Privacy Policy

Gnapi Inc ("us", "we", or "our") operates the https://ticketspi.com website and the "TicketsPi - Hub", "TicketsPi" mobile application (collectively, the "Service").

This Privacy Policy explains how we collect, use, store, and disclose personal information in compliance with Canadian privacy laws including PIPEDA and Quebec Law 25, and outlines your rights and choices regarding your information.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

Definitions

• Service

  The https://ticketspi.com website and the TicketsPi mobile apps.

• Personal Data

  Information about an identifiable living individual.

• Usage Data

  Information automatically collected through Service usage (e.g., IP address, browser, device type, pages visited).

• Cookies

  Small files stored on your device to track activity or preferences.

• Data Controller

  The entity determining the purposes and means of processing Personal Data.

• Data Processors (or Service Providers)

  Third-party entity processing data on our behalf.

• Data Subject (or User)

  Any individual using our Service whose data we collect.

Information Collection and Use

Personal Data

We may collect:

• Name, email, phone number, address, city, province, postal code
• Booking and payment information
• Account preferences and settings
• Usage and cookies data

Usage & Location Data

We may automatically collect:

• IP address, device type, browser, operating system
• Pages visited, time spent on pages, and navigation patterns
• Location data (if granted permission) to provide or improve Service features

Cookies & Tracking

We use cookies for:

• Session Cookies: Operate the Service
• Preference Cookies: Remember settings and preferences
• Security Cookies: Protect the Service and users
• Advertising Cookies: Display relevant ads

You can disable cookies in your browser, but some Service features may not work.

How We Use Your Information

We use Personal Data to:

• Provide and maintain the Service
• Process bookings and payments securely
• Communicate important updates, offers, and promotional information (with consent)
• Enable interactive features and customer support
• Conduct analytics to improve the Service
• Maintain audit logs for security and legal compliance
• Comply with legal obligations and prevent fraud

Data Storage & Residency

• All Personal Data and Usage Data are stored and processed in Canada.
• Databases, object storage (ticket PDFs, images), and backups are hosted in Canadian data centers.
• Data is not transferred outside Canada without explicit user consent.
• We implement encryption at rest (AES-256) and in transit (TLS 1.2+) to protect your data.

User Rights (PIPEDA & Quebec Law 25)

You have the right to:

• Access: Request a copy of your data
• Correction: Fix inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in a structured, machine-readable format
• Withdraw Consent: Opt-out of marketing or other consent-based processing
• Object/Restrict: Limit the use of your personal information

Requests can be made at support@ticketspi.com. Verification of identity may be required.

Third-Party Services

We use third-party service providers for:

• Payment processing (Stripe, Authorize.Net)
• Email and SMS notifications
• Cloud infrastructure: AWS (hosting databases, storage, and backups)
• Analytics (Google Analytics)
• Advertising (Google Ads, Facebook Ads)

All third parties comply with Canadian privacy regulations and only process your data for purposes we specify.

Payments

• Payment information is processed only by PCI-compliant third-party processors.
• We do not store your card details.

Analytics & Advertising

• Google Analytics: Tracks site usage for improvement and reporting
• Google Ads & Facebook Ads: Serve personalized ads based on your interactions
• Users may opt out via:
• Google Ads: http://www.google.com/settings/ads
• Facebook Ads: http://www.facebook.com/ads/preferences

Security

• Access to personal information is limited to authorized personnel via role-based access control (RBAC).
• We use Two-Factor Authentication (2FA) via OTP sent to your mobile device or email.
• Audit logs are maintained to monitor access to personal data.
• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• While we implement commercially reasonable security measures, no method of transmission or storage is 100% secure.

Breach Notification

• In the event of a data breach involving personal information, affected users will be notified promptly.
• Notifications will comply with PIPEDA and provincial requirements (e.g., Quebec's CAI).
• We maintain an incident response plan to investigate, contain, and remediate breaches.

Retention of Data

• Personal Data retained only as long as necessary to fulfill the purposes outlined.
• Usage Data retained for internal analytics, security, and legal compliance.
• Inactive accounts may be deleted after 2 years.

Disclosure of Data

We may disclose Personal Data:

• In business transactions (merger, acquisition, or sale)
• To comply with legal obligations or valid government request
• To protect rights, property, safety, or prevent fraud

Children's Privacy

• Our Service is not for anyone under the age of 13.
• We do not knowingly collect information from children.
• Parents or guardians may contact us to remove data collected inadvertently.

Changes to Privacy Policy

• Updates are posted on this page with the new effective date.
• Significant changes may be communicated via email or in-app notifications.

Contact Us

If you have questions or concerns about privacy, data access, or compliance: