Privacy Policy

1. Introduction

CTS Network ("we", "our", or "us") operates the event ticketing and management platform available at ctsnetwork.id (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully. By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration: name, email address, and password when you create an account using email/password authentication.
• Profile information: display name and optional avatar image you upload to your profile.
• Vendor / organizer applications: organization name, description, website, logo, and related details submitted when applying to host events.
• Event data: event name, description, venue, schedule, ticket types, and pricing entered by organizers.
• Order information: name and contact details provided when purchasing tickets.

2.2 Information Collected Automatically

• Log data: IP address, browser type, pages visited, timestamps, and referring URLs collected automatically when you interact with the Service.
• Cookies and session data: we use HTTP-only session cookies to maintain your authenticated session. See Section 6 for details.
• Payment metadata: transaction status and payment reference IDs provided by our payment processor (Midtrans). We do not store full credit card numbers.

2.3 Information from Third-Party Sign-In

If you choose to sign in or link your account with Google OAuth, we receive your name, email address, and profile picture from Google in accordance with the scopes you authorize. We use this information only to create or authenticate your CTS Network account.

3. How We Use Your Information

• To create and manage your account and authenticate your identity.
• To process ticket purchases and send order confirmations.
• To enable event discovery, ticket issuance, and QR-code scanning.
• To review and process vendor / organizer applications.
• To send transactional emails (e.g., order receipts, password resets).
• To improve the Service, diagnose technical issues, and ensure security.
• To comply with legal obligations.

We do not sell your personal information to third parties, and we do not use it for targeted advertising.

4. Sharing of Information

We may share your information with:

• Supabase — our backend-as-a-service provider that hosts the database, authentication service, and file storage. Data is stored on servers operated by Supabase in accordance with their Privacy Policy.
• Midtrans — our payment processor. Payment data is handled in accordance with Midtrans's privacy and security standards. We only retain the transaction reference ID and payment status.
• Google — when you use Google Sign-In, Google processes your authentication in accordance with Google's Privacy Policy.
• Legal requirements: we may disclose information if required by applicable law, court order, or to protect the rights and safety of our users and the public.

5. Data Retention

We retain your account information for as long as your account is active or as necessary to provide the Service. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., transaction records).

6. Cookies

We use the following types of cookies:

• Session cookies: HTTP-only cookies that store your authentication state and user profile information. These are essential for the Service to function and expire after 30 days or when you sign out.
• Preference cookies: used to remember UI preferences such as dark/light mode.

We do not use tracking or advertising cookies. You may disable cookies in your browser settings, but doing so will prevent you from signing in to the Service.

7. Security

We implement industry-standard security measures including HTTPS encryption, HTTP-only cookies, row-level security policies on our database, and access controls that limit which parts of the system can read or modify your data. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and personal data.
• Object to or restrict certain processing of your data.
• Withdraw consent for optional processing at any time.

To exercise any of these rights, please contact us at the address listed in Section 10.

9. Children's Privacy

The Service is not primarily directed to individuals under the age of 13. If individuals under 13 access or use the Service, they must do so under the supervision and guidance of a parent or legal guardian. We do not knowingly collect personal information from children under 13 without parental involvement. If you believe that a child under 13 has provided personal information without appropriate parental supervision, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

• Email: contact@ctsnetwork.id
• Instagram: @ctsnetwork.id