Privacy policy

Structure and Principles for Data Protection on Someone’s TICKET

Someone’s TICKET respects your control over data. The system processes information only to support access, ticket issuance, transaction records, and user roles. Your data stays within your permission scope at all times. No external transfer takes place without key-level consent.

1. Data Collection Scope

The system collects only the required fields for event setup, ticket issue, transaction sync, and scan validation.

  • Full name
  • Email address
  • Phone number
  • Device fingerprint (for scan trace)
  • Payment reference (from your processor)
  • IP address and location data (for fraud trace)
  • Ticket code and scan log

Each field supports one specific function and enters the system through your interface, API, or staff input.

2. Use of Information

Your submitted data powers the platform's internal operation. Each action—creation, scan, reissue, update—relies on the related record.

  • Ticket access validation
  • Session history review
  • Refund or reissue the command.
  • Role-based visibility.
  • Export to internal records.

No data flows toward outside entities. No data enters shared stores.

3. Session and Device Records

The platform stores session data for safety, trace, and account oversight. These records support technical review or operational audits.

  • Login time
  • Device type
  • Browser agent
  • IP location.
  • Session duration
  • Activity list

Each session closes upon logout or timeout. The system never continues a stale or idle connection.

4. Webhook and Callback Traces

Webhook deliveries enter the log system for review and retry tracking. No webhook record moves outside your access.

  • Payload preview
  • Status code
  • Retry count
  • Delivery path
  • Response time

Your team holds complete control over all event delivery logs.

5. Data Security Practice

Every transaction follows a token-based system with limited scope. Each token applies to one project only. The system applies time-lock rules, IP-range filters, and call-rate boundaries.

  • SHA-256 token protocol
  • Token expiry auto-enforced
  • IP rules per user role
  • Rate threshold applied per hour
  • Encrypted key vault

System infrastructure resides on verified regional servers under UAE jurisdiction.

6. Request Access or Deletion

You may export or delete your stored data at any time. Requests pass through your admin panel with confirmation steps for security.

  • CSV or JSON export
  • Delete logs after event closure
  • Data removal from scan history
  • Ticket record purge
  • Session key wipe

Once deletion is complete, no recovery will be possible.

7. Compliance and Regulation

Someone’s TICKET meets the data protection rules set by the UAE legal bodies. Compliance reports become available upon request through your admin channel.

  • Records available for 12 months
  • Access to history is available to auditors
  • No data shared without explicit grant
  • Role visibility applied to all audit entries

Last updated: 21 August, 2025