Privacy Policy

1. Introduction and Scope

TicketHQ provides a software-as-a-service (SaaS) customer support management platform for agencies ("Platform"). This Privacy Policy applies to all users of our Platform, including:

• Agency Users: Agencies that subscribe to our Platform to manage their support operations
• Team Members: Employees or contractors invited by agencies to use the Platform
• End Clients: Customers of agencies who submit support tickets or access client portals
• Website Visitors: Individuals who visit our public website

This policy is incorporated into and subject to our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, company name, phone number, and password when you register
• Billing Information: Payment card details, billing address (processed securely through Stripe; we do not store full card numbers)
• Support Tickets: Content of tickets, messages, attachments, and related communications
• Profile Information: Avatar, job title, and other profile details you choose to provide
• Communications: Correspondence with our support team, feedback, and survey responses

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers, and screen resolution
• Log Data: Access times, referring URLs, error logs, and system activity
• Cookies and Similar Technologies: Session cookies, persistent cookies, and similar tracking technologies (see Section 8)

2.3 Information from Third Parties

• Integration Data: When you connect GoHighLevel, WordPress, or other platforms, we receive data necessary to provide integration services
• OAuth Providers: If you sign in using Google or other providers, we receive basic profile information as permitted by your settings
• Analytics Providers: Aggregated analytics data from services we use to improve our Platform

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Provide, maintain, and improve our Platform and features
• Account Management: Create and manage your account, process transactions, and send account-related communications
• Customer Support: Respond to your inquiries, troubleshoot issues, and provide technical assistance
• Security: Detect, prevent, and address fraud, abuse, and security vulnerabilities
• Analytics: Analyze usage patterns to improve user experience and develop new features
• Communications: Send service updates, security alerts, and (with consent) marketing communications
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Business Operations: Conduct internal operations, including audits, research, and training

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Processing for our legitimate business interests (security, analytics, improving services) where not overridden by your rights
• Legal Obligation: Processing required to comply with applicable laws
• Consent: Processing based on your explicit consent (e.g., marketing communications)

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

5.1 With Your Agency

If you are an end client, your support tickets and information are shared with the agency managing your account. The agency's use of your data is governed by their own privacy practices.

5.2 Service Providers

We share data with third-party vendors who assist us in providing our services, including:

• Cloud hosting providers (Vercel, Supabase)
• Payment processors (Stripe)
• Email service providers
• Analytics and monitoring tools
• Customer support tools

These providers are contractually bound to protect your data and may only use it for the purposes we specify.

5.3 Legal Requirements

We may disclose information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, or legal process
• Respond to lawful requests from public authorities
• Protect our rights, privacy, safety, or property
• Prevent fraud or address security issues
• Enforce our Terms of Service

5.4 Business Transfers

If TicketHQ is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Secure password hashing with modern algorithms
• Regular security assessments and penetration testing
• Access controls and role-based permissions
• Multi-factor authentication options
• Secure, enterprise-grade cloud infrastructure
• Regular backups and disaster recovery procedures

DISCLAIMER: While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. Data Retention

We retain your information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations (tax, audit, regulatory requirements)
• Resolve disputes and enforce our agreements
• Support business operations (aggregate analytics)

Retention periods vary based on data type:

• Account data: Duration of account plus 30 days for data export
• Ticket data: Duration of agency subscription plus 90 days
• Billing records: 7 years (legal requirement)
• Log data: Up to 90 days

After retention periods expire, data is securely deleted or anonymized.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and core functionality
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our Platform

You can control cookies through your browser settings. Note that disabling essential cookies may impair Platform functionality.

We do not currently respond to "Do Not Track" signals as there is no industry standard for such signals.

9. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request transfer of your data in a machine-readable format
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at privacy@tickethq.io. We may require verification of your identity before processing requests. We will respond within 30 days (or as required by applicable law).

Note: Some requests may be subject to limitations. For example, we may retain certain data for legal compliance even after a deletion request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact privacy@tickethq.io or call us at the contact information below.

11. International Data Transfers

TicketHQ is based in the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with appropriate safeguards
• Other legally recognized transfer mechanisms

By using our Service, you consent to the transfer of your information to the United States and other countries.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@tickethq.io.

If we discover that we have collected personal information from a child under 16, we will delete that information promptly.

13. Agency Responsibilities (Data Controller vs. Processor)

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email or through the Platform before changes take effect
• Provide a summary of significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For EEA residents, you also have the right to lodge a complaint with your local data protection authority.