Legal Document
Privacy Policy
Effective: January 8, 2026 · Last Updated: March 9, 2026
We care about your privacy. This document explains exactly what data Tikxz collects, why, how it is stored, who it is shared with, and your rights under India's Digital Personal Data Protection Act (DPDPA) 2023.
Quick Navigation
Section 01
Information We Collect
We collect only the data necessary to deliver and improve our services.
A — Identity & Account
- Name & email — account creation and transactional emails.
- Mobile number — OTP verification and account security.
- Government ID — Organisers only during KYC. Not from regular users.
- Profile photo — optional, uploaded by you.
B — Financial Data
- Transaction ID and payment method (UPI/Card type) — for receipts and refunds.
- We do NOT store card numbers or CVVs. All payment data is handled by our PCI-DSS compliant gateway.
C — Location & Address
- Physical address (optional) — auto-fills event registration forms.
- GPS geolocation — only with your browser permission, for nearby event recommendations. Never tracked in the background.
- IP address — fraud detection and rate limiting. Retained 90 days.
D — Usage & Technical
- Browser type, OS, device — anonymised, for platform optimisation.
- Pages visited, clicks, session duration — analytics to improve UX.
- Error logs and crash reports — to identify and fix bugs.
Section 02
How We Use Your Data
Your data is used only for the purposes below. We do not use it for anything you have not consented to.
Service Delivery
- Generating tickets and QR codes for your registrations.
- Processing payments and issuing refunds.
- Auto-filling event registration forms using your saved address.
- Sending transactional emails — OTP, booking confirmation, refunds.
Personalisation
- Recommending events near your location.
- Surfacing events matching your past activity.
- Notifying you of changes to events you are registered for.
Platform Security
- Detecting and preventing fraud, spam, and abuse.
- Investigating account violations and Terms breaches.
- Rate-limiting and bot detection.
Marketing (Consent Only)
- Newsletters and offers only to users who opted in.
- You can withdraw marketing consent from account settings.
- We never sell your data to advertisers.
Section 03
Legal Basis — DPDPA 2023
Tikxz processes personal data in accordance with India's Digital Personal Data Protection Act (DPDPA) 2023.
Consent
For account registration, marketing, and optional features like location access. You may withdraw consent at any time by contacting legal@tikxz.com.
Contract Performance
For processing payments, issuing tickets, and transactional emails — necessary to fulfil the service you purchased.
Legitimate Interests
For fraud detection, platform security, and analytics. Carefully balanced against your rights and do not override them.
Legal Obligation
Where required by law — financial records under the Income Tax Act, 1961, or disclosures to law enforcement.
Section 04
Data Storage & Retention
Your data is stored on AWS infrastructure (ap-south-1, Mumbai, India). We retain data only as long as necessary.
| Data Type | Kept For |
|---|---|
| Account data | Until deletion + 30 days |
| Transaction records | 7 years |
| IP logs | 90 days |
| OTP codes | 10 minutes |
| Analytics data | 24 months (anonymised) |
| KYC documents | 5 years post-verification |
| Marketing consent logs | Until account deletion |
After a retention period lapses, data is permanently deleted or anonymised so it can no longer be linked to any individual.
Section 07
Security Measures
We implement technical and organisational measures to protect your data:
- AES-256 Encryption at Rest: Sensitive fields (passwords, KYC documents) are encrypted before storage. Passwords are hashed using bcrypt — we cannot read your password.
- TLS 1.3 in Transit: All data between your browser and our servers is protected by TLS 1.3.
- Access Controls: Production user data access is restricted on a strict need-to-know basis. All admin access is logged and audited.
- PCI-DSS Payment Security: Card and UPI data is processed by our compliant payment gateway. Tikxz servers never touch raw payment credentials.
- OTP Verification: Account actions (registration, password reset) require OTP verification via email or SMS.
- Rate Limiting: API endpoints are rate-limited and monitored for unusual patterns.
No internet-based system is 100% secure. If you discover a vulnerability, please report it responsibly to legal@tikxz.com.
Section 08
Children's Privacy
Tikxz is not directed at children under 18. We do not knowingly collect personal data from anyone under 18 without verifiable parental or guardian consent.
Since Tikxz facilitates financial transactions, users must be at least 18 years old to register independently. If you believe your child has provided us with personal data without your consent, contact legal@tikxz.com and we will delete the data promptly.
Section 09
Law Enforcement & Legal Obligations
Tikxz cooperates with lawful law enforcement requests. We may disclose user data to authorities without prior notice when:
- Required by a valid court order, subpoena, or other legal process under Indian law.
- Necessary to comply with applicable laws, regulations, or government mandates.
- Required to investigate, prevent, or act against fraud, security threats, or illegal activity.
- Necessary to protect the rights, property, or safety of Tikxz, its users, or the public.
We have zero tolerance for using our platform for illegal activities. We will proactively report suspected criminal use to the Cyber Crime Cell and relevant authorities.
Where permitted by law, we will attempt to notify you before disclosing your data, unless prohibited by the requesting authority.
Section 10
Your Rights — DPDPA 2023
Under India's Digital Personal Data Protection Act 2023, you have the following rights as a Data Principal:
Right to Access
- Request a summary of personal data we hold about you and how it is being processed.
Right to Correction
- Request correction of inaccurate or incomplete personal data on your account.
Right to Erasure
- Request deletion of your personal data. Data required for legal compliance cannot be deleted during mandatory retention periods.
Right to Grievance Redressal
- Lodge a complaint with our Data Protection Officer. We will respond within 72 hours.
Right to Nominate
- Nominate someone to exercise your data rights on your behalf in case of death or incapacity.
Right to Withdraw Consent
- Withdraw previously given consent for non-essential processing at any time. This will not affect prior lawful processing.
To exercise any right, submit a request to legal@tikxz.com. We verify your identity before acting and respond within 30 days as required by DPDPA 2023.
Section 11
International Users
Tikxz is operated from India. Our servers are in AWS Mumbai (ap-south-1). If you access the platform from outside India — including from the EU, UK, or United States — your personal data will be transferred to and processed in India.
- EU / EEA Users (GDPR): You have additional rights under the General Data Protection Regulation, including data portability and the right to lodge a complaint with your local supervisory authority. Contact legal@tikxz.com for GDPR requests.
- Cross-Border Transfers: We rely on standard contractual clauses and data processing agreements with sub-processors to ensure adequate protection for international transfers.
Section 12
Changes to This Policy
We may update this Privacy Policy from time to time. The revised policy will be posted at tikxz.com/privacy with an updated "Last Updated" date.
For material changes — such as new data collection categories or significant changes to how we use your data — we will notify registered users via email at least 7 days before the change takes effect.
Your continued use of Tikxz after the effective date constitutes acceptance of the updated Privacy Policy.
Section 13
Contact & Data Protection Officer
For all privacy enquiries, data rights requests, security disclosures, or formal legal notices:
We acknowledge privacy requests within 72 hours and resolve them within 30 days.
Tikxz Legal
© 2026 Tikxz. All rights reserved.
