Privacy Policy

Interpretation and Definitions

Interpretation

Words with an initial capital letter have meanings defined below. Those meanings apply whether the terms appear in singular or plural.

Definitions

For this Privacy Policy:

• Account means a unique account created for you to access the Service.
• Application means the TicketSaver mobile app.
• Company, We, Us, or Our means TicketSaver.
• Country means the Netherlands.
• Device means any device that can access the Service, such as a smartphone or tablet.
• Personal Data means information relating to an identified or identifiable natural person.
• Service means the Application and related services.
• Service Providers means third parties that process data on our behalf, such as hosting, analytics, crash reporting, email processing, or cloud services.
• Usage Data means data collected automatically from use of the Service or its infrastructure.
• You means the individual using the Service.
• Subscription means a recurring in-app purchase managed by Apple through your Apple ID.
• Data Controller means the entity that determines the purposes and means of processing personal data. For the Service, the Company is the Data Controller.
• Google Account means the Google account you choose to connect.
• Gmail Connect means the optional feature that allows TicketSaver to configure or remove Gmail forwarding and Gmail filters on your behalf so certain emails can be forwarded to your personal TicketSaver upload address.
• Google API Data means limited Google or Gmail account data and settings metadata that TicketSaver accesses through Google APIs to provide Gmail Connect. It does not include reading the content of your Gmail inbox via the Gmail API.
• Forwarded Email Data means emails, attachments, metadata, and derived ticket information that are sent to your TicketSaver upload address by you manually or through email forwarding rules.

Data Controller and Contact Details

The Data Controller is TicketSaver.

Privacy contact: maxbrouwermd@gmail.com.

If TicketSaver is operated by a registered business, the full legal business name, registered address, and registration number will be published here. Until then, privacy requests can be sent to the contact address above.

Personal Data We Collect

Data You Provide Directly

• Email address.
• Authentication data and account identifiers when you sign in with email/password, Apple, Facebook, or Google.
• Tickets, files, images, and email-derived content that you choose to import or forward to TicketSaver.
• Purchase metadata and receipts needed to validate Premium entitlements.
• Consent records, including the version and date of accepted legal documents.
• Feedback or support messages you send to us.
• Local ticket metadata and imported files stored on your device, including files saved in the app’s local storage area and, where applicable, visible through the Files app.

Usage and Technical Data

• App version, device type, operating system, language, and region.
• Crash diagnostics and non-sensitive technical logs via Firebase Crashlytics.
• Analytics events only if analytics is enabled with your consent.
• Device or session identifiers used for account security, fraud prevention, and subscription abuse prevention.

Permissions and Device Access

With your permission, the Service may access your camera, photo library, and files in order to import and store tickets. You can manage these permissions in your device settings.

Some imported ticket files may be stored locally on your device. If you manually delete, move, or modify those local files outside TicketSaver, the App may no longer be able to display the affected ticket.

Google Account and Gmail Connect

Gmail Connect is optional. If you enable it, TicketSaver may use Google APIs to help you set up, maintain, or remove Gmail forwarding and Gmail filters that forward certain messages to your personal TicketSaver upload address.

Google API Limited Use Disclosure

TicketSaver’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google API data is used only to provide and maintain Gmail Connect, including connecting your Google Account, creating or removing forwarding settings and filters, showing connection status, and helping you disconnect the feature. We do not use Google API data for advertising, marketing, profiling, creditworthiness, or training generalized AI or machine learning models.

What TicketSaver uses Google access for

• Connecting your Google Account.
• Creating, checking, or removing a Gmail forwarding address used for TicketSaver.
• Creating, checking, or removing Gmail filters used to forward matching emails to TicketSaver.
• Displaying connection and setup status in the app.
• Maintaining or cleaning up Gmail Connect settings when you disconnect the feature.

What TicketSaver does not do through the Gmail API

• We do not use the Gmail API to read the content of your inbox messages or attachments.
• We do not use Google API data for advertising, marketing, profiling, or AI model training.
• We do not sell Google API data.

Data we may store for Gmail Connect

• OAuth tokens or refresh tokens needed to operate Gmail Connect.
• Your Google email address and limited profile details needed to show connection status.
• Limited records of the forwarding address and filters created or managed by TicketSaver.
• Technical and audit records showing whether Gmail Connect was enabled, verified, updated, or removed.

User responsibility for forwarding configuration

You remain responsible for reviewing the Gmail forwarding setup and filter behavior in your Gmail account. Gmail filters may forward messages that are broader than intended, including messages that are ultimately not recognized as tickets by TicketSaver.

Forwarded Email Processing

TicketSaver can receive emails that are manually forwarded by you or automatically forwarded through Gmail or another provider.

How forwarded emails are processed

• We receive the forwarded email through our email processing provider.
• We may process the subject line, sender information, email body, attachments, and technical metadata to determine whether the message likely contains ticket-related content.
• If our backend determines that the message is relevant, the ticket-related content may be stored in your account and shown in the app.
• If our backend determines that the message is not relevant, the full email is not added to your in-app email/ticket collection.

Logs for non-relevant emails

Even when a forwarded email is not stored as a ticket, we may retain limited metadata for logging, debugging, abuse prevention, quality control, and cost management. This may include, for example, the subject line, timestamps, forwarding type, decision outcome, and classification reason. We do this to improve filtering quality and monitor unnecessary forwarding volume.

