Privacy Policy

A. Information you provide directly

• Account details: full name, email address, phone number, and password (stored hashed) when you create an account.
• Profile data: date of birth, gender, city, state, college name, course, branch, year of study, graduation year, student ID, college location, LinkedIn profile URL, GitHub profile URL, portfolio URL, experience level, skills, interests, and certifications — collected during onboarding so organisers can better understand their attendees.
• Professional data (optional): role/profession category, organisation name, and employee ID for professional users.
• Event registration data: responses to custom form fields set by event organisers (e.g., t-shirt size, dietary preference, team name) and any additional information you voluntarily provide at booking.
• Communications: messages you send through in-event chat channels or our support chat.

B. Information collected automatically

• Usage data: pages visited, events browsed, search queries, ticket selection, and interaction timestamps.
• Device & browser data: IP address, browser type and version, operating system, referrer URL, and approximate geolocation derived from IP.
• Authentication tokens: JWT tokens stored in your browser's local storage to maintain your login session.

C. Information from third parties

• Google OAuth: if you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.
• Payment processor: after a transaction, we receive a payment confirmation reference and status from Zoho Payments. We do not store your full card number, CVV, or banking credentials.

• Provide the service: create and manage your account, process event registrations, issue digital tickets, and generate QR codes for venue check-in.
• Auto-fill convenience: pre-populate booking forms with your saved profile data so you do not have to re-enter details for every event.
• Team bookings: identify you as a team member when you accept an invite link, and associate your profile with the relevant ticket.
• Payments: initiate and verify transactions via Zoho Payments and send booking confirmations to your email.
• Communications: send transactional emails (registration confirmations, OTPs, password resets, event reminders). We do not send unsolicited marketing emails.
• Event chat: facilitate real-time messaging within event channels visible to all registered attendees of that event.
• Support: respond to queries submitted through our in-app support chat or via email.
• Security & fraud prevention: detect and prevent unauthorised access, abuse, and fraudulent transactions.
• Product improvement: understand how users discover and book events, identify and fix bugs, and improve the platform.
• Legal compliance: meet applicable Indian law requirements, including the Information Technology Act 2000 and the IT (Reasonable Security Practices) Rules 2011.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We share data only in the following circumstances:

• Event organisers: when you register for an event, your name, email, phone number, and any form responses you submitted are shared with the organiser of that event for the purpose of managing attendance, checking in participants, and communicating event details.
• Payment processor (Zoho Payments): your name, email, phone number, and the transaction amount are shared with Zoho Payments to process your payment. Zoho's privacy practices are governed by their own privacy policy.
• Infrastructure providers: our backend runs on AWS cloud infrastructure. Data at rest and in transit is encrypted. AWS does not independently access your personal data.
• Email delivery (Resend): we use Resend to deliver transactional emails. Resend processes your email address solely to deliver messages on our behalf.
• Legal obligations: we may disclose your information when required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of Tixon, our users, or the public.

Tixon supports team and group ticket registrations. When you join a team via an invite link:

• Your profile information (name and email) is shared with the team leader (the person who generated the invite link) and is associated with the shared ticket registration.
• The team leader is the only person responsible for completing payment. Your financial details are not shared with the team leader.
• Invite links are time-limited and single-use per team slot. Expired links cannot be used to access your data.
• Event organisers will see all team members' registration details as part of the group booking.

All payments on Tixon are processed by Zoho Payments, a PCI-DSS compliant payment gateway. We do not store or process raw card numbers, bank account details, CVV codes, or UPI PINs on our servers.

We retain a payment reference ID, transaction status, and the amount paid for record-keeping, dispute resolution, and ticket validation purposes. If a payment fails or is cancelled, no financial information is retained by Tixon beyond the failed-attempt log entry.

For free events, no financial data is collected or transmitted.

Tixon integrates the following third-party services, each governed by their own privacy policies:

We encourage you to read the privacy policies of these services. Tixon is not responsible for the privacy practices of third-party providers.

Tixon does not use tracking or advertising cookies. We use browser local storage to store your authentication token (JWT) so you remain logged in across sessions. This token contains your user ID and session expiry — it does not contain your password or payment information.

Clearing your browser's local storage or cookies will log you out of Tixon. We do not use third-party advertising trackers or retargeting pixels.

• Account data: retained for as long as your account is active. If you request account deletion, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain records.
• Registration & ticket data: retained for 3 years after the event date for dispute resolution and financial record purposes.
• Chat messages: retained for the duration of the associated event channel's lifetime. Channels may be archived or deleted by the event organiser.
• Invite tokens: deleted automatically upon expiry (typically 7 days after generation).
• Support conversations: retained for 12 months to assist with follow-up queries.

We take the security of your data seriously and implement the following measures:

• Passwords are hashed using bcrypt before storage — we never store plain-text passwords.
• All data in transit is encrypted using TLS (HTTPS).
• Authentication tokens are short-lived JWTs with expiry enforcement.
• Database access is restricted to authorised backend services only.
• Payment processing is handled entirely by PCI-DSS compliant Zoho Payments — card data never touches our servers.
• OTP-based verification is used for phone authentication, with rate limiting to prevent abuse.

No system is 100% secure. If you believe your account has been compromised, please contact us immediately at tixontechnical@gmail.com.

As a Tixon user, you have the following rights over your personal data:

• Access: view and download the profile information we hold about you from your Profile page.
• Correction: update your profile details at any time via the Profile section in the app.
• Deletion: request deletion of your account and associated personal data by emailing tixontechnical@gmail.com. Note that certain data may be retained for legal or contractual obligations.
• Portability: request a copy of your personal data in a structured, machine-readable format.
• Objection: object to the processing of your data for non-essential purposes by contacting us.

To exercise any of these rights, email us at tixontechnical@gmail.com with the subject line "Data Request". We will respond within 15 business days.

Tixon is intended for users who are 16 years of age or older. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at tixontechnical@gmail.com and we will delete the information promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via an in-app notice. Continued use of Tixon after the updated policy takes effect constitutes your acceptance of the new terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us: