TixAce Drive - Terms & Privacy

1. Introduction

TixAce Drive is a secure file storage service integrated with TixAce Travel, designed to help travelers store and share trip-related documents, photos, videos, and other files with their travel group.

By using TixAce Drive, you agree to these Terms of Service and Privacy Policy. If you do not agree, please do not use this service. These terms are in addition to the general TixAce Travel Terms of Service.

This document complies with the General Data Protection Regulation (GDPR) and outlines how we process, store, and protect your data.

2. Service Description

TixAce Drive provides the following features:

• File Storage: Upload and store documents, images, videos, and other files related to your trip
• Storage Limits: Each trip has a designated storage quota (typically 1 GB unless upgraded)
• Supported Files: All common file types including documents (PDF, DOCX), images (JPG, PNG, GIF), videos (MP4, MOV), audio (MP3, WAV), and archives (ZIP)
• Access Control: Files are accessible only to trip participants with valid access tokens
• Availability: Drive access may be time-limited based on your trip's finalization settings
• File Management: Upload, download, preview, and delete files (except files marked as "important")

3. Data Storage & Retention (GDPR)

3.1 Storage Location

Your files are securely stored using Cloudflare R2, a distributed object storage service with servers located in compliance with GDPR requirements. File metadata (filenames, sizes, upload dates) is stored in our MongoDB database.

3.2 Encryption

All files are encrypted both:

• In Transit: Using TLS 1.3 encryption during upload and download
• At Rest: Files are encrypted on Cloudflare's servers using industry-standard encryption

3.3 Data Retention

Files are retained for the duration of your trip plus 90 days after the trip end date. After this period:

• Files are automatically and permanently deleted from storage
• File metadata is removed from our database
• No backups or copies are retained

3.4 Early Deletion

You may request early deletion of your files at any time by:

• Using the delete function in the Drive interface
• Contacting us at hello@tixace.com

4. User Responsibilities

By using TixAce Drive, you agree to:

• Upload Appropriate Content Only: No illegal, harmful, offensive, or inappropriate content
• Respect Intellectual Property: Only upload files you own or have permission to share
• No Copyrighted Material: Do not upload copyrighted content without proper authorization
• Virus-Free Files: Ensure your files are free from viruses, malware, or malicious code
• Respect Others: Do not upload content that violates other travelers' privacy or rights
• Accurate Information: File names and metadata should accurately represent content
• Storage Limits: Respect the allocated storage quota for your trip

5. Data Privacy (GDPR)

5.1 Personal Data We Collect

• File metadata: filename, file size, file type, upload timestamp
• Access tokens for authentication
• No personal identifying information unless included in your files

5.2 Legal Basis for Processing

We process your data based on:

• Contract Performance: To provide the file storage service you requested
• Legitimate Interest: To maintain service security and functionality
• Consent: By uploading files, you consent to storage and sharing with trip participants

5.3 Data Sharing

Your files are shared only with:

• Trip organizers and travelers who have valid access tokens
• Cloudflare (as our infrastructure provider, under data processing agreement)
• No third-party marketing or analytics services have access to your files

5.4 Your Rights Under GDPR

You have the right to:

• Access: Request a copy of your file metadata
• Rectification: Correct inaccurate metadata
• Erasure: Delete your files at any time (except "important" files)
• Data Portability: Download all your files
• Restriction: Request temporary restriction of processing
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Stop using the service and request deletion

5.5 Right to Lodge Complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with your national data protection supervisory authority.

5.6 International Data Transfers

Data may be processed in various jurisdictions where Cloudflare operates. All transfers comply with GDPR requirements including Standard Contractual Clauses.

6. Security

6.1 Security Measures

• Presigned URLs: All file access uses time-limited presigned URLs (1 hour for downloads, 5 minutes for uploads)
• