Privacy Policy

Last updated: March 3, 2026

1. Introduction

Trankets ("we," "our," or "us"), operated by Yconsoft Technologies, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information in connection with your use of the Trankets platform - a creator commerce service covering event management, digital product sales, newsletter and contact management, wallet and payouts, and API access (collectively, the "Service").

This Policy applies to all users of the Service, including Organizers, Sellers, Creators, Buyers, Attendees, newsletter subscribers, and visitors. By accessing or using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Registration: Name, email address, password (hashed and never stored in plain text), and optionally a profile picture.
  • Google OAuth: If you sign in via Google, we receive your name, email address, and Google profile identifier. We do not receive or store your Google password.
  • Event Information: Event names, descriptions, dates, venues, ticket types, pricing, capacity limits, event FAQs, category labels, and any custom event content you create.
  • Attendee and Registration Data: Information collected through your event registration forms - which may include names, email addresses, phone numbers, dietary preferences, t-shirt sizes, or any other custom fields you configure. You, as the Organizer, are the data controller for attendee data.
  • Digital Product Information: Product names, descriptions, pricing and accepted currencies, download limits, link expiry settings, cover images, product files, and any buyer intake form fields you configure.
  • Digital Product Files: The actual files you upload for sale (e.g., PDFs, videos, audio, ZIP archives). These are encrypted and stored on Amazon Web Services S3.
  • Buyer Purchase Data: When a buyer purchases your product or ticket, we collect their name, email address, and any responses to your configured buyer intake form fields. This data is linked to the purchase record and made available to you as the Seller or Organizer.
  • Newsletter and Contact Data: Contact names, email addresses, phone numbers, group membership, import metadata, and subscription/unsubscription history for your newsletter contact lists.
  • Wallet and Bank Details: Bank account name, account number, and bank institution name provided for payout processing. We do not store complete card numbers. Payment processing is handled by Flutterwave.
  • Support Communications: Records of any correspondence you initiate with us via email or other channels.
  • Subscription and Billing: Plan tier, billing cycle, and subscription history (payment card details are stored by Flutterwave, not by us).

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken (e.g., events created, products listed, newsletters sent, API calls made), and session duration.
  • Device and Browser Data: Browser type and version, operating system, device type, screen resolution, referring URL, and IP address.
  • Download Activity Logs: When a buyer accesses a download link, we log the access timestamp, download count, and IP address to enforce download limits and detect abuse.
  • QR Code Scan Logs: When an attendee QR code is scanned at check-in, we log the scan timestamp and the user who performed the scan, to maintain accurate attendance records.
  • Email Engagement: For transactional emails (purchase confirmations, download links, event invitations) and newsletters sent through the Service, we may track delivery status, open rates, and click activity using standard email delivery infrastructure.
  • Cookies and Session Tokens: We use cookies and time-limited session credentials to maintain authenticated sessions, remember preferences (e.g., view mode), and improve platform performance. We do not use cross-site advertising trackers.
  • API Access Logs: API key usage, endpoint calls, request payloads (excluding sensitive credentials), response codes, and timestamps for security and rate-limit enforcement purposes.

2.3 Information Received from Third Parties

  • Flutterwave: Payment status, transaction references, buyer payment method type (card, bank transfer, mobile money), and amounts, following a buyer's completed payment.
  • Google OAuth: Name, email address, and account identifier from Google, only when you choose to authenticate via Google.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Creating and managing your account
  • Publishing your events and digital product listings
  • Processing ticket and digital product purchases
  • Generating and delivering download links to buyers
  • Managing attendee check-in via QR code scanning
  • Crediting wallet balances and processing payouts to your bank account
  • Sending purchase confirmation and download delivery emails to buyers on your behalf
  • Sending event invitations, reminders, and newsletters to your contacts on your behalf
  • Enforcing download limits and link expiry on purchased digital content

3.2 Platform Operations

  • Monitoring and improving Service performance, reliability, and security
  • Authenticating users and maintaining session integrity
  • Enforcing plan-level usage limits
  • Providing analytics and reporting to Organizers and Sellers
  • Detecting, investigating, and preventing fraudulent transactions, account abuse, and policy violations

