Tikxz

Legal Document

Privacy Policy

Effective: January 8, 2026  ·  Last Updated: March 9, 2026

We care about your privacy. This document explains exactly what data Tikxz collects, why, how it is stored, who it is shared with, and your rights under India's Digital Personal Data Protection Act (DPDPA) 2023.

Quick Navigation

1. Data We Collect2. How We Use Data3. Legal Basis4. Storage & Retention5. Data Sharing6. Cookies7. Security8. Children's Privacy9. Law Enforcement10. Your Rights11. International Users12. Policy Changes13. Contact

Section 01

Information We Collect

We collect only the data necessary to deliver and improve our services.

A — Identity & Account

  • Name & email — account creation and transactional emails.
  • Mobile number — OTP verification and account security.
  • Government ID — Organisers only during KYC. Not from regular users.
  • Profile photo — optional, uploaded by you.

B — Financial Data

  • Transaction ID and payment method (UPI/Card type) — for receipts and refunds.
  • We do NOT store card numbers or CVVs. All payment data is handled by our PCI-DSS compliant gateway.

C — Location & Address

  • Physical address (optional) — auto-fills event registration forms.
  • GPS geolocation — only with your browser permission, for nearby event recommendations. Never tracked in the background.
  • IP address — fraud detection and rate limiting. Retained 90 days.

D — Usage & Technical

  • Browser type, OS, device — anonymised, for platform optimisation.
  • Pages visited, clicks, session duration — analytics to improve UX.
  • Error logs and crash reports — to identify and fix bugs.

Section 02

How We Use Your Data

Your data is used only for the purposes below. We do not use it for anything you have not consented to.

Service Delivery

  • Generating tickets and QR codes for your registrations.
  • Processing payments and issuing refunds.
  • Auto-filling event registration forms using your saved address.
  • Sending transactional emails — OTP, booking confirmation, refunds.

Personalisation

  • Recommending events near your location.
  • Surfacing events matching your past activity.
  • Notifying you of changes to events you are registered for.

Platform Security

  • Detecting and preventing fraud, spam, and abuse.
  • Investigating account violations and Terms breaches.
  • Rate-limiting and bot detection.

Marketing (Consent Only)

  • Newsletters and offers only to users who opted in.
  • You can withdraw marketing consent from account settings.
  • We never sell your data to advertisers.

Section 04

Data Storage & Retention

Your data is stored on AWS infrastructure (ap-south-1, Mumbai, India). We retain data only as long as necessary.

Data TypeKept For
Account dataUntil deletion + 30 days
Transaction records7 years
IP logs90 days
OTP codes10 minutes
Analytics data24 months (anonymised)
KYC documents5 years post-verification
Marketing consent logsUntil account deletion

After a retention period lapses, data is permanently deleted or anonymised so it can no longer be linked to any individual.

Section 05

Data Sharing

Tikxz does not sell, rent, or trade your personal data. We share it only in the strictly defined scenarios below.

  • Event Organisers: When you register for an event, the Organiser receives your name, email, phone, and form responses — solely for check-in and event management. Organisers are bound by their own privacy obligations.
  • Payment Processors: PhonePe and/or Razorpay receive payment details to process transactions. They are PCI-DSS certified. Tikxz does not receive or store full card numbers.
  • Cloud Providers: AWS (hosting, SES, SNS) processes data as a sub-processor under data processing agreements. Data is stored in Mumbai wherever possible.
  • Analytics Services: Anonymised, aggregated usage data only. No personally identifiable information is included.
  • Legal Authorities: We may share data with law enforcement when legally required. See Section 9.
  • Business Transfers: In a merger or acquisition, user data may be transferred. We will notify affected users via email before any such transfer.

Section 06

Cookies & Tracking

Tikxz uses cookies and similar technologies for the following purposes:

Essential Cookies

  • Required for the platform to function. Includes session management, auth tokens, and CSRF protection. Cannot be disabled.

Preference Cookies

  • Store your saved preferences (theme, address auto-fill, notification settings). Can be cleared via browser settings.

Analytics Cookies

  • Pages visited, session length, error rates. Data is aggregated and anonymised. Can be opted out of.

