Toutix Privacy Policy
Effective date: 20 September 2025
Last updated: 20 May 2026
1. Who we are
This Privacy Policy explains how TouTix LLC (“Toutix”, “we”, “us”, “our”) collects and uses personal data when you use the Toutix mobile app, website (toutix.com), and related services (the “Service”).
Data controller: TouTix LLC, a Delaware limited liability company
Principal office: 2810 N Church St, #553418, Wilmington, DE 19802, USA
Registered agent (for service of process): United States Corporation Agents, Inc., 131 Continental Drive, Suite 305, Newark, DE 19713, USA
Privacy queries: daniel@toutix.com
General support: support@toutix.com
If you are in the UK or EU and have an unresolved concern, you may contact our Data Protection point of contact at daniel@toutix.com.
2. Data we collect
We collect the following categories of personal data:
Account data — email address, full name, phone number, date of birth, password hash, profile picture (if uploaded).
Billing data — billing address, country, currency. Card details are entered directly into Stripe; we receive only a tokenised reference and the last four digits.
Transaction data — tickets purchased, events attended, refund history, transfer history.
Device data — Firebase Installation ID, FCM push token, app version, OS version, device model, language, time zone.
SMS verification data — phone numbers used for one-time-password (OTP) verification, delivered via Twilio.
Location data — precise location, only when you grant the permission, used for nearby-event discovery and venue directions. Revocable at any time in your device settings.
Photos — only images you actively upload (currently: profile picture).
Support communications — messages you send to support@toutix.com and any attachments.
Diagnostic data — if enabled, anonymised crash logs and performance metrics via Firebase Crashlytics and Firebase Performance Monitoring.
3. Why we process your data — lawful bases
| Purpose | Lawful basis (UK/EU GDPR) |
|---|---|
| Create and operate your account, deliver tickets, process payments | Performance of a contract |
| Send transactional emails / SMS (receipts, ticket delivery, event changes) | Performance of a contract |
| Marketing email and push notifications | Consent — withdrawable at any time |
| Use of precise location | Consent |
| Fraud prevention, abuse detection, basic product analytics | Legitimate interests |
| Tax records, AML, responding to lawful requests from authorities | Legal obligation |
4. Who we share data with
We share personal data only with the processors and partners required to deliver the Service:
Stripe, Inc. — payment processing
Postmark (ActiveCampaign) — transactional email delivery
Google / Firebase — authentication, push, crash, performance
Amazon Web Services (AWS) — hosting and storage
Twilio — SMS delivery, including mobile OTP verification codes
Event organisers / promoters — your name and ticket purchase are visible to the promoter of the event you bought a ticket to
Tax and regulatory authorities — where legally required
Professional advisors — auditors, legal counsel, under confidentiality
We do not sell personal data.
5. International transfers
TouTix LLC is incorporated in Delaware, USA, and our infrastructure (Firebase, AWS, Stripe, Postmark, Twilio) means your data is primarily stored and processed in the United States. For users in the UK and EU, transfers are protected by the UK International Data Transfer Addendum and the EU Standard Contractual Clauses, supplemented where necessary by additional safeguards.
6. Retention
| Data category | Retention period |
|---|---|
| Account data | Until you request deletion, plus a short grace period for backups |
| Transaction & financial records | 7 years (UK tax law / equivalent obligations) |
| Support communications | 3 years from last contact |
| Crash and performance logs | 90 days |
| Marketing consent records | Lifetime of account + 3 years |
After retention expires, data is deleted or irreversibly anonymised.
7. Your rights
If you are in the UK, EU, or another jurisdiction with equivalent rights, you have the right to:
Access the personal data we hold about you
Rectify inaccurate data
Erase your data (“right to be forgotten”), subject to legal retention duties
Restrict processing
Port data to another controller
Object to processing based on legitimate interests
Withdraw consent at any time, without affecting prior lawful processing
Lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local data protection authority
To exercise any right, email daniel@toutix.com. We respond within one month.
8. Children
Toutix is not directed at children. We do not knowingly collect data from anyone under 13 (under 16 in the EU). If we learn we have collected data from a child below this age, we will delete it.
9. Cookies and tracking
The mobile app uses minimal tracking — only what is required for authentication, fraud prevention, and (if enabled) Firebase analytics. The toutix.com website uses cookies; details are in the website cookie notice.
We do not use third-party advertising or cross-app tracking SDKs. If this ever changes, we will display an App Tracking Transparency prompt and update this policy first.
10. Security
We use TLS in transit, encryption at rest on AWS and Firebase, password hashing with industry-standard algorithms, and access controls limiting staff to the minimum data needed. No system is perfectly secure; we cannot guarantee absolute security.
11. Changes to this policy
We will update this policy from time to time. Material changes will be notified via in-app message and email at least 14 days before they take effect. The “Last updated” date at the top will always reflect the most recent revision.
12. Contact
Privacy queries: daniel@toutix.com
Co-founder contact: dillane@toutix.com
General support: support@toutix.com