Privacy Policy

Last updated: 16 February 2026

1. Who We Are

OurTicketGrid is a trading name of OurGrid ("we", "us", "our"). We operate the ticketing platform at ourticketgrid.com. We are the data processor for ticket purchases and the data controller for platform account data.

Contact: privacy@ourticketgrid.com

2. What Data We Collect

When you buy a ticket:

• Name, email address, phone number (optional)
• Billing address (for paid orders)
• Payment details (processed securely by Stripe — we never see your full card number)
• IP address and browser user agent

When you create a merchant account:

• Business name, email address, phone number
• Password (stored securely using bcrypt hashing)
• Stripe Connect account details (if connected)

3. How We Use Your Data

• To process your ticket purchase — fulfil orders, send confirmation emails with QR codes, enable check-in at events
• To process payments — via Stripe, our payment processor
• To communicate with you — order confirmations, refund notifications, and essential service updates
• To provide services to event organisers — customer lists, sales reports, and check-in tools
• To prevent fraud — IP logging, duplicate order detection

4. Legal Basis for Processing

• Contract — processing your ticket purchase and delivering the service
• Legitimate interest — fraud prevention, platform security, analytics
• Legal obligation — financial record keeping, tax compliance

We do not use your data for marketing unless you explicitly opt in.

5. Data Sharing

We share your data with:

• Event organisers — your name, email, and ticket details are shared with the merchant whose event you attend
• Stripe — payment processing (Stripe Privacy Policy)
• Email infrastructure — for sending transactional emails (order confirmations, refund notices)

We do not sell your data to third parties. We do not share data with advertising networks.

6. Data Retention

• Ticket purchase data: retained for 6 years (UK tax/accounting requirements)
• Merchant account data: retained while account is active, then 6 years after closure
• Server logs: retained for 90 days

7. Data Security

We use industry-standard measures to protect your data including HTTPS encryption, bcrypt password hashing, database access controls, and regular security updates. Payment card data is handled entirely by Stripe (PCI DSS Level 1 compliant).

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing

To exercise any of these rights, email privacy@ourticketgrid.com. We will respond within 30 days.

9. Cookies

See our Cookie Policy for details on how we use cookies.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered merchants. The latest version is always available at this URL.