Menu
Sell Your Ticket

Privacy Policy

Last updated: 26 March 2026

1. Introduction

Trackdaytickets.com respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

Trackdaytickets.com is the data controller responsible for processing your personal data. You can reach us at support@trackdaytickets.com.

3. Personal Data We Collect

We may collect the following personal data:

  • Name (first name, last name)
  • Email address
  • Phone number (optional, used for verification)
  • City and country
  • Profile picture
  • Bank account details (IBAN, account holder name) — encrypted at rest
  • Invoice address (company name, street, postal code, city, country, VAT number)
  • Payment transaction data (processed by our payment provider)
  • Account data from linked social accounts (Google, Apple, Microsoft, Facebook, LinkedIn) when you choose to link them
  • IP address, device information, and browser data
  • Communication logs (emails, SMS)

4. Purpose of Processing

Your data is processed to:

  • Create and manage user accounts
  • Facilitate ticket transactions between buyers and sellers
  • Process payments and payouts
  • Verify your identity (bank verification, phone verification, social account linking)
  • Send transactional emails and SMS (e.g., login codes, purchase confirmations)
  • Provide customer support
  • Prevent fraud and abuse
  • Analyze platform usage to improve the service
  • Comply with legal obligations

5. Legal Basis

We process personal data based on:

  • Contract performance — to provide the services you signed up for
  • Legal obligations — tax, accounting, and fraud prevention requirements
  • Legitimate interests — platform security, analytics, and service improvement
  • Consent — where applicable (e.g., linking optional social accounts)

6. Data Sharing

We share personal data with the following third parties, only to the extent necessary:

  • Mollie (Netherlands) — payment processing and bank account verification
  • Postmark (US, with EU data processing) — transactional email delivery
  • GatewayAPI (Denmark) — SMS delivery for phone verification
  • Cloudflare (US, with EU presence) — bot protection via Turnstile
  • OAuth providers (Google, Apple, Microsoft, Facebook, LinkedIn) — only when you choose to link your account

We may also share data with law enforcement or regulatory authorities when legally required.

7. Data Retention

  • Account data — retained while your account is active; deleted upon account deletion request
  • Transaction records — retained for 7 years in accordance with Dutch tax and accounting obligations
  • Communication logs — retained for up to 12 months
  • Verification codes — automatically expire and are deleted

8. User Rights

Under the GDPR, you have the right to access, correct, delete, restrict, or transfer your personal data, and to object to processing or withdraw consent. To exercise any of these rights, email us at support@trackdaytickets.com.

9. Security

We take appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of sensitive data (e.g., bank details) using AES-256-GCM
  • HTTPS for all connections
  • HttpOnly cookies for authentication tokens
  • CSRF protection on all state-changing requests

10. Cookies

Trackdaytickets.com uses the following cookies:

  • Authentication — a secure, HttpOnly cookie to keep you logged in (required)
  • Bot protection — Cloudflare Turnstile uses cookies to distinguish humans from bots (required)
  • Analytics — we use Umami, a privacy-friendly analytics tool (see below)

11. Analytics

We use Umami, a privacy-friendly, self-hosted analytics tool. Umami does not use cookies for tracking, does not collect personal data, and does not share data with third parties. No cross-site tracking takes place.

12. Complaints

If you believe your privacy rights have been violated, you may lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

13. Changes

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the updated date shown at the top.