Privacy
Policy.
How we handle personal data on ticaga.com — and why a self-hosted helpdesk keeps your customers' data firmly in your hands, not ours.
What this policy covers.
- This policy covers ticaga.com, accounts, licensing, billing, support, and our customer portal.
- Your helpdesk runs self-hosted, so we do not routinely host your tickets or end-user data.
- Support tickets you send to Ticaga may include personal data, logs, screenshots, or attachments.
- We never sell your personal data. Full stop.
- You have rights under UK GDPR — access, correction, erasure, and more.
Who we are
This Privacy Policy explains how Ticaga Ltd (company № 14575291, registered in England & Wales, based in Alcester, UK) handles personal data when you visit ticaga.com, create an account, purchase a license, receive support, contact us, use our customer portal, or interact with our website and services.
For the purposes of UK data-protection law, Ticaga is the controller of the personal data described in this policy unless we expressly state otherwise.
Self-hosted, by design
Ticaga is a self-hosted helpdesk. The software runs on infrastructure that you control, and your tickets, contacts, and end-user records do not routinely pass through our servers as part of normal operation.
If you send us logs, screenshots, exports, database samples, ticket content, or other deployment data for support, we process that material to provide support. You should avoid sending unnecessary personal data, redact sensitive data where possible, and ensure you have a lawful basis to share it with us.
What we collect
How we use your data
- to create and manage accounts;
- to process orders, renewals, invoices, tax, and payment administration;
- to issue and validate licenses;
- to provide support and respond to enquiries;
- to operate, secure, debug, and improve our website, account systems, and license services;
- to send service notices, security notices, product updates, and renewal reminders;
- to send marketing where permitted by law;
- to comply with legal obligations and enforce our rights.
Legal bases
Under UK GDPR we rely on the following bases to process your personal data:
- Contract — to provide accounts, licenses, downloads, updates, support, and customer services.
- Legal obligation — to keep records required by tax and company law.
- Legitimate interests — to secure services, prevent misuse, validate licenses, improve products, respond to business enquiries, and protect our rights.
- Consent — for optional marketing and non-essential cookies where required.
Cookies
We use essential cookies and similar storage for security, login sessions, customer portal functionality, and preferences such as theme settings.
We only set non-essential analytics or marketing cookies where you have consented, unless the analytics are configured so they do not require consent under applicable law. You can withdraw consent through the cookie banner or your browser settings. Blocking essential cookies may stop parts of the site working.
Sharing & processors
We do not sell your personal data. We may share personal data with service providers that help us operate the business, including:
- hosting providers;
- payment processors;
- email providers and customer support tools;
- analytics and security tools;
- accounting providers and professional advisers.
We may also disclose data where required by law, to protect rights and security, to enforce agreements, or as part of a business sale, merger, or reorganisation.
We maintain, or can provide on request, a current provider list showing provider name, purpose, location, and transfer safeguard where applicable.
Third-party & AI integrations
If you connect your self-hosted Ticaga deployment to third-party services such as OpenAI, Anthropic Claude, Slack, Blesta, WHMCS, ClientExec, email providers, or hosting providers, you control that integration.
Those providers process data under their own terms and privacy notices. You are responsible for deciding what data to send, obtaining any required consent or legal basis, and configuring the integration appropriately.
Retention
We retain personal data only for as long as needed:
- Billing and accounting records: normally six years after the end of the relevant financial year.
- Account records: while the account is active and up to 24 months after closure, unless needed for disputes or legal compliance.
- License validation records: normally up to 24 months after license expiry or last validation, unless needed to prevent misuse or resolve disputes.
- Support tickets: normally up to 36 months after closure.
- Security logs: normally up to 12 months unless needed for investigation.
- Marketing preferences: until withdrawn, with suppression records retained as needed to respect opt-outs.
International transfers
Some providers may process personal data outside the UK. Where required, we use appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, adequacy regulations, or another lawful transfer mechanism.
Your rights
Subject to certain conditions, you have the right to:
- access the personal data we hold about you;
- correct inaccurate data or complete incomplete data;
- ask us to erase your data or restrict how we use it;
- object to processing based on our legitimate interests;
- receive your data in a portable format; and
- withdraw consent at any time, where we rely on it.
To exercise any of these, email privacy@ticaga.com. We'll respond within one month.
Security
We use appropriate technical and organisational measures to protect personal data we control, including access controls, encryption in transit, credential protection, backups for our own systems, and monitoring where appropriate.
For self-hosted deployments, you are responsible for securing your own hosting environment, database, backups, credentials, email configuration, and integrations.
Contact & complaints
Alcester, United Kingdom
privacy@ticaga.com
If you have a concern we can't resolve, you have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk. We'd appreciate the chance to put things right first, though — just email privacy@ticaga.com.