TiBox Privacy Policy

Review our privacy policy to understand how we collect, use, and protect data shared by the users. See how. The Privacy Policy of DnD Studio LTD (TiBox) has been updated on Oct 20, 2022. In addition, see TiBox Corporate Statement on GDPR Compliance.
Non-legalese, Simple english privacy policy
Trycon Technologies is fully committed to protecting the personal data of its customers and customer’s end-users
From its customers, the company collects personal information (user’s first name, email, and the email of event any co-ordinators added). This information is solely used by the company or authorized third-party applications to serve the customers. This data is never used for unauthorized commercial gains in any way
To use the features and services of Ticket Generator, the customer will share both personal information (name and email) and non-personal information (event and ticket details). This information will be available to customers only and they have the responsibility to make the data public (via event tickets) only if they own the data or have the authorization to use the data
The company shares both personal and non-personal information with third-party applications and service providers only after ensuring that they employ the best practices in data security, privacy policies, and regulatory compliance (including GDPR)
The company employs best-in-class data security strategies to ensure the protection of customers’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected customers within 72 hours
The company will retain the customers’ and end-users’ data for a maximum period of 26 months after the customer ceases to use the Ticket Generator web and mobile applications. However, the customer will always have the right to either download all data or request permanent deletion

Legal Privacy Policy
1. Introduction
This Privacy Policy of DnD Studio LTD (hereafter referred to as Company) describes the privacy practices of the company explaining when and how DnD Studio collects “customer” (users who purchase products and services of TiBox) and “end-users” (users who engage with the content generated by the customer) information, how we use such information, and the circumstances under which we may disclose such information to third-party businesses, institutions, or personnel. This Privacy Policy includes the policies that DnD Studio observes for compliance with laws in the UK and international laws such as the GDPR, European Union. The privacy of our customers and end-users is of paramount importance to the company and applies to all products and services offered by DnD Studio.

2. Data collection, processing & purpose
During the lifecycle of using its products and services, the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information either directly or via a third-party application or service. As part of the company’s commitment to be transparent to its customers and end-users, we are sharing details on what data points are collected, at what stage, and for what purpose:
2.1. Customer data
This section outlines the data collected on the customers of the company i.e. the users who create tickets with TiBox.
2.1.1 Website/App Browsing (Without Login)
1. Browsing/Events Tracking: If you are browsing the web pages of our website, we gather non-personally identifiable information—such as web request, Internet Protocol address, browser type, browser language, the date and time of your request, browser user agent, one or more cookies that may uniquely identify your browser, referring URL/domain, activity time, and clicking activity. All such data collected is processed at an aggregate level and can never be tied to an individual. Purpose: This data is sent to the following tracking tools—Google Analytics generate aggregate-level insights on customer behavior. These insights allow our product team to optimize the journey and experience of our customers. Given below are important links to these third-party applications:
Google Analytics: GDPR Compliance
2. Query Email: If you have a question related to our product or services, you can send us an email using the ‘Email/Contact Us’ option on the Support page. The data points that are collected are—Name, Email Address, Subject, and Message (Query) Purpose: We require your name to personalize the conversation, email address to reach out to you with a response, and subject and message to understand your query thoroughly. This data is shared via email to authorized in-house customer support personnel only.
3. Query Chat: If you have a question related to our product or services, you can reach out to us via the chatbox option. To use the chatbox, we collect the following data—Email Address—which you may or may not provide Purpose: The email address is used for any follow-up responses. The chatbox and data are managed by third-party application—Intercom. The data collected by the application is used to serve our customer queries only and is never shared for any commercial gains.
2.1.2 Registration
As part of the registration of an account with TiBox, the following data is collected and stored:
1. Valid Email Address Purpose: A valid email address serves both as a Unique Username/Identifier as well as a point-of-contact to reach the customer for transactional notifications (e.g., introduction to dedicated support contact, purchase confirmation, feature launch, feedback, activity reports, etc.)
2. Password Purpose: To signup by email, we use the password (generated by the customer) to authorize access to the customer account and its data. The company or its employees will never ask for your password in an unsolicited phone call or email. However, you are responsible for maintaining the secrecy of your password and account information
2.1.3 Purchase of Ticket Credits
When you make a payment to TiBox to purchase ticket credits that allow generation of event tickets, you are required to provide billing and payment information to complete the transaction: 1. Billing Information: Email address, phone number, physical contact information, transactional information, device ID, computer and connection information, IP address, standard web login information, etc. Purpose: The billing information is required for the following purposes: To generate an official invoice complete with billing name and address as required by law To email the customer the invoice/sale receipt To maintain the sale records in case of any dispute (such as failure of ticket progress) To aggregate data and generate internal reports for management, investors, and shareholders (e.g., monthly sales report, annual report, tax filing, etc.). As the company is a Private Limited, these reports are shared either privately with authorized personnel (management, investors, shareholders) or with regulatory authorities only To add the company logo on our website under “Our Customers” section if the company email address (i.e. with the domain name of the company) of the customer is used 2. Payment Information: Credit/Debit Card Number, Expiration Date, CVV Code Purpose: The payment information is required to authorize a transaction with your bank/credit card account. Note that TiBox only receives an email copy of the invoice generated but never stores the payment information. Both billing and payment information is collected, managed, and processed by our payment gateway provider.
2.2 Data shared by customer during ticket management
When customers use TiBox product and services—they can design and generate multiple tickets. To generate these content pieces, customers enter data in a ticket template (e.g., event name, date, time, etc.). This section outlines how TiBox stores and processes this data.
2.2.1 Event and Ticket processing
Using TiBox, it is possible to make multiple event tickets together. To make each of these tickets, customers are required to enter data for very specific fields. Given below is the exhaustive list of the required data-points: Ticket design: Meant to add design to the tickets Logo image: Customer can add a logo to be printed on the tickets Event details: Event name, date, time, venue, tagline, description, and variable information (uploaded via CSV/XLS such as seat number, row number, hall number, ticket price, name, etc.) Event Coordinators Email Addresses: To invite event coordinators to setup account and login via the ticket validation mobile app to validate tickets Purpose: In each of the cases above, the purpose of data collection is to allow the customer to share this information with end-users. No unnecessary data point is collected and in most cases, customers have the option to choose only the data points they need to share. In most cases, tickets are shared with authorized recipients (event guests) via print/web material. This means that the content of the tickets is visible to end-users who receive the ticket. TiBox stores and transfers this content in an encrypted format via its online databases to ensure maximum security of the data. TiBox databases are managed by a third-party applications—Amazon Web Services, MongoDB Atlas or Hetzner GmbH.
2.3 End-user data
When customers design the tickets, they can provide us with end-user PII such as name or email address via admin panel or CSV/XLS/XLSX upload in the variable information feature. Such information will only be printed on the ticket and it is the responsibility of the customer to ensure that the ticket, if printed, is handed to the authorized recipient only. If customer distributes the tickets via the Email option, then we receive the email addresses of the recipients. These email addresses are used only to send the tickets. When the QR Codes on the tickets are scanned at the point of entry by event coordinators, we collect non-PII data such as time of scan, coordinator email who scanned, and status of ticket (valid, invalid, duplicate).

3. Disclosure of information to third parties
We may share with third parties certain pieces of aggregated, non-personal information (e.g., browsing analytics with Google Analytics), and personal information (e.g., email address with MailChimp for the sign-up alert).
In all cases, we will ensure that the third party:
Has good reputation and trustworthy customers
Has an approachable and responsive support team
Has robust privacy policies that aim at data protection and security
Has taken adequate measures to be GDPR compliant

Further, we restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations.

4. Data security
The company has implemented best-in-class security protocols to protect customer’s and end-user’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of these security mechanisms include:

Encryption of transit data with SSL (HTTPS)
Staff access to data on a need basis only (e.g. ticket raised by customer, etc.)
Staff access to third-party apps via multi-factor authentication only

However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s customer data or end-user’s data in spite of these measures.
In the case of data breaches, the company will inform the regulatory authorities and affected customers within 72 hours, as per GDPR guidelines.
However, the company cannot guarantee complete security of your information and cannot be held responsible for unauthorized access to customer accounts. It is the responsibility of the customer to ensure that the account email address and password are not shared with any unauthorized personnel.

5. Data retention, portability & deletion
As per the company’s privacy policy, we will store all data (from Section 2) of non-subscribing customers (non-paying user of our product and services) and their end-users for a maximum period of 12 months from the time the customer ceases to use the account. Purpose: The data will be retained to allow customers to reinstate their account and creations (tickets) within this period.

6. Changes to this privacy policy
The company retains the discretion to amend or modify this Privacy Policy from time to time. If we make material changes to the way we collect, use or disclose Personally Identifiable Information, we will notify you by posting a clear and prominent announcement on TiBox Website/Application or through direct communication to your TiBox account.

7. Contact information
To keep your personal data accurate, current, and complete, please contact us as specified below:
DnD Studio LTD
86-90 Paul Street London EC2A 4NE United Kingdom
+44 7700 181 501

The terms and conditions along with privacy policies with all references constitute the sole and entire agreement of the parties to this agreement with respect to the subject matter contained herein and supersedes all prior terms and conditions which were agreed by the Customer.
If you have any questions or concerns related to Ticket Generator's privacy policy, please reach out to us.