Home
Ticket Timeline
Ticket Timeline

Privacy Policy

Ticket Timeline LLC · Effective Date: July 6, 2026

1. Introduction

Ticket Timeline LLC ("Ticket Timeline," "we," "us," or "our") operates the Ticket Timeline mobile and web application (the "App") and the marketing website at tickettimeline.com (the "Website"). In this Privacy Policy, "Services" means the App and the Website together. This Privacy Policy explains how we collect, use, store, disclose, and protect information when you use the Services.

Ticket Timeline is private by default. The App does not show you ads, does not operate public profiles or public social feeds, and we do not sell your personal information for money. We do use analytics and advertising-measurement tools, including Google Analytics and Google advertising features on our Website, and limited mobile attribution in the App. Depending on where you live, some of that activity may be considered "targeted advertising," "sharing," or "tracking" under privacy laws, even though we do not display ads inside the App. See "Cookies and Tracking Technologies" and "Advertising, Sale, and Sharing" below, and the choices we offer you.

The App lets you build a private record of events you attended, including games, tickets, photos, notes, memories, imports, achievements, and personalized insights. Because that record can be personal, we try to collect only what is needed to provide the Services and to keep them reliable.

2. Information We Collect

2.1 Account Information

When you create or use an account, we may collect:

  • Email address, used for authentication, account recovery, and service messages.
  • Password credentials, handled by Supabase Auth. We do not store plaintext passwords.
  • Supabase user ID and session identifiers.
  • Optional display name.
  • Optional profile photo or avatar.
  • Optional marketing email preference.

You may use the App as a guest through an anonymous session. Guest sessions are first-class App sessions and can later be upgraded to a registered account.

We do not ask for or intentionally collect your legal name, phone number, mailing address, date of birth, full payment card number, bank account information, or billing address. If you buy Pro through the Apple App Store or Google Play, Apple or Google processes your payment information under its own privacy policy. We do not receive your full card or bank details.

2.2 Profile and Preference Information

You may create or store preferences such as:

  • Timeline display preferences, filters, and favorites-only settings.
  • Dashboard layouts, widget choices, sport filters, and insight display preferences.
  • Google Sheets link settings, tab names, sync timestamps, and auto-sync preferences.
  • Gmail import connection status and sync history, where you connect Gmail.
  • Email notification and marketing message preferences.
  • Favorite teams and players.
  • Product analytics opt-out setting.
  • Onboarding progress and guest/import prompts.

Some preferences are stored locally on your device. Others are stored in our database so they can work across sessions.

2.3 Event, Ticket, and Timeline Content

When you use the App, you may provide or create:

  • Event attendance records, including games or other events you add to your timeline.
  • Attendance status, dates, venues, teams, leagues, ratings, favorite markers, arrival/departure notes, and pinned notes.
  • Ticket details, including provider, confirmation number, seat section, row, seat, face value, price paid, currency, and delivery method.
  • Uploaded photos, including ticket photos, seat-view photos, venue photos, scrapbook photos, and profile photos.
  • Scrapbook and memory content, including captions, notes, links, social post references, and embedded content you add.
  • Reports you submit about media, image credits, or historic event designations.

Uploaded profile photos are limited to 5 MB. Ticket OCR image uploads are limited to 10 MB. Other user-uploaded media may be subject to storage limits and compression.

2.4 Import, OCR, Gmail, and Photo Library Information

You can import data through CSV, Google Sheets, ticket image scanning, an optional Gmail connection (where available), and optional photo-library game discovery (where available).

For CSV imports, we process the file content you choose to import.

For Google Sheets imports, the App can fetch data from a public Google Sheet link or, where you connect Google Sign-In, use read-only Google Sheets access for the spreadsheet data you authorize. We use that access to import timeline rows. We do not request permission to edit your spreadsheets.

For ticket scanning, the App uploads the ticket image to Supabase Storage, sends the image to Google Cloud Vision for OCR text extraction, and sends the extracted OCR text to OpenAI to convert it into structured ticket fields. The extracted OCR text is cached in our database with your user ID and a file hash to avoid repeat processing of the same image.

Gmail ticket import (optional). If you choose to connect your Gmail account, we request read-only Gmail access through Google's OAuth consent flow. Before connecting, you choose a scan mode:

  • Ticket providers only: We search for and open emails only from allowlisted ticket sellers shown in the App (such as Ticketmaster, StubHub, SeatGeek, AXS, MLB Ballpark, NBA Tickets, Vivid Seats, Gametime, and similar ticket-provider domains).
  • Deep scan: In addition to ticket-provider emails, we search your mailbox for messages that may contain forwarded tickets from friends, family, or other personal senders using ticket-forward language patterns. For deep scan, we first collect sender and subject metadata for matching messages and show them to you for approval before opening any personal email's body. We only open and process the message body of personal emails you explicitly approve in each batch.

For emails we open (from either mode), we process the subject line and message body to extract event and ticket details (such as teams, date, venue, seat, and price). We use one of the following AI providers as service processors solely for structured extraction: OpenAI's API or Anthropic's Claude API, as described in "How We Share Information" below. We store your Gmail access credentials encrypted, restricted to server-side use. Extracted candidates — including the extracted fields and, for your review, a short subject/snippet — are staged so you can review them; nothing is added to your timeline without your confirmation. The stored subject/snippet is cleared when you finish reviewing a batch, and staged candidates are deleted within 30 days at the latest. When you import a game from Gmail, we store a Gmail message identifier on that timeline event for duplicate prevention until you delete the event or your account. You can disconnect Gmail at any time in the App, which revokes our access with Google and deletes the stored credentials. We never send email or modify your mailbox.

Photo-library game discovery ("Find My Games"; optional). If you grant photo library permission, the App can scan your photos' metadata on your device — the timestamps and location coordinates embedded in your photos — to suggest games you may have attended. Only clustered coordinates and timestamps (with an internal photo reference) are sent to our servers to match against stadium and game data; the matching is transient and we do not build or retain a history of your locations. Your photos themselves are never uploaded during scanning. A photo is uploaded only if you explicitly choose to attach it to a game you add. Our analytics for this feature record only counts and match-confidence buckets — never coordinates, timestamps, photo identifiers, or filenames.

2.5 Derived Statistics, Insights, and Achievements

We generate data from your timeline, such as:

  • Lifetime attendance statistics.
  • League, team, venue, player, seating, and ticket-price insights.
  • Maps and venue footprint summaries.
  • Rare moments, historic games, timeline score, rarity flags, and star-power style insights.
  • Achievement progress, achievement unlock events, tiers, and unlock context.
  • Aggregated dashboard snapshots and filters.

These derived records are generated from your own timeline content and canonical sports/event data.

2.6 Technical, Diagnostic, Analytics, and Attribution Data

We collect technical data needed to operate and improve the Services, including:

  • Device and app information, such as platform, app version, operating system version, lifecycle events, and crash/error context.
  • Product analytics, such as screen views, feature usage events, onboarding/import flow events, timeline actions, search interactions, and achievement interactions.
  • Diagnostic logs, including sanitized error messages, stack traces, breadcrumbs, and app context used to investigate bugs.
  • Server logs, edge function invocation metadata, rate-limit counters, and security-related request metadata.
  • Mobile attribution data through AppsFlyer, such as install/referrer metadata, campaign parameters, deep-link attribution, device identifiers, and advertising identifiers when available from the platform.
  • Website usage data, such as pages viewed, referring URLs, approximate location derived from IP address, device and browser characteristics, pseudonymous visitor and session identifiers, and interactions like download-button clicks and sign-in confirmation events.

In the App, we use PostHog and Firebase Analytics for product analytics and error context. Session replay is disabled. We do not record your screen or use heatmaps.