3.3 Communications to You

  • Sending transactional messages (account registration, password reset, subscription confirmations)
  • Sending platform notifications about your account, payouts, and purchases
  • Providing customer support responses
  • Sending product updates, policy change notices, and security alerts

3.4 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms of Service
  • Responding to lawful requests from regulatory or law enforcement authorities
  • Maintaining financial and transaction records as required under applicable law

4. Legal Basis for Processing (Where Applicable)

Where data protection law requires a legal basis for processing, we rely on the following:

  • Contract performance: Processing necessary to provide the Service under our Terms of Service (e.g., processing payments, delivering downloads, managing events).
  • Legitimate interests: Anti-fraud monitoring, platform security, analytics to improve the Service, and communicating material updates.
  • Consent: Where you have opted in to specific marketing communications or optional data collection.
  • Legal obligation: Retaining financial transaction records and complying with regulatory requirements.

5. Information Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

  • With Sellers and Organizers: When you purchase a ticket or digital product, the Seller or Organizer receives your name, email address, and any responses to their custom buyer intake form fields needed to fulfil the purchase.
  • Flutterwave: Your payment information is transmitted to Flutterwave for transaction processing. Flutterwave's Privacy Policy governs their handling of that data.
  • Amazon Web Services: We use AWS S3 to store uploaded product files, and AWS SES to deliver transactional and campaign emails. AWS processes data under our instructions and applicable data processing agreements.
  • Google (OAuth): If you authenticate via Google, Google processes your login credentials per their own Privacy Policy. We only receive the profile data described in Section 2.1.
  • Legal and Regulatory Authorities: We may disclose information if required by law, court order, or binding governmental request, or where disclosure is necessary to protect the rights, property, or safety of Trankets, its users, or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of all or part of our business assets, user information may be transferred to the acquiring entity, subject to equivalent privacy protections.
  • With Your Consent: We may share your information with other parties with your explicit prior consent.

We require all third-party service providers to maintain appropriate security measures and use your personal data only for the specific purposes we have authorised.

6. Data Roles - Organizers and Sellers as Data Controllers

When you use Trankets to collect data from your attendees, buyers, or newsletter subscribers (e.g., through event registration forms, digital product buyer intake forms, or contact lists), you act as an independent data controller in relation to that personal data. You are responsible for:

  • Having a lawful basis for collecting and using that data
  • Providing your own privacy notice to your attendees, buyers, and subscribers
  • Handling data subject requests (access, deletion, correction) relating to your contacts' data
  • Complying with applicable data protection laws in your jurisdiction

Trankets acts as a data processor in relation to attendee, buyer, and contact data you manage through the Service, processing it only on your instructions and in accordance with this Policy and our Terms of Service.

6.1 Platform Data Administration

Notwithstanding the processor relationship described above, Trankets - in its capacity as data controller of platform-level records, system data, and operational information - reserves and retains the right to review, correct, update, restrict, de-identify, pseudonymise, archive, or permanently delete any account, record, content, or data held within the Service where such action is warranted for: (a) operational accuracy, system integrity, or platform maintenance; (b) compliance with applicable law, regulatory directive, or binding legal obligation; (c) risk management, fraud mitigation, or enforcement of our Terms of Service; (d) data minimisation and retention scheduling under applicable data protection law; or (e) the administration of inactive, abandoned, or fraudulently established accounts. This right may be exercised unilaterally and, where circumstances reasonably demand, without prior notice to the affected User.

7. Data Security

We implement appropriate technical and organisational security measures proportionate to the sensitivity of the data we process. These include:

  • Encryption of all data in transit using industry-standard transport layer security protocols
  • Encryption of uploaded files at rest using industry-standard algorithms applied through our cloud storage infrastructure
  • All passwords stored exclusively as one-way cryptographic hashes; plaintext credentials are never retained in any system or log
  • Time-limited, uniquely generated single-use access credentials for digital content delivery
  • Token-based authentication with time-bound session credentials that are invalidated upon logout or natural expiry
  • Role-based access controls limiting internal staff access to personal data on a need-to-know basis
  • Regular security reviews, dependency audits, and infrastructure hardening procedures
  • Audit logging for sensitive administrative and data access operations

No method of electronic transmission or storage is 100% secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security. In the event of a data breach that poses a high risk to your rights, we will notify affected users without undue delay and in accordance with applicable law.