Sensitive or confidential content

You should not use TicketSaver to process emails containing special categories of personal data, trade secrets, or confidential business information unless you are fully authorized to do so and accept the risks of forwarding such content.

Service Providers and SDKs

Firebase

We use Firebase services for authentication, database/storage, cloud functions, analytics (if enabled), and crash reporting.

Firebase Analytics

If enabled with your consent, Firebase Analytics helps us understand app usage and improve the product. We do not enable advertising features or Google Signals.

Firebase Crashlytics

Crashlytics helps us diagnose crashes and app stability issues. Crash reports may contain technical device and app data, but are not intended to contain the content of your tickets or full email bodies.

Mailgun

Mailgun processes and relays forwarded emails addressed to TicketSaver so we can ingest and classify them.

Apple

Apple processes billing, renewals, and subscription payments through the App Store. We may receive limited subscription validation data.

Google

If you enable Gmail Connect, Google processes authentication and Gmail configuration requests made on your behalf.

How We Use Personal Data

• To create and manage your account.
• To provide ticket storage, import, classification, and display features.
• To process manually forwarded and automatically forwarded ticket-related emails.
• To operate Gmail Connect and related setup status features.
• To validate subscriptions and prevent fraud or abuse.
• To send transactional or service-related messages where necessary.
• To provide reminders and notifications if you enable them.
• To improve app quality, stability, and filtering accuracy.
• To monitor and reduce unnecessary forwarded-email traffic and associated processing costs.
• To comply with legal obligations and enforce our legal rights.

Legal Bases for Processing

Where GDPR or similar laws apply, we rely on the following legal bases:

• Performance of a contract: to operate your account, provide ticket storage, process forwarded ticket emails, and deliver the core app features you request.
• Consent: for analytics where required, and for optional Google Account / Gmail Connect linking.
• Legitimate interests: for security, abuse prevention, service reliability, crash diagnostics, limited logging, and improving the accuracy and efficiency of the email classification workflow.
• Legal obligation: where processing is required by applicable law.

Sharing of Personal Data

We may share personal data only where reasonably necessary, including with:

• Service providers such as Firebase, Mailgun, Apple, Google, and similar infrastructure providers.
• Professional advisers, auditors, or authorities where legally required.
• A buyer or successor in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell your personal data.

International Transfers

Some service providers may process data outside the EEA, including in the United States. Where required, we rely on appropriate safeguards such as contractual protections and provider transfer mechanisms. You may contact us for more information.

Data Retention

• Account data is retained while your account remains active.
• Ticket files, ticket metadata, forwarded ticket emails, and related attachments are retained while your account remains active or until you delete them where deletion is supported.
• If you delete your account, we will delete or anonymize personal data from active systems within a reasonable period, except where retention is required for security, legal compliance, dispute handling, fraud prevention, subscription validation, or backups.
• Subscription validation and anti-abuse records may be retained where reasonably necessary to prevent fraud, repeated trial abuse, chargeback abuse, account sharing, or unauthorized subscription transfers.
• Gmail Connect tokens are retained while Gmail Connect is active. If you disconnect Gmail Connect or delete your account, we will delete or invalidate stored tokens where technically possible.
• Gmail Connect setup metadata may be retained for a limited period for security, auditing, troubleshooting, and cleanup.
• Rejected forwarded-email logs and processing metadata may be retained for debugging, abuse prevention, quality control, cost monitoring, and filter improvement. These logs may include limited metadata such as subject line, timestamps, decision outcome, forwarding type, and classification reason.
• Crash data and analytics data are retained according to the relevant provider settings and policies.
• Routine backups and server logs may persist temporarily on rolling deletion schedules.

Your Rights

Subject to applicable law, you may have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Request deletion of data, subject to legal and legitimate retention needs.
• Withdraw consent for analytics or Gmail Connect at any time.
• Object to certain processing or request restriction of processing.
• Receive data portability where applicable.
• Lodge a complaint with a supervisory authority, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if applicable.

You can contact us at maxbrouwermd@gmail.com. We may ask you to verify your identity before responding.

Automated Processing

TicketSaver uses automated systems to classify forwarded emails as likely relevant or not relevant to ticket storage. These automated decisions are used for operational filtering and do not produce legal effects or similarly significant effects on you within the meaning of GDPR Article 22.

Security

We use reasonable technical and organizational measures to protect personal data, including encryption in transit where appropriate and access controls within our service providers. No system is completely secure, and we cannot guarantee absolute security.

Children

The Service is not directed to children under 13. If local law requires a higher minimum age, that higher age applies. We do not knowingly collect personal data from children below the applicable age threshold.

External Services and Links

The Service may rely on or link to third-party services such as Apple, Facebook, Google, Gmail, Firebase, and Mailgun. Their own terms and privacy policies apply to your use of those services.

Account Deletion and Subscriptions

Deleting your TicketSaver account does not cancel your Apple subscription. You must manage or cancel subscriptions through your Apple ID settings.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be posted here and, where appropriate, communicated in the app or by other reasonable means. If we materially change how we use Google Account data or other personal data, we will update this Policy before using the data in the new way and, where required, request renewed consent.

Contact

If you have questions or privacy requests, contact us at maxbrouwermd@gmail.com.