On our marketing website (tickettimeline.com), we use Google Analytics 4 (Google's gtag.js), PostHog, and Customer.io for website analytics, performance measurement, and email campaign attribution. These tools may set or read cookies and similar identifiers. Where we enable Google's advertising features, Google Analytics data may also be used to measure our advertising campaigns and to build remarketing audiences in Google Ads, so we can reach people who have visited our Website. We describe these technologies, and how to control them, in "Cookies and Tracking Technologies" and "Advertising, Sale, and Sharing" below.

The in-app "Disable analytics" control disables product analytics collection through PostHog and Firebase Analytics for that device. It does not prevent strictly necessary service logs, security logs, local diagnostics, or all platform-level attribution processing. On the Website, you can limit analytics and advertising cookies through your browser settings, the opt-out tools described below, and any cookie or consent controls we make available. You can also use your device operating system settings to limit advertising identifiers and tracking where supported.

2.7 Camera, Photos, Files, and Local Device Access

The App may request access to your camera, photo library, or files only when you choose actions that need them, such as taking a ticket photo, uploading an image, adding scrapbook photos, choosing an avatar, selecting a CSV file, or running photo-library game discovery. We process only the files or images you choose to provide. Photo-library game discovery reads photo metadata on your device as described in "Import, OCR, Gmail, and Photo Library Information" above; it does not upload your photos unless you explicitly attach them to a game.

2.8 Ticket Prices You Enter

If you choose to enter ticket prices, we store ticket face value, price paid, and currency so the App can show spending and ticket-price insights. These are archive fields you control. They are separate from App Store or Google Play purchases for Pro.

2.9 Pro Purchases and Subscription Status

If you purchase Pro through Apple in-app purchases or Google Play billing, Apple or Google processes payment and billing details. Ticket Timeline does not collect or store your full payment card number, bank account details, or billing credentials.

We use RevenueCat to manage Pro entitlements and subscription status across both stores. RevenueCat may receive purchase and subscription metadata such as product identifiers, transaction or subscriber identifiers, entitlement status, purchase dates, renewal status, app user ID, and related device or app metadata needed to verify access and support subscription features. We may also receive limited purchase status information from RevenueCat so the App can unlock Pro features.

We use a limited set of purchase and subscription events (such as paywall views, free-tier limit prompts, and purchase milestones) to measure and attribute our marketing campaigns through AppsFlyer and our analytics tools, so we can understand which campaigns lead to sign-ups and purchases. We do not use this purchase metadata to show you ads inside the App, and we do not sell it.

3. How We Collect Information

We collect information:

  • Directly from you when you create an account, use a guest session, add events, upload photos, scan tickets, write notes, configure dashboards, or contact us.
  • Automatically through operation of the Services, including product analytics, website analytics, attribution, diagnostics, error reporting, logs, security checks, and rate limits.
  • Through cookies, SDKs, pixels, and similar technologies, as described in "Cookies and Tracking Technologies" below.
  • From integrations you choose to use, such as Google Sheets, Google Sign-In, Gmail ticket import, photo-library game discovery, and ticket OCR.
  • From Apple, Google Play, and RevenueCat when you make or restore in-app purchases for Pro, including entitlement and subscription status needed to provide paid features.
  • From public or licensed event and sports data sources. Sports data is about games, teams, leagues, venues, players, scores, awards, weather, and statistics, not about you personally.

4. How We Use Information

We use information to:

