BlueTickets Privacy Policy

1. Introduction

BlueTickets is a service provided by Ingenious Dynamics LLC-FZCO (“Ingenious Dynamics”, “we”, “us”). This Privacy Policy explains how we process personal data when you create an account, invite teammates, or interact with our documentation and support channels.

The policy applies to all users regardless of where they are located. When required by EU and UK data-protection law, Ingenious Dynamics acts as the data controller for your personal data.

2. Personal Data We Collect

• Account data: name, surname, display name, email address, password hash, language and theme preferences.
• Organization data: organization name, domains, billing profile, teammate roles, invitation details.
• Usage data: audit logs, ticket activity, API usage, device and browser metadata, timestamps, authentication events handled via Keycloak.
• Support data: content of tickets, attachments, email forwarding metadata, optional phone numbers supplied within a ticket.

3. Purposes and Legal Bases

• Service delivery: create accounts, authenticate users, route tickets, provide APIs, and send operational email (Art. 6(1)(b) GDPR).
• Security and fraud prevention: detect suspicious logins, enforce role-based access control, maintain audit logs (Art. 6(1)(f)).
• Communications: send onboarding tips, service announcements, and billing reminders. Users can opt out of non-essential messages (Art. 6(1)(a) or 6(1)(f)).
• Compliance: maintain tax records (TRN above), respond to legal requests, honour data-subject rights (Art. 6(1)(c)).

4. Sub-processors and International Transfers

We rely on audited sub-processors to run BlueTickets: Keycloak for authentication, Resend for transactional email, and reputable cloud infrastructure providers located in the European Union and the United States.

When data leaves the European Economic Area we implement Standard Contractual Clauses and technical safeguards (encryption in transit and at rest). Transfer details are available upon request.

5. Data Retention

Account data is retained for the lifetime of the organization plus up to 30 days after deletion for backup integrity, unless law requires longer retention (e.g., billing records).

Ticket content and audit logs are deleted within 30 days of permanent organization deletion. You can request data export or early deletion at any time.

6. Security

• Encryption using TLS 1.2+ for data in transit and AES-256 at rest.
• Scoped API keys, role-based access, enforced password complexity, optional SSO via Keycloak.
• Continuous monitoring, least-privilege access for staff, and documented incident-response procedures.

7. Your Rights

• Access, rectification, erasure, restriction, portability, and objection. Requests are answered within 30 days.
• Withdraw consent for optional communications at any time without affecting lawful processing performed before withdrawal.
• Lodge a complaint with your local supervisory authority (e.g., Garante per la Protezione dei Dati Personali in Italy).

8. Cookies and Similar Technologies

We use strictly necessary cookies for authentication (session identifiers, CSRF protection) and optional analytics cookies to understand feature adoption. You can control non-essential cookies through your browser or by contacting support.

9. Children

BlueTickets is not directed to children under 16 and we do not knowingly collect their data. Organization admins are responsible for ensuring only authorised staff access the service.

10. Changes

We may update this Privacy Policy to reflect new features or legal requirements. Material changes will be announced via the app and email. Continued use of BlueTickets after the effective date constitutes acceptance.

11. Contact

For privacy questions or to exercise your rights, contact us at [email protected], [email protected] or write to Premises No. 42712-001, IFZA Business Park, DDP, Dubai Silicon Oasis, United Arab Emirates.