you sign in with Google we receive your name, email address, and profile picture URL. We use this to create and identify your account. We never see your Google password.
- Your content. The photos you upload and the ticket details you enter (title, city, country, date, ticket number, colors). This is the product — we store it so your collection is there when you come back.
- Purchase data. If you buy a plan, our payment provider Lemon Squeezy shares the order identifier, product, amount, and payment status with us so we can unlock your plan. We never receive or store your card details — those go directly to Lemon Squeezy.
- Technical logs. Standard server logs (IP address, request path, timestamp) kept for security and debugging, rotated automatically.
We do not use advertising trackers or third-party analytics cookies. The only cookie we set is a session cookie (tf_session) that keeps you signed in.
2. How your photos are handled
- Photos are stored privately and are only served back to your signed-in account.
- We do not use your photos for machine learning, marketing, or anything other than showing them to you.
- Deleting a ticket deletes its photo from our storage. Replacing a ticket’s photo deletes the old file.
3. Third parties we rely on
- Google — sign-in only (Google privacy policy).
- Lemon Squeezy — payment processing as merchant of record (Lemon Squeezy privacy policy).
- Hosting infrastructure — our servers and content delivery providers, which process data on our behalf.
We do not sell or rent your personal data to anyone.
4. Data retention
- Your account and content are kept for as long as your account exists.
- Purchase records are kept as long as needed for accounting and tax obligations.
- Database backups are retained for 7 days and then deleted automatically.
5. Your rights
Depending on where you live (including under GDPR and CCPA), you have the right to access, correct, export, or delete your personal data. You can:
- export your collection at any time using the built-in PNG/ZIP/PDF downloads;
- delete individual tickets (and their photos) in the app;
- request full account deletion or a copy of your data by emailing [email protected] — we respond within 30 days.
6. Security
All traffic is encrypted with HTTPS. Session cookies are HttpOnly and Secure. Access to production systems is limited to the operator of the Service. No method of storage is 100% secure, but we follow standard practices to protect your data and will notify affected users of any breach as required by law.
7. Children
The Service is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.
8. Changes to this policy
If we make material changes we will announce them on the site before they take effect. The “last updated” date at the top always reflects the current version.
9. Contact
Privacy questions or requests: [email protected]