  • Provide, maintain, secure, and improve the Services.
  • Create and manage accounts and guest sessions.
  • Authenticate users, restore sessions, handle auth callbacks, and merge guest data when a guest upgrades.
  • Store your timeline, ticket, photo, scrapbook, memory, dashboard, and achievement data.
  • Import events from CSV, Google Sheets, OCR, Gmail ticket import, or photo-library game discovery.
  • Extract event and ticket details from ticket emails you authorize us to read through Gmail import (including personal forwarded tickets you approve in deep scan).
  • Match photo time and location metadata to games and venues when you use photo-library game discovery.
  • Match imported rows to canonical sports games and venue data.
  • Generate personal insights, achievements, statistics, maps, weather context, and event-detail highlights.
  • Send service messages, account recovery emails, and other operational communications.
  • Send marketing emails only if you opt in, and let you withdraw that preference.
  • Provide support and respond to privacy requests.
  • Detect errors, diagnose issues, prevent abuse, enforce rate limits, and protect the service.
  • Measure App installs, website traffic, campaign attribution, advertising performance, and deep-link performance, including measuring and optimizing Google Ads and other campaigns and building remarketing audiences from Website visits.
  • Verify, restore, and manage Pro purchases and subscription entitlements.
  • Respond to purchase-related support questions within the limits of what we can see through Apple, Google, and RevenueCat.
  • Comply with legal obligations and enforce our rights.

We do not use your personal information to:

  • Sell or rent your data for money.
  • Serve ads inside the App.
  • Operate public social profiles or public feeds.
  • Make automated decisions that produce legal or similarly significant effects about you.

5. Cookies and Tracking Technologies

We and our service providers use cookies and similar technologies — including browser cookies, local storage, pixels, software development kits (SDKs), and mobile/advertising identifiers — to operate the Services, remember your settings, measure usage, and support our marketing and advertising. The technologies we use fall into these categories:

  • Strictly necessary. Needed to run the Services and keep them secure, such as authentication and session management, security and abuse prevention, load handling, and remembering basic interface state (for example, your theme preference or that you dismissed a banner). These cannot be turned off through our controls because the Services will not work properly without them.
  • Analytics and performance. Help us understand how the Services are used so we can improve them. On the Website these include Google Analytics 4, PostHog, and Customer.io; in the App these include PostHog and Firebase Analytics.
  • Advertising and attribution. Help us measure and improve our marketing. On the Website this includes Google's advertising features used with Google Analytics (such as conversion measurement and remarketing audiences in Google Ads). In the App this includes AppsFlyer attribution, which may use device and advertising identifiers where available.

Cookies set by us are "first-party"; cookies set by our providers (such as Google) are "third-party." Some identifiers persist across sessions until they expire or you clear them; others last only for a single session.

You can control these technologies in several ways:

  • Adjust or block cookies through your browser settings, and clear cookies and local storage at any time.
  • Use any cookie or consent banner or preference control we make available on the Website.
  • Opt out of Google Analytics in your browser using the Google Analytics Opt-out Browser Add-on, and manage Google ad personalization in your Google Ad Settings.
  • Use a browser or extension that sends a Global Privacy Control (GPC) signal; where required by law, we treat a valid GPC signal as a request to opt out of "sale" or "sharing" of personal information for the browser that sends it.
  • In the App, use the in-app "Disable analytics" control, and use your device settings (such as iOS App Tracking Transparency and Android advertising-ID controls) to limit tracking and advertising identifiers.

Because some identifiers are tied to a specific browser or device, you may need to apply these choices on each browser and device you use, and clearing cookies may reset some opt-outs.

6. Legal Bases for Processing

For users in jurisdictions that require a legal basis, including the EEA and UK, we process information under these bases:

Purpose Examples Legal Basis
Provide the App Timeline, tickets, imports, insights, achievements, account sessions Performance of contract
Authenticate and secure accounts Email, password credentials, session tokens, guest IDs Performance of contract and legitimate interests
Process optional integrations Google Sheets, OCR, camera/file uploads Performance of contract and consent where required
Gmail ticket import and photo-library game discovery Read-only Gmail access for allowlisted ticket-provider emails and, if you choose deep scan, personal forwarded tickets after per-batch approval; photo time/location metadata matched to games Consent
Product analytics and diagnostics Screen views, feature usage, errors, crash context Legitimate interests, with in-app opt-out for product analytics
Website analytics and advertising cookies Google Analytics 4, PostHog, Customer.io, Google Ads remarketing/conversion measurement Consent where required (e.g., EEA/UK); otherwise legitimate interests
Attribution and campaign measurement AppsFlyer install/deep-link/campaign metadata Legitimate interests or consent where required by platform or law
Pro purchases and entitlements Product identifiers, transaction/subscriber IDs, entitlement status, app user ID Performance of contract
Marketing messages Marketing email preference and email address Consent
Legal compliance Records needed to respond to lawful requests Legal obligation

7. How We Share Information

We share information with service providers that help us operate the Services. They process information for us or in connection with the features you choose.

