Last updated: June 2026
To provide verified-identity ticketing we collect: your email address, WhatsApp phone number, full name, and payment confirmation data from our payment provider. We also log device fingerprints and bot-detection signals to prevent fraud and scalping.
We never ask for or store your NIK (national identity number) or KTP (identity card) data. Identity assurance comes from your verified WhatsApp number, which Indonesian regulation already ties to a registered SIM. Phone numbers used for carrier-type checks are hashed before caching.
Your data is used to: verify account ownership, issue and validate tickets, process payments, send transactional notifications via WhatsApp and email, prevent fraud and multi-account abuse, and comply with legal obligations. We do not sell your personal data to third parties.
We share the minimum data necessary with: Twilio (WhatsApp OTP delivery and phone-line-type lookup), Midtrans (payment processing), Supabase (database and authentication hosting), and email delivery providers. Each processor is bound by its own data protection commitments.
For transparency, aggregate per-event statistics (tickets sold, checked in, refunded, resold) are public. These are counts only and never include personal information.
Account data is retained while your account is active. If you delete your account, we soft-delete your profile; your phone number remains associated with the historical account to prevent identity recycling by scalpers. Transaction records are retained as required by Indonesian financial regulations.
Data is encrypted in transit and at rest. Database access is guarded by row-level security, and all writes go through validated server-side code. QR ticket secrets never leave our servers.
You may access, correct, or request deletion of your personal data by contacting us. Note that some data must be retained where required by law (e.g., payment records).
Privacy questions or requests: lummyticket@gmail.com.