Privacy Policy

Last updated: June 2026

1. What We Collect

To provide verified-identity ticketing we collect: your email address, WhatsApp phone number, full name, and payment confirmation data from our payment provider. We also log device fingerprints and bot-detection signals to prevent fraud and scalping.

2. What We Never Collect

We never ask for or store your NIK (national identity number) or KTP (identity card) data. Identity assurance comes from your verified WhatsApp number, which Indonesian regulation already ties to a registered SIM. Phone numbers used for carrier-type checks are hashed before caching.

3. How We Use Your Data

Your data is used to: verify account ownership, issue and validate tickets, process payments, send transactional notifications via WhatsApp and email, prevent fraud and multi-account abuse, and comply with legal obligations. We do not sell your personal data to third parties.

4. Third-Party Processors

We share the minimum data necessary with: Twilio (WhatsApp OTP delivery and phone-line-type lookup), Midtrans (payment processing), Supabase (database and authentication hosting), and email delivery providers. Each processor is bound by its own data protection commitments.

5. Public Event Stats

For transparency, aggregate per-event statistics (tickets sold, checked in, refunded, resold) are public. These are counts only and never include personal information.

6. Data Retention

Account data is retained while your account is active. If you delete your account, we soft-delete your profile; your phone number remains associated with the historical account to prevent identity recycling by scalpers. Transaction records are retained as required by Indonesian financial regulations.

7. Security

Data is encrypted in transit and at rest. Database access is guarded by row-level security, and all writes go through validated server-side code. QR ticket secrets never leave our servers.

8. Your Rights

You may access, correct, or request deletion of your personal data by contacting us. Note that some data must be retained where required by law (e.g., payment records).

9. Contact

Privacy questions or requests: lummyticket@gmail.com.