← Taquillita

Privacy Notice

Last updated: April 28, 2026

1. Who is responsible?

The party responsible for processing information associated with the mobile app Taquillita (the "App") is Oscar Reyes, an individual developer based in Querétaro, Mexico. For any matter related to this notice, contact details appear at the end of the document.

2. What personal data does the App collect?

None. The App is designed to operate without collecting, storing, or transmitting personal data to the developer or any third party. Specifically:

• It does not require registration, an account, an email address, a phone number, or any other personal identifier.
• It does not collect location data.
• It does not collect advertising or device identifiers.
• It does not use analytics tools (Google Analytics, Firebase Analytics, etc.).
• It does not use ad networks or third-party trackers.
• By default, it does not send information to any remote server operated by the developer. The single exception is the Cloud Backup (section 6), an optional feature you enable manually that uploads pseudonymous data identified only by an anonymous UUID.

3. Information you generate inside the App

For Taquillita to work, you generate certain information locally — for example:

• Names and configuration of the events you organize.
• Generated tickets (folio, QR code, and validation status).
• Records of when each ticket was sold or validated.

This information:

• Is stored exclusively in your device's internal storage, in a local database (SQLite).
• Is not synced or backed up to the cloud automatically. If you enable the Cloud Backup (section 6), the uploaded copy contains only ticket folios, dates, and status (used / unused) — no names of people or events.
• Is only accessible from your own device.
• Is wiped completely when you uninstall the App or clear its data from Android settings.

You decide what information you enter. If you capture data about third parties (e.g., customer names), you — as the event organizer — are responsible for that data under applicable law.

4. Device permissions and what they're used for

The App requests only the following permission, and only for the described purpose:

• Camera: used exclusively to scan ticket QR codes during validation at the event entrance. Camera frames are processed in real time on the device, are not stored, are not sent to any server, and are not shared with third parties. You can revoke this permission at any time from Android settings; if you do, the validation feature will no longer be available.

5. Sharing tickets via WhatsApp or other apps

When you choose to send a ticket via WhatsApp or another app, Taquillita uses the standard "share" function of the Android operating system. At that moment, the ticket image is handed to the app you select (e.g., WhatsApp), which then applies its own terms and privacy policy. Taquillita does not control what those apps do with the shared information.

6. Cloud Backup (optional feature)

Taquillita offers an optional Cloud Backup feature. If you choose to enable it, the App uploads a backup file to a server operated by the developer, with the following properties:

• Manual activation: the backup never uploads unless you press the button. There is no silent automatic sync.
• Anonymous identifier: the backup is associated only with a random identifier (UUID) generated on your device. It is not linked to your name, email, phone number, or any device data.
• Backup contents: only ticket folios (which reconstruct the QR code), their consecutive number, creation and validation dates, and status (used / unused). It does not include names of people, events, or customer data.
• Server location: the server is physically hosted in Helsinki, Finland, on Hetzner Online GmbH infrastructure. This is an international data transfer to a country in the European Economic Area, subject to the General Data Protection Regulation (GDPR), which represents an adequate level of protection.
• Encrypted connection: the transfer between the App and the server is over HTTPS (TLS).
• Retention: backups not consulted or updated for 90 days are deleted automatically. You can delete your backup at any time from inside the App.
• Access: the backup can only be retrieved by presenting the UUID. Anyone holding the UUID can read, overwrite, or delete the backup, so you should keep it somewhere safe (for example, in a WhatsApp chat to yourself). The developer has no mechanism to recover lost UUIDs.

7. Internet connection

The App is designed to work without an internet connection during normal operation (generating and validating tickets, viewing reports). It only makes network requests in two cases: (a) when you share a ticket via WhatsApp or another app, where the network is used by the operating system; and (b) when you enable the Cloud Backup described in section 6, where the App contacts the developer's server.

8. Transfers to third parties

The developer does not transfer, sell, rent, or share personal data with third parties for commercial purposes. The Cloud Backup (section 6) involves a technical transfer of pseudonymous data to the infrastructure provider (Hetzner Online GmbH, Germany/Finland), exclusively for storing the backup file, and is not used for any other purpose.

9. Children and minors

The App is not specifically directed to minors and does not knowingly collect data from minors. Since no personal information is collected at all, there is no processing of minors' data tied to use of the App.

10. Security

The information you generate lives in your device's private storage, protected by Android's security model. Protecting your device (screen lock, password, personal backups) is the user's responsibility. If you lose the device or factory-reset it, the local information is gone with it — unless you enabled the Cloud Backup and kept your UUID, in which case you can restore your information on another device.

11. Your rights

Under Mexico's Federal Law for the Protection of Personal Data Held by Private Parties (LFPDPPP) and its regulations, you have the right to access, rectify, cancel, and oppose the processing of your personal data (ARCO rights), as well as to revoke consent you have granted. If you reside in the European Economic Area, the United Kingdom, or another jurisdiction with data-protection laws (GDPR, UK GDPR, CCPA, etc.), you may have additional or equivalent rights under applicable local law.

For Taquillita, since ordinary information lives on your device, those rights are exercised directly from it:

• Access and rectification: from inside the App.
• Local cancellation / deletion: by clearing the App's data from Android settings, or uninstalling. This wipes all locally generated information.
• Cancellation of the Cloud Backup: from inside the App via "Delete backup", or by writing to the developer with your UUID.
• Revoking the camera permission: from Android settings, at any time.

If you believe any processing by the developer infringes your rights, you can contact us through the channels listed at the end. Mexican users can also file a complaint with the National Institute of Transparency, Access to Information and Personal Data Protection (INAI).

12. Changes to this notice

If the App's privacy behavior changes in the future, this notice will be updated and the "Last updated" date will reflect the change. The current version will always be available at this same URL.

13. Contact

For questions, clarifications, or to exercise your rights related to this Privacy Notice:

← Back to Taquillita