Privacy Policy

Last Updated: 14th May 2026

Introduction

At Ticketflex ("we," "us," or "our"), we are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, store, and share personal data when you use our ticket-selling software as a service ("Services") and interact with our website and applications (collectively, the "Websites").

This policy applies to individuals and organisations who contract with us to receive our Services or otherwise engage with us. Where you are a customer purchasing tickets from an event organiser using our platform, we will often process your personal data on behalf of that event organiser. In those circumstances, the event organiser is usually responsible for explaining how your personal data is used in connection with their event. However, this policy also explains how Ticketflex may handle personal data where we interact directly with you, including for customer support, payments, refunds, fraud prevention, and manual refund processing.

Please take a moment to review this Privacy Policy carefully. By using our Services, you acknowledge the practices described in this policy.

Information We Collect

We may collect the following types of personal information:

Information You Provide

• Name, postcode, email address, and phone number
• Account registration details and login credentials
• Payment details, which are processed through third-party payment processors. We only retain transaction details and limited payment information where required
• Communication records, including customer support interactions, enquiries, and surveys
• Testimonials, feedback, or public posts on forums and social media
• Transaction details related to your use of our Services
• Information required to process bookings, payments, refunds, and refund-related communications
• Where a refund cannot be returned automatically to the original payment method, bank details submitted through our secure manual refund form, including account holder name, sort code, account number, and optional building society roll number
• Confirmation declarations provided when submitting manual refund details, including confirmation that the details are correct, that you are authorised to receive the refund, and that you understand the details will be used to process the refund

Information We Collect Automatically

• Website usage data, including IP addresses, browser type, device information, and browsing behaviour
• Traffic data, weblogs, and analytics data from our Websites and applications
• Cookies and similar tracking technologies for analytics and targeted advertising, as explained in "Cookies and Tracking Technologies" below
• Technical and security information linked to refund requests, including IP address, user agent, verification attempts, secure link activity, and audit log information

Anonymised and Aggregated Data

We may use anonymised or aggregated data, such as usage statistics, for business intelligence, reporting, service improvement, and analytics purposes. This data does not identify you personally.

Information We Do Not Intentionally Collect

We do not intentionally collect special category personal data, such as information about race, ethnicity, religious beliefs, sexual orientation, health data, or criminal history. Please do not provide this information to us unless it is necessary for a specific request or legal requirement.

How We Use Your Information

We process your data only where we have a lawful basis to do so. Common uses include:

1. To Fulfil a Contract

• Providing and maintaining our Services
• Managing your account and transactions
• Processing bookings, orders, payments, refunds, and manual refund requests where required
• Verifying customer details before accepting manual refund bank details
• Enabling authorised Ticketflex staff and authorised event organiser users to administer bookings, payments, and refunds
• Notifying you about service updates, booking information, refund updates, and other service-related matters

2. With Your Consent

• Sending marketing communications where consent is required
• Placing non-essential cookies for analytics and advertising

3. To Comply with Legal Obligations

• Responding to law enforcement, court, regulatory, or government requests where required
• Complying with applicable laws, regulations, accounting requirements, tax obligations, and record-keeping duties

4. For Legitimate Business Interests

• Enhancing our Services and user experience
• Preventing fraud, misuse, unauthorised access, and incorrect payments or refunds
• Maintaining audit logs and operational records
• Conducting business analytics, reporting, and service improvement
• Protecting customers, event organisers, and Ticketflex in the event of disputes, chargebacks, refund queries, payment issues, or security incidents

Marketing & Advertising

You may receive marketing communications from us if you have consented to receive them, or where we are permitted to contact you under applicable marketing rules, such as where you have previously used our Services and have not opted out.

We may also use third-party platforms, such as Google and Facebook, for advertising and marketing purposes, subject to your cookie preferences and applicable law.

Opt-out options:

• Unsubscribe from marketing emails using the link in our messages
• Manage cookies through our cookie preference tools or your browser settings
• Contact us at [email protected]

Payments and Fraud Prevention

Payments made through Ticketflex are processed by third-party payment providers, such as Stripe. These providers may process payment information, perform fraud checks, and use automated tools to detect and prevent fraudulent transactions.

Where possible, refunds are processed back to the original payment method through the relevant payment processor. In limited circumstances, where this is not possible or appropriate, we may use our manual refund process as described below.

For more information about how Stripe handles personal data, please refer to Stripe's own privacy policy.

Manual Refunds

In most cases, refunds are processed back to the original payment method through our payment processor. However, in limited circumstances, a refund may be unable to be processed automatically to the original payment method. This may include, for example, where the original payment method is no longer available, a refund has failed, a payment provider's refund window has expired, or a manual refund has otherwise been agreed.

Where this happens, Ticketflex may operate a manual refund process. Manual refund requests are created by authorised Ticketflex staff. Event organisers cannot create manual refund requests themselves, but authorised organiser users may be able to view and process existing manual refund requests through the event dashboard where necessary to administer the refund.

When a manual refund request is created, we may store information relating to the relevant organisation, event, order, customer, refund amount, refund reason, request status, secure refund link, and related timestamps. We may also store limited internal notes where necessary to administer the refund.

