Privacy Policy

Trixtu operates the website and platform at trixtu.eu. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

For questions about this policy or your data, contact us at [email protected].

We collect the following categories of personal data:

Account data

• Name, email address, and password (hashed) when you register.
• Profile picture and display name if you choose to add them.

Transaction data

• Ticket purchases: event, quantity, price, ticket holder names. Payment details (card number, CVV) are processed directly by Stripe and never stored on our servers.
• Stripe account IDs for event organizers who enable payouts.

User-generated content

• Events you create, including descriptions, images, and location.
• Service listings you submit.
• Reviews, comments, and messages sent through the Platform.

Usage data

• Pages visited, actions taken, browser type, IP address, and referring URL — collected automatically for analytics and security purposes.

Guest checkout data

• Name and email address provided during guest ticket purchases, used solely to deliver the ticket and confirmation email.

We process your personal data for the following purposes:

• Providing the service: account management, event discovery, ticket issuance, and payment processing.
• Communications: sending booking confirmations, event reminders, and service-related notifications via email.
• Security & fraud prevention: monitoring for suspicious activity and protecting users.
• Analytics: understanding how the Platform is used to improve features and performance.
• Legal obligations: retaining transaction records as required by applicable law.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling with legal effects.

We rely on the following legal bases:

• Contract performance: processing necessary to provide the service you signed up for (account, tickets).
• Legitimate interests: security, fraud prevention, analytics, and improving the Platform.
• Legal obligation: retaining financial records.
• Consent: marketing communications, where required.

We share data with trusted third parties only as necessary:

• Stripe, Inc. — payment processing. Your card data is handled exclusively by Stripe under their own privacy policy. Stripe is PCI-DSS compliant.
• Resend — transactional email delivery (confirmations, notifications).
• Supabase / PostgreSQL — database hosting. Data is stored on servers located in the EU.
• Vercel — platform hosting and CDN. Processes request logs and analytics.

All third-party processors are bound by data processing agreements and comply with GDPR requirements.

We use the following types of cookies:

• Strictly necessary: session cookies required for authentication and core Platform functionality. These cannot be disabled.
• Analytics: anonymous usage data (Vercel Analytics) to understand traffic patterns. No personal identifiers are used.

We do not use advertising or tracking cookies. You can control cookie preferences through your browser settings.

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: retained until you delete your account, plus 30 days for recovery purposes.
• Transaction records (tickets, payments): retained for 7 years as required by EU financial regulations.
• Event content: deleted when the organizer deletes the event or their account.
• Guest checkout data: retained for 2 years for dispute resolution, then deleted.

If you are in the European Economic Area, you have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: request deletion of your data ("right to be forgotten"), subject to legal obligations.
• Restriction: ask us to limit processing of your data in certain circumstances.
• Portability: receive your data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: at any time, where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. However, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

Your data is primarily stored in the EU. Some third-party processors (e.g., Stripe) may transfer data outside the EU. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Trixtu is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy periodically. The "Last updated" date at the top reflects the most recent revision. For significant changes, we will notify registered users by email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or complaints, contact our team at [email protected].