7.1 Service Providers

Supabase
Backend infrastructure, database hosting, authentication, file storage, serverless functions, and account deletion workflows. Account data, timeline data, uploaded files, OCR cache records, diagnostics, and App data are stored or processed through Supabase.

Google Analytics
Website analytics and, where we enable Google advertising features, advertising measurement and remarketing. On tickettimeline.com, Google Analytics 4 (gtag.js) receives website usage data such as pages viewed, referring URLs, approximate location from IP address, device/browser characteristics, and pseudonymous identifiers, and may set or read cookies. Where Google advertising features are enabled, this data may be used to measure Google Ads campaigns and build remarketing audiences.

Customer.io
Marketing website analytics and email campaign attribution on tickettimeline.com, plus delivery of marketing and certain service emails and in-app messages. On the Website we send page views, anonymous or campaign-linked identifiers from email links, and limited funnel events such as download-button clicks and sign-in confirmation events. We do not send form payloads or authentication tokens through Customer.io on the Website. In the App, Customer.io receives your app user ID, email address, marketing and email notification preferences, and app lifecycle events needed to deliver messages you have not opted out of. If you unsubscribe through a Customer.io email, that choice is synced back to your account's marketing preference.

PostHog
Product analytics and automatic error/diagnostic reporting in the App, and website analytics on tickettimeline.com. We send user or visitor identifiers, screen or page views, feature events, lifecycle events, sanitized diagnostic context, and error information. Session replay is disabled.

Firebase and Google Analytics for Firebase
App initialization support, analytics events, screen views, lifecycle information, app instance data, user ID linkage when available, and crash/error context.

AppsFlyer
Mobile attribution, campaign measurement, deep-link/deferred deep-link routing, fraud prevention related to attribution, and selected in-app attribution and monetization events. AppsFlyer may receive device identifiers, advertising identifiers where available, app/user identifiers, install/referrer metadata, campaign parameters, and sanitized event properties.

Google
Google Sheets import, optional Gmail ticket import, optional Google Sign-In, Google Maps display, and Google Cloud Vision OCR. For Sheets, we access spreadsheet content you authorize or public spreadsheet content from a link you provide. For Gmail, where you connect it, we use read-only Gmail access as described in "Import, OCR, Gmail, and Photo Library Information" above and "Google API Limited Use" below — including allowlisted ticket-provider emails and, if you choose deep scan, personal forwarded tickets only after you approve each batch. For Maps, venue coordinates and technical map requests may be processed by Google. For Vision OCR, the ticket image you choose to scan is sent for text extraction.

OpenAI
Ticket OCR structuring and Gmail ticket email extraction. For ticket scanning, we send extracted OCR text from your ticket image to OpenAI so it can return structured event and ticket fields. For Gmail import, we may send the subject line and message body text of emails you authorize us to read to OpenAI's API so it can return structured event and ticket fields. We do not send your Gmail credentials, OAuth tokens, or full mailbox to OpenAI, and we do not permit this data to be used to train OpenAI's models.

Anthropic
Gmail ticket email extraction. When you use Gmail import, we may send the subject line and message body text of emails you authorize us to read to Anthropic's Claude API so it can return structured event and ticket fields. We do not send your Gmail credentials, OAuth tokens, or full mailbox to Anthropic, and we do not permit this data to be used to train Anthropic's models.