The customer may be sent a secure Ticketflex-hosted link to submit their refund details. Before bank details can be submitted, the customer may be asked to verify their booking using the email address used for the booking and, in some cases, the booking postcode. Failed verification attempts may be logged for security and fraud-prevention purposes.

When a customer submits manual refund details, we collect the account holder name, sort code, account number, and optional building society roll number. These details are encrypted at rest and are used only for the purpose of processing the relevant refund. For operational purposes, we may also store masked bank details, such as partial sort code and account number information.

Access to manual refund details is restricted. Full bank details are not shown by default in organiser dashboard views and require an explicit reveal action by an authorised user. Sensitive access and refund-related actions may be audit logged. Full bank details are not stored in audit logs.

Ticketflex may send Ticketflex-branded emails in relation to manual refunds, including emails requesting refund details, confirming receipt of refund details, and confirming that a refund has been sent.

Cookies and Tracking Technologies

Our Websites use cookies and similar technologies for essential functionality, analytics, advertising, and service improvement. You can manage cookie preferences through our cookie tools or your browser settings. For more details, please refer to our Cookie Policy.

Sharing Your Information

We may share your personal information with:

• Service providers, such as hosting providers, analytics providers, customer support tools, email providers, and technology suppliers
• Payment processors, as explained in "Payments and Fraud Prevention" above
• Event organisers and their authorised dashboard users, where necessary to manage bookings, refunds, manual refund requests, event administration, customer support, and financial reconciliation
• Legal authorities, regulators, courts, or law enforcement bodies where required by law or where necessary to protect our rights, users, customers, or Services
• Business partners, where you participate in a referral, partnership, or similar programme
• Acquiring companies or relevant third parties in connection with a business sale, merger, restructuring, or acquisition

Where manual refund requests are used, authorised event organiser users may be able to view and process refund requests. Full bank details are hidden by default and are only available through an explicit reveal action by authorised users, which is audit logged.

We do not sell or rent your personal information to third parties.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of payment transactions where applicable
• Encryption of manual refund bank details at rest
• Secure refund links with expiry controls
• Verification checks before manual refund bank details can be submitted
• Access controls for authorised personnel and authorised event organiser users
• Masking of bank details in default dashboard views
• Audit logging for sensitive refund actions and security-relevant events
• Internal data protection policies and security procedures

Although we take appropriate steps to protect your information, no system can be guaranteed to be completely secure. You are responsible for keeping your login credentials confidential and for notifying us if you believe your account or information has been compromised.

Data Retention

We retain personal data only for as long as reasonably necessary to provide our Services, manage bookings, process payments and refunds, support event organisers, meet legal and accounting obligations, resolve disputes, prevent fraud, and maintain appropriate business and audit records.

Where we collect bank details through our manual refund process, those details are used only to process the relevant refund. Once a manual refund is marked as paid, we delete the full encrypted sort code, account number, and building society roll number, where provided.

We may continue to retain limited refund records after payment, including the customer's account holder name, masked bank details, payment reference, payment timestamp, refund status, audit history, and related order information. We retain this information where necessary for record-keeping, reconciliation, audit, fraud prevention, legal compliance, and handling any refund-related queries or disputes.

Where a manual refund request expires or is cancelled before bank details are submitted, we may retain limited records of the request, including order details, refund status, audit history, and technical metadata, where necessary for security, fraud prevention, dispute handling, and operational record-keeping.

Audit logs may include details such as the action taken, timestamp, actor type, relevant order or refund reference, IP address, user agent, and notes. Full bank details are not stored in audit logs.

If you ask us to delete your personal data, we will delete or anonymise it where we are able to do so. However, we may need to retain certain information where required or permitted for legal, accounting, audit, fraud prevention, contractual, or dispute-resolution purposes.

International Data Transfers

Your data may be transferred outside the UK and EEA. Where this happens, we take steps designed to ensure that your personal data continues to receive appropriate protection in accordance with applicable data protection laws.

Safeguards may include:

• Adequacy decisions
• Standard contractual clauses
• Other lawful transfer mechanisms or safeguards where applicable

For more information, please contact [email protected].

Your Rights

Depending on the circumstances of our processing, you may have rights under data protection laws, including:

• Access: request a copy of your personal data
• Correction: ask us to correct inaccurate or incomplete data
• Deletion: ask us to delete your personal data
• Restriction: ask us to restrict certain processing of your personal data
• Data portability: ask us to transfer your data to another service provider where applicable
• Objection: object to certain types of processing
• Withdraw consent: withdraw consent where processing is based on consent

To exercise these rights, contact [email protected].

Where we process your personal data on behalf of an event organiser, we may need to refer your request to the relevant event organiser or work with them to respond to your request.

Complaints

If you are unhappy with how we handle your personal data, please contact us first at [email protected] so we can try to resolve your concern.

You also have the right to lodge a complaint with the Information Commissioner's Office, the UK data protection regulator.

Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes may be notified via email, through our Websites, or by other appropriate means.

Contact Us

If you have any questions or concerns about this Privacy Policy, you can reach us at:

Email: [email protected]

This Privacy Policy is designed to provide clear and transparent information about how we handle your data. Your trust is important to us, and we are committed to protecting your privacy.