Browse eventsSign inGet started

Privacy Policy

Last updated April 27, 2026

1. What we collect

When you create a MerlinTix account we collect the email and (for Google sign-in) the basic profile data Google sends us — name and avatar URL. When you publish events we collect what you enter: event title, description, venue, ticket prices. When attendees buy tickets we collect their name, email, and order data. Payment card details are handled by Stripe and never touch our servers.

2. How we use it

We use your data to operate the service: authentication, sending ticket confirmation emails, processing refunds, generating sales reports for organizers, and providing customer support. We do not sell your data, ever. We do not share organizer customer lists with other organizers.

3. Subprocessors

We use a small set of vendors to run MerlinTix: Supabase (database + auth), Stripe (payments), Resend (transactional email), Vercel (hosting), Bunny (image / video storage and CDN). Each is contractually required to protect your data.

4. Cookies

We use first-party cookies for authentication (the session that keeps you logged in) and a Vercel Analytics cookie for aggregate page-view statistics. We don't use ad cookies on merlintix.com. Organizers can enable Google Analytics, Facebook, and TikTok pixels on their own event pages — those pixels follow each organizer's policy, not ours.

5. Your rights

You can export or delete your account data at any time. Email support@merlintix.com and we'll process the request within 30 days. EU/UK residents have additional rights under GDPR; California residents have rights under the CCPA. Both are honored on request.

6. Security

We use TLS for every connection, encrypted-at-rest databases, and industry-standard auth (Supabase Auth + OAuth via Google). We don't store passwords ourselves; that's Supabase's job. Bug bounty inquiries: security@merlintix.com.

7. Retention

Account data lives until you delete the account. Order and ticket data is kept for 7 years for tax and accounting purposes, even after account deletion, in line with US recordkeeping rules.

8. Changes

Material changes to this policy will be announced via email or in-product banner at least 30 days before they take effect.

9. Contact

Privacy questions: privacy@merlintix.com.
Privacy Policy · MerlinTix · MerlinTix