Visual Crossing
Weather data for event and venue context. We send event date and venue coordinates so Visual Crossing can return historical or contextual weather data. We do not send your name, email address, notes, tickets, or photos to Visual Crossing.

RevenueCat
In-app purchase and subscription entitlement management for Pro across the App Store and Google Play. RevenueCat may receive product identifiers, purchase and subscription metadata, transaction or subscriber identifiers, entitlement status, app user ID, and related device or app metadata needed to verify Pro access, process restores, and support subscription features. Apple or Google processes payment information; RevenueCat receives purchase status and related metadata, not your full payment card or bank account details.

Apple and Google Play
App Store and Google Play distribution, TestFlight distribution where applicable, and in-app purchase payment processing. When you buy Pro, Apple or Google collects payment and billing information under its own policies. We receive purchase confirmation and entitlement information needed to unlock Pro, not your full payment credentials.

7.2 Sports and Event Data Providers

We receive public or licensed sports/event data from sources such as BallDontLie, Retrosheet, Baseball-Reference, Basketball-Reference, Sports Reference-style data sources, ESPN/official sports feeds where used, Kaggle-backed datasets, and curated in-app assets. We use this data to identify games, venues, players, scores, statistics, awards, highlights, and historical context.

We do not send your personal timeline content to sports data providers as part of ordinary App use.

7.3 Legal, Safety, and Business Transfers

We may disclose information:

  • To comply with valid legal process or applicable law.
  • To protect the rights, property, or safety of Ticket Timeline, our users, or others.
  • To detect, prevent, or investigate fraud, abuse, security incidents, or technical issues.
  • In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate protections.

8. Advertising, Sale, and Sharing

We do not sell your personal information for money, and we do not serve ads inside the App.

We do advertise Ticket Timeline. On our Website, we use Google Analytics together with Google's advertising features and Google Ads to measure our campaigns, understand conversions, and build remarketing audiences so we can reach people who have visited tickettimeline.com. This involves cookies and identifiers that may be read by Google. In the App, we use AppsFlyer to attribute installs and measure marketing campaigns, which may involve device and advertising identifiers.

Depending on your jurisdiction, this activity may be considered "sharing," "targeted advertising," "cross-context behavioral advertising," or "tracking," even though we do not display ads inside the App. Some U.S. state privacy laws give you the right to opt out of this activity.

You can limit or opt out of this advertising-related activity by:

  • Using a browser or extension that sends a Global Privacy Control (GPC) signal. Where required by law, we treat a valid GPC signal as a request to opt out of "sale" or "sharing" for that browser.
  • Submitting a "Do Not Sell or Share My Personal Information" request to us at contact@tickettimeline.com.
  • Adjusting your browser cookie settings, using the Google Analytics Opt-out Browser Add-on, and managing ad personalization in your Google Ad Settings.
  • Using your device's App Tracking Transparency (iOS) and advertising-identifier (Android) controls to limit in-app attribution and advertising identifiers.

We do not knowingly "sell" or "share" the personal information of consumers under 16 years old, and the App is not directed to children under 13.

9. Data Storage and Security

We use reasonable technical and organizational safeguards designed to protect information, including:

  • Supabase-managed authentication and password hashing.
  • HTTPS/TLS for data transmitted between the App and our services.
  • Row-Level Security policies on user-owned database tables.
  • Private storage buckets for current user-uploaded media.
  • Signed URLs for private uploaded media where needed, typically expiring after about one hour.
  • Scoped backend access for privileged operations.
  • Rate limiting on sensitive edge functions, including OCR and weather refreshes.
  • Sanitization/redaction of sensitive values in analytics and diagnostic logs where supported by our logging pipeline.

No method of transmission or storage is perfectly secure. We cannot guarantee absolute security.

10. Data Retention

We retain information for as long as reasonably needed to provide the Services, comply with law, resolve disputes, enforce agreements, and maintain security.

