Privacy Policy
This Privacy Policy applies to the TicketWave website, the dashboard, as well as the connected Discord bot (ticket system). It describes which personal data we process, for what purposes, and on which legal basis.
Table of Contents
- 1. Controller
- 2. Types of Data and Purposes
- 3. Legal Bases
- 4. Recipients and Processors
- 5. Third Country Transfers
- 6. Storage Duration
- 7. Cookies and Similar Technologies
- 8. Web Analytics (Google Analytics 4)
- 9. Error Analysis and Monitoring (Sentry)
- 10. Payment Processing (Stripe)
- 11. Login with Discord
- 12. Tickets, Logs and Transcripts
- 13. Data Security
- 14. Your Rights
- 15. Version and Changes
1. Controller
The controller within the meaning of the GDPR is the operator of TicketWave. The specific contact details can be found in thelegal notice.
2. Types of Data and Purposes
We process personal data only to the extent necessary for the operation of our services.
- Technical access data: IP address, timestamp, URL, referrer, browser and device information for the provision and security of the website.
- Account and profile data: Discord ID, username, global name, avatar, as well as session data for login, dashboard usage, and authorization checks.
- Operational and configuration data: server/guild data, roles, settings, module configuration, ticket metadata, blacklist and log data for the provision of bot functionalities.
- Communication and ticket content: content within support tickets as well as transcripts generated from them.
- Payment data (via Stripe): Stripe customer ID, subscription ID, plan, payment status, payment events, and billing-related metadata.
- Analytics data: usage data via Google Analytics 4, provided you have given consent.
- Error and diagnostic data: technical error data, stack traces, timestamps, accessed URLs, referrer, browser and device information, as well as, where applicable, truncated or otherwise technically transmitted IP/request metadata for the detection, analysis, and resolution of errors and to ensure stability and security. Subject to separate consent, performance data and session replay data in the browser may also be processed.
3. Legal Bases
- Art. 6(1)(b) GDPR (contract / pre-contractual measures), e.g. for account, bot, and payment functions.
- Art. 6(1)(f) GDPR (legitimate interest), e.g. for IT security, stability, abuse prevention, and technical optimization.
- Art. 6(1)(a) GDPR (consent), e.g. for non-essential cookies and Google Analytics.
- Art. 6(1)(c) GDPR (legal obligation), e.g. for commercial and tax retention obligations.
4. Recipients and Processors
For the provision of our services, we use the following categories of external recipients:
- Hosting/infrastructure providers for the operation of the website, APIs, and databases.
- Discord (Discord Inc.) for OAuth login, guild/member verification, and bot interactions.
- Stripe (Stripe Payments Europe Ltd./Stripe Inc.) for checkout, subscription management, customer portal, and webhooks.
- Google (Google Ireland Limited) for Google Analytics 4 (only with consent).
- Sentry (Functional Software, Inc.) for error analysis, monitoring, and technical stability.
5. Third Country Transfers
When using Discord, Stripe, Google, and Sentry, data may be transferred to third countries, in particular the United States. Where required, such transfers are based on applicable safeguards (e.g. standard contractual clauses) or other legally permissible bases.
6. Storage Duration
- Session and authentication data are stored only for the duration of the valid session or as long as necessary for login.
- Ticket, log, and configuration data are stored as long as necessary for bot operation.
- Transcripts are retained until deletion by us or the respective operator, unless statutory obligations prevent this.
- Billing and tax-relevant data are stored in accordance with statutory retention periods.
- Analytics data are stored according to the retention periods configured in Google Analytics (if consent is given).
- Error and monitoring data are stored only as long as necessary for troubleshooting, abuse prevention, and secure operation, or as long as the retention periods configured with the respective provider apply.
7. Cookies and Similar Technologies
We use technically necessary cookies, in particular for:
- Session management (login status),
- Language selection (e.g. lang),
- UI settings (e.g. sidebar status).
Non-essential cookies (in particular for analytics) are used only with your consent. You can withdraw your consent at any time with effect for the future.
If browser-side Sentry features for performance measurement or session replay are used, these are also loaded only after your consent via our consent banner.
8. Web Analytics (Google Analytics 4)
If you have given your consent, we use Google Analytics 4 for the statistical analysis of the use of our website. In particular, usage and device data may be processed. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information: Google Privacy Policy
9. Error Analysis and Monitoring (Sentry)
We use Sentry as a service for technical error analysis, logging of exceptions, and performance and stability monitoring of our website, API, and connected services. In particular, technical diagnostic data such as error messages, stack traces, timestamps, request and header information, browser and device data, as well as IP-related metadata may be processed.
Where Sentry is used exclusively server-side for the detection, analysis, and resolution of technical issues and to ensure stability and security, processing is carried out on the basis of Art. 6(1)(f) GDPR. Where additional Sentry features for performance measurement or session replay are activated in the browser, this is done only with your consent pursuant to Art. 6(1)(a) GDPR.
Provider: Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Further information: Sentry Privacy Notice
10. Payment Processing (Stripe)
For paid premium features, we use Stripe. Depending on the selected payment method (including card, SEPA direct debit, PayPal via Stripe), payment and identification data may be processed.
- Checkout sessions are created via Stripe.
- Changes to subscriptions are processed via Stripe webhooks.
- For existing customers, we use the Stripe Customer Portal for self-management of subscriptions.
Legal basis: Art. 6(1)(b) GDPR. Provider information: https://stripe.com/de/privacy
11. Login with Discord
We offer login via Discord OAuth2. In particular, we process Discord account data (e.g. user ID, username, global name, avatar, email if provided by Discord) in order to enable access to the dashboard and bot functions.
Legal basis: Art. 6(1)(b) GDPR. Provider information: https://discord.com/privacy
12. Tickets, Logs and Transcripts
Within the scope of the ticket system, we process ticket content, process data (e.g. ticket ID, status, timestamps, involved users), as well as optional feedback data. Transcripts are stored as HTML files and are only made available to authorized persons.
When accessing transcripts, permissions are checked (including ticket owner, support roles, or admin rights on the respective Discord server).
13. Data Security
We implement technical and organizational security measures to protect data against loss, unauthorized access, manipulation, and misuse. These include in particular access restrictions, authorization checks, secure transmission, and secured API communication.
14. Your Rights
You have the following rights under the GDPR in particular:
- Access (Art. 15 GDPR),
- Rectification (Art. 16 GDPR),
- Erasure (Art. 17 GDPR),
- Restriction of processing (Art. 18 GDPR),
- Data portability (Art. 20 GDPR),
- Objection to certain processing (Art. 21 GDPR),
- Withdrawal of consent at any time with effect for the future (Art. 7(3) GDPR),
- Lodging a complaint with a supervisory authority (Art. 77 GDPR).
15. Version and Changes
Version of this Privacy Policy: March 28, 2026.
We reserve the right to amend this Privacy Policy if legal requirements, data processing activities, or technical processes change.
