TicketRay - Privacy Policy

Last updated: April 29, 2026

Overview

TicketRay ("the App") is a ticket-search tool that queries public ticketing APIs and shows all-in pricing with fees and taxes for live events. This policy explains what data the App and its backend access, store, and transmit.

What We Don't Collect

• No accounts — no sign-up, login, email, phone number, or password is ever required.
• No personal identifiers — we do not ask for or store your name, email, phone, address, or any government identifier.
• No analytics SDKs — the App does not integrate Google Analytics, Firebase Analytics, Mixpanel, or any third-party behavioral analytics.
• No advertising SDKs — the App does not display ads and does not integrate any ad SDK.
• No location tracking — the App does not request GPS or device-location permissions.
• No contacts, calendar, photos, or microphone — the App does not request access to any of these.

Data Stored On Your Device

The App may store the following data locally on your device:

• Recent searches — the text of your recent ticket searches, to make repeating them easier.
• App preferences — display and sort options.
• Wishlist (offline copy) — events you tap the heart icon to save. A local copy is kept so the wishlist works offline.
• Wishlist sync ID — if you opt to sync your wishlist across devices, a randomly-generated 30-character identifier is stored locally so the App can retrieve your wishlist from our backend on subsequent launches.

Uninstalling the App or clearing its storage removes all local data.

Data Stored On Our Backend (Cross-Device Wishlist Sync)

If — and only if — you tap "Save event" on a wishlist while sync is enabled, the following data is stored on our Cloudflare-hosted backend (D1 database):

• Wishlist ID — a randomly-generated 30-character string with no link to your identity. We do not associate it with an email, phone, account, or any login credential because none exists.
• Saved event references — the Ticketmaster event ID, the time you saved it, and a JSON blob containing the event's public metadata (title, venue, date, listed price range) so the wishlist screen can render without a fresh API call. No personal data is included.
• Last-seen timestamp — the most recent time the App fetched the wishlist, used to age out unused wishlists.
• Pairing codes (temporary) — if you generate an 8-character pairing code to add a second device, that code and its associated wishlist ID are stored for 10 minutes only, after which they expire and are no longer valid.

Because there are no accounts, the wishlist ID alone is the credential. Anyone holding the ID can read or modify the wishlist. Treat it as you would a password.

Network Usage

TicketRay makes network requests for the following purposes only:

• Search — search queries you enter are sent to our backend at ticketray.com, which forwards them to public ticketing APIs (Ticketmaster Discovery) to retrieve matching events. Only the search text and optional filters (city, date range) are transmitted.
• Wishlist sync — when you save, view, or remove a wishlist event with sync enabled, the App calls our backend at ticketray.com/api/wishlist/* with your wishlist ID.
• Deep links to sellers — when you tap "Go to Ticketmaster" or a similar seller link, your device opens that seller's site in the system browser. At that point the seller's own privacy policy applies.

Third-Party Services

• Ticketmaster Discovery API — used to fetch event listings and pricing. Subject to Ticketmaster's terms.
• Cloudflare — our backend is hosted on Cloudflare Pages and uses Cloudflare D1 (SQLite). Cloudflare logs request metadata (IP address, user-agent, timing) for security and operational purposes only, as described in Cloudflare's Privacy Policy. We do not combine these logs with wishlist data.
• Affiliate sellers (when added) — if additional ticket sellers are integrated (e.g., TickPick, TicketNetwork, SeatGeek), tapping their listings opens the seller's site in the system browser. Those sellers' own privacy policies apply once you navigate to their pages.

Retention

• Wishlists are retained until you delete them. We may delete wishlists that have not been accessed for more than 12 months as part of routine database hygiene.
• Pairing codes automatically expire 10 minutes after creation.
• Cloudflare logs are retained per Cloudflare's standard retention policy (typically less than 7 days for free-tier services).

Your Rights

Because we do not collect any personal data, most data-protection rights (access, rectification, portability) do not apply in the usual sense — there is nothing personal to access or rectify. You can:

• Delete your wishlist data — remove items individually in the App, or contact us at [email protected] with your wishlist ID and we will delete the row from our database within 7 days.
• Stop syncing — clear the App's storage to discard your local wishlist ID; the orphaned server-side wishlist will be aged out per the retention policy above.
• Uninstall the App — this removes all local data immediately. Server-side wishlist data is aged out as described.

Permissions

The App requests the following Android permissions:

• Internet — required to query ticketing APIs and sync the wishlist.

Children's Privacy

The App is not directed at children under 13. We do not knowingly collect any information from children. Because the App requires no account and collects no personal identifiers, we have no mechanism to verify or target user age.

Changes to This Policy

We may update this policy from time to time. Material changes (such as the addition of a new third-party service or new categories of data) will be reflected in the "Last updated" date above and called out at the top of this page for at least 30 days.

Contact

If you have questions about this privacy policy, or want to request deletion of a specific wishlist, contact us at:

GriswoldLabs
7965 State Road 50, Suite 1000-166
Groveland, FL 34736
[email protected]