T

Privacy Policy

Last updated: March 2026

TixLayer Ltd (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use tixlayer.com (“the Platform”).

1. Information We Collect

Information you provide:

  • Account information: Name, email address, and password (hashed — we never store plaintext passwords)
  • Booking information: Activity details, dates, guest names, phone number (optional)
  • Payment information: Processed securely by Stripe. We do not store your full card number, CVV, or other sensitive payment details on our servers
  • Communications: Messages you send to our support team

Information collected automatically:

  • Device information: Browser type, operating system, screen resolution
  • Usage data: Pages visited, search queries, booking flow interactions (via Google Analytics 4)
  • Location: Approximate location based on IP address (used for currency and language detection — we do not use precise GPS location)
  • Cookies: See our Cookie Policy for details

2. How We Use Your Information

We use your personal data for the following purposes:

  • Booking fulfilment: Processing your bookings, issuing vouchers, and communicating booking details to activity suppliers
  • Transactional emails: Sending booking confirmations, cancellation notices, and vouchers (these are essential and cannot be opted out of)
  • Service communications: Visit reminders and post-visit feedback requests (you can unsubscribe from these)
  • Customer support: Responding to your enquiries and resolving booking issues
  • Analytics: Understanding how our Platform is used to improve the experience (using anonymised data)
  • Fraud prevention: Detecting and preventing fraudulent transactions

3. Legal Basis for Processing

Under GDPR and UK data protection law, we process your data on the following legal bases:

  • Contract: Processing necessary to fulfil your booking (name, email, payment, activity details)
  • Legitimate interest: Analytics, fraud prevention, service improvements, and visit reminders
  • Consent: Marketing communications and non-essential cookies
  • Legal obligation: Retaining financial records for tax and accounting purposes

4. Who We Share Data With

We share your personal data only with trusted third parties necessary to provide our service:

  • Activity suppliers: Your name and booking details are shared with the activity operator to fulfil your booking and issue vouchers
  • Stripe: Payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy
  • Brevo: Transactional and service email delivery
  • Google: Analytics (GA4 via Google Tag Manager), Maps, and Places API

We do not sell your personal data to third parties. We do not share your data for third-party marketing purposes.

5. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States (for Stripe and Google services). These transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) and the service providers' compliance with applicable data protection frameworks.

6. Data Retention

  • Booking records: Retained for 7 years for legal, tax, and accounting purposes
  • Account data: Retained until you request deletion
  • Analytics data: Anonymised after 26 months
  • Email logs: Retained for 12 months
  • Support communications: Retained for 2 years

7. Your Rights

Under GDPR and UK data protection law, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct any inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Restriction: Request that we limit how we use your data
  • Portability: Receive your data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us via our Help Centre. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies for essential site functionality, analytics, and user preferences. For full details, see our Cookie Policy.

9. Children's Privacy

TixLayer is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Platform or sending an email. The “Last updated” date at the top indicates when this policy was last revised.

11. Contact Us

For privacy-related questions or to exercise your data rights, contact us at:

TixLayer Ltd
Visit our Help Centre to get in touch.

Privacy Policy — TixLayer