Marketing Cookies

  • Only set if you opted into marketing. Can be disabled in account settings or by contacting us.

Disabling essential cookies will prevent login and core platform features from working.

Section 07

Security Measures

We implement technical and organisational measures to protect your data:

  • AES-256 Encryption at Rest: Sensitive fields (passwords, KYC documents) are encrypted before storage. Passwords are hashed using bcrypt — we cannot read your password.
  • TLS 1.3 in Transit: All data between your browser and our servers is protected by TLS 1.3.
  • Access Controls: Production user data access is restricted on a strict need-to-know basis. All admin access is logged and audited.
  • PCI-DSS Payment Security: Card and UPI data is processed by our compliant payment gateway. Tikxz servers never touch raw payment credentials.
  • OTP Verification: Account actions (registration, password reset) require OTP verification via email or SMS.
  • Rate Limiting: API endpoints are rate-limited and monitored for unusual patterns.

No internet-based system is 100% secure. If you discover a vulnerability, please report it responsibly to legal@tikxz.com.

Section 08

Children's Privacy

Tikxz is not directed at children under 18. We do not knowingly collect personal data from anyone under 18 without verifiable parental or guardian consent.

Since Tikxz facilitates financial transactions, users must be at least 18 years old to register independently. If you believe your child has provided us with personal data without your consent, contact legal@tikxz.com and we will delete the data promptly.

Section 09

Law Enforcement & Legal Obligations

Tikxz cooperates with lawful law enforcement requests. We may disclose user data to authorities without prior notice when:

  • Required by a valid court order, subpoena, or other legal process under Indian law.
  • Necessary to comply with applicable laws, regulations, or government mandates.
  • Required to investigate, prevent, or act against fraud, security threats, or illegal activity.
  • Necessary to protect the rights, property, or safety of Tikxz, its users, or the public.

We have zero tolerance for using our platform for illegal activities. We will proactively report suspected criminal use to the Cyber Crime Cell and relevant authorities.

Where permitted by law, we will attempt to notify you before disclosing your data, unless prohibited by the requesting authority.

Section 10

Your Rights — DPDPA 2023

Under India's Digital Personal Data Protection Act 2023, you have the following rights as a Data Principal:

Right to Access

  • Request a summary of personal data we hold about you and how it is being processed.

Right to Correction

  • Request correction of inaccurate or incomplete personal data on your account.

Right to Erasure

  • Request deletion of your personal data. Data required for legal compliance cannot be deleted during mandatory retention periods.

Right to Grievance Redressal

  • Lodge a complaint with our Data Protection Officer. We will respond within 72 hours.

Right to Nominate

  • Nominate someone to exercise your data rights on your behalf in case of death or incapacity.

Right to Withdraw Consent

  • Withdraw previously given consent for non-essential processing at any time. This will not affect prior lawful processing.

To exercise any right, submit a request to legal@tikxz.com. We verify your identity before acting and respond within 30 days as required by DPDPA 2023.

Section 11

International Users

Tikxz is operated from India. Our servers are in AWS Mumbai (ap-south-1). If you access the platform from outside India — including from the EU, UK, or United States — your personal data will be transferred to and processed in India.

  • EU / EEA Users (GDPR): You have additional rights under the General Data Protection Regulation, including data portability and the right to lodge a complaint with your local supervisory authority. Contact legal@tikxz.com for GDPR requests.
  • Cross-Border Transfers: We rely on standard contractual clauses and data processing agreements with sub-processors to ensure adequate protection for international transfers.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time. The revised policy will be posted at tikxz.com/privacy with an updated "Last Updated" date.

For material changes — such as new data collection categories or significant changes to how we use your data — we will notify registered users via email at least 7 days before the change takes effect.

Your continued use of Tikxz after the effective date constitutes acceptance of the updated Privacy Policy.

Section 13

Contact & Data Protection Officer

For all privacy enquiries, data rights requests, security disclosures, or formal legal notices:

Privacy / Legal

legal@tikxz.com

General Support

support@tikxz.com

Platform

tikxz.com

We acknowledge privacy requests within 72 hours and resolve them within 30 days.

Tikxz Legal

© 2026 Tikxz. All rights reserved.

Terms of Servicelegal@tikxz.com