  • Account information is retained while your account is active and is deleted when your account is deleted, subject to limited backup, legal, and provider-log retention.
  • Timeline, ticket, note, scrapbook, photo, dashboard, insight, and achievement data is retained until you delete it or delete your account.
  • Guest session data may be retained for up to 90 days unless upgraded to an account or deleted sooner.
  • Ticket scan images and extracted OCR text are retained as needed to provide scanning and import features, avoid repeat OCR processing, and maintain your account data. They are deleted when your account is deleted, subject to limited backup and provider-log retention.
  • Gmail import credentials are stored encrypted and are deleted when you disconnect Gmail or delete your account. Staged Gmail import candidates, including the stored subject/snippet used for review, are cleared when you finish reviewing a batch and are deleted within 30 days at the latest. Timeline events you import from Gmail may retain a Gmail message identifier for duplicate prevention until you delete the event or your account.
  • Photo-library discovery coordinates and timestamps are processed transiently to return game matches and are not retained as a location history. Photos you explicitly attach to games are retained like other uploaded photos until you delete them or delete your account.
  • Product analytics, website analytics, advertising, and attribution data are retained according to our provider settings and provider policies, including cookie and identifier lifetimes set by us or those providers.
  • Server, security, and diagnostic logs are generally retained for a limited operational period, often around 90 days, unless needed longer for security, legal, or abuse-prevention reasons.
  • Derived statistics and achievements are deleted or regenerated when the underlying user data is deleted.

When you delete your account, our account deletion workflow removes your account and associated App database records, and triggers cleanup for user-owned storage objects in Supabase Storage on a best-effort basis. Copies may persist for a limited time in encrypted backups, provider logs, or records we are legally required to retain.

11. Your Controls and Choices

The App includes controls to:

  • Edit profile information.
  • Change marketing preferences where available.
  • Disable product analytics collection for the device.
  • Delete individual events and related content.
  • Delete all events.
  • Delete photos and edit or remove notes.
  • Disconnect Google Sheets and sign out of Google Sheets access.
  • Disconnect Gmail import, which revokes our Gmail access with Google and deletes stored credentials.
  • Grant, limit, or revoke photo library permission for photo-library game discovery through your device settings.
  • Manage email notification preferences in Settings, and unsubscribe from marketing emails using the link in any marketing email.
  • Delete your entire account.
  • Manage or cancel Annual Pro auto-renewal through your Apple ID or Google Play subscription settings.

On the Website and on your device, you can also:

  • Adjust or block cookies, clear local storage, and use any cookie or consent controls we provide.
  • Opt out of "sale" or "sharing" of personal information, including by sending a Global Privacy Control (GPC) signal or emailing a "Do Not Sell or Share My Personal Information" request to contact@tickettimeline.com.
  • Use the Google Analytics Opt-out Browser Add-on and Google Ad Settings.
  • Control camera, photo, file, notification, tracking, and advertising-identifier permissions through your device or browser settings.

For App Store or Google Play refunds and billing disputes, contact Apple or Google. We cannot override their billing decisions.

12. Your Privacy Rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete personal information.
  • Restrict or object to certain processing.
  • Receive a portable copy of your information.
  • Withdraw consent where processing is based on consent.
  • Opt out of sale, sharing, targeted advertising, or certain profiling where applicable.
  • Appeal a denied privacy request where applicable.

To exercise rights, contact us at contact@tickettimeline.com. We may need to verify your identity before fulfilling a request. You may use an authorized agent to submit a request where the law allows, and we will not discriminate against you for exercising your privacy rights.