7A. Service Analytics and Platform Development

Trankets processes de-identified, pseudonymised, or aggregated data derived from Service usage for internal analytical, developmental, and operational purposes. Such processing may encompass, without limitation: longitudinal analysis of service utilisation patterns; feature adoption and engagement modelling; infrastructure capacity planning; heuristic and algorithmic processing for anomaly detection, fraud prevention, and content integrity; content performance analytics; and the optimisation of recommendation, discovery, notification, and workflow systems.

Data processed for these purposes is derived through statistical and computational methods designed to prevent re-identification of individual users. Aggregated and de-identified analytical outputs may be retained by Trankets indefinitely and used without restriction for the advancement of the Service and Trankets’ legitimate business interests. By using the Service, you acknowledge and consent to this form of processing, which Trankets undertakes on the basis of legitimate interests as data controller.

8. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law. Specifically:

  • Account data: Retained for the lifetime of your active account, plus a further 90 days following account closure to allow for reinstatement or dispute resolution, after which it is deleted or anonymised.
  • Transaction and financial records: Retained for a minimum of 7 years as required by applicable financial recordkeeping regulations.
  • Download logs and purchase records: Retained for 2 years following the purchase to support audit, dispute resolution, and compliance purposes.
  • Uploaded product files: Retained for as long as your account is active and the product is live. Files are deleted from our storage within 30 days of product deletion or account closure.
  • Email communication logs: Retained for 12 months for deliverability troubleshooting and anti-spam compliance.
  • Newsletter contact lists: Retained until you delete the contacts or close your account. Unsubscribed contacts are retained in suppression lists to prevent future accidental contact.
  • API logs: Retained for 90 days for security and rate-limit enforcement, then purged.

You may request deletion of your account and associated personal data at any time. Upon confirmation, we will delete or anonymise your personal data from our active systems, subject to any legally mandated retention obligations.

9. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations and ongoing dispute processes.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Request your data in a structured, machine-readable format. Attendee and contact data can be exported as CSV from within your dashboard.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time (this will not affect the lawfulness of prior processing).
  • Unsubscribe: Opt out of marketing or newsletter communications at any time using the unsubscribe link in any email.

To exercise any of these rights, please contact us at hello+trankets@yconsoft.com. We will respond within 30 days. We may need to verify your identity before processing a request.

10. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Session cookies: Required to keep you logged in during your active session. These expire when you close your browser or log out.
  • Persistent preference cookies: Store UI preferences (e.g., dashboard view settings, dark mode). These persist across sessions.
  • Security cookies: Support CSRF protection and session integrity.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies. You can control cookies through your browser settings; however, disabling essential cookies will prevent you from using authenticated areas of the Service.

11. Third-Party Services and Links

The Service integrates with and relies upon the following third-party providers, each of which operates under its own privacy policy:

  • Flutterwave (flutterwave.com) - payment processing
  • Amazon Web Services (aws.amazon.com) - file storage (S3) and email delivery (SES)
  • Google (google.com) - optional OAuth authentication

The Service may contain links to third-party websites. This Privacy Policy does not apply to those external sites; we encourage you to review their privacy notices before providing them with any personal information.

12. Children's Privacy

The Service is not directed to or intended for use by children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at hello+trankets@yconsoft.com and we will take prompt steps to delete that information from our systems.

13. International Data Transfers

Trankets operates globally. Some of our third-party service providers (including AWS) process data in data centres located in various countries. By using the Service, you acknowledge that your data may be transferred to and processed in countries with data protection standards that may differ from those in your home jurisdiction.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place - including the use of service providers that maintain internationally recognised security certifications (e.g., ISO 27001, SOC 2) and contractual data processing protections.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, product features, or applicable law. For material changes, we will notify you by posting the revised Policy on this page with an updated "Last updated" date, and by sending a notification to your registered email address at least 14 days before the changes take effect. We encourage you to review this Policy periodically.

15. Contact Us

For questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

  • Email: hello+trankets@yconsoft.com
  • Company: Yconsoft Technologies
  • Response target: We aim to respond to all privacy-related enquiries within 30 days.