California and U.S. State Privacy Disclosures

We collect the following categories of personal information, depending on how you use the Services:

Category Examples
Identifiers Email address, Supabase user ID, guest/session IDs, device or advertising identifiers, online and cookie identifiers
Customer records information Email address and optional account profile information
Commercial information User-entered ticket prices, ticket details, event attendance records, and Pro purchase or subscription metadata such as product identifiers and entitlement status
Internet or app activity Screen views, feature events, app lifecycle events, import flow events, website page views and clicks
Approximate location or geolocation-like data Venue city/state/country and venue coordinates for events, weather, and maps, and approximate location derived from IP address; if you use photo-library game discovery, location coordinates from your photos' metadata are processed transiently for matching; not continuous GPS tracking
Audio, electronic, or visual information Uploaded photos and ticket images
Inferences Attendance insights, statistics, achievements, preferences, and dashboard summaries
Sensitive personal information Account login credentials handled by Supabase Auth; ticket images may contain sensitive details if you upload them; if you connect Gmail import, contents of ticket emails you authorize us to read (including personal forwarded tickets you approve in deep scan); if you use photo-library game discovery, photo location metadata processed with your permission

Apart from the optional photo-library game discovery feature — which, with your photo permission, transiently processes location coordinates embedded in your photos — we do not knowingly collect precise GPS location. We do not knowingly collect biometric identifiers, protected classifications, professional/employment information, education information, or full payment card or bank account data. Apple or Google processes payment information for App Store and Google Play purchases. We use sensitive personal information only to provide the features you request, and not to infer characteristics about you.

We use identifiers, internet/app activity, and commercial information for the business and commercial purposes described in this Policy, including providing the Services, analytics, security, and advertising measurement. We may disclose these categories to the service providers listed above. We do not sell personal information for money. We may "share" identifiers and internet/app activity for cross-context behavioral advertising, and engage in "targeted advertising," through Google advertising features on our Website and through mobile attribution in the App. You can opt out as described in "Advertising, Sale, and Sharing" above.

EEA and UK Users

If you are in the EEA or UK, you may also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to help.

13. Guest Users

You can start using the App as a guest. During a guest session:

  • We create an anonymous Supabase-backed session identifier.
  • Your events, notes, photos, imports, and preferences can be stored like registered user data.
  • If you later create an account, we merge eligible guest data into your account.
  • After account deletion, the App is designed to return to a fresh guest session.

Guest sessions receive the same core security protections as registered sessions, including database access controls.

14. Google API Limited Use

Ticket Timeline's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When the App uses Google APIs, we use Google user data only to provide and improve user-facing App features you request, such as importing rows from Google Sheets or importing tickets from Gmail. We do not use Google user data for advertising.

For Gmail specifically, where you connect Gmail import:

  • We request read-only Gmail access and use it to find ticket emails as described in "Import, OCR, Gmail, and Photo Library Information" above — including allowlisted ticket-provider emails and, if you choose deep scan, personal forwarded tickets only after you approve each batch — so we can extract event and ticket details for your review.
  • We do not use Gmail data for advertising, and we do not sell it.
  • We do not allow humans to read your Gmail data unless we have your explicit consent for a specific message (for example, a support request), it is necessary for security or abuse investigation, or it is required to comply with applicable law.
  • We do not transfer Gmail data to third parties except to service providers acting on our behalf to provide the feature (such as structured extraction through OpenAI's API or Anthropic's API), for security purposes, or to comply with applicable law.
  • We do not use Gmail data to develop, improve, or train generalized artificial intelligence or machine-learning models, and we do not permit our service providers to do so.

15. Children's Privacy

The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13 or the applicable age of consent in their jurisdiction. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

16. International Data Transfers

Ticket Timeline is based in the United States. Your information may be processed in the United States and other countries where we or our service providers operate. Those countries may have privacy laws different from your country.

Where required, we rely on appropriate safeguards for international transfers, such as provider data processing terms, Standard Contractual Clauses, Data Privacy Framework participation, or other lawful transfer mechanisms.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide notice through the App, website, email, or another reasonable method.

Your continued use of the Services after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

18. Contact Us

For privacy questions or requests, contact:

Email: contact@tickettimeline.com

Mailing Address:
Ticket Timeline LLC
555 SE Martin Luther King Jr Blvd
Portland, OR 97214
United States

Last updated: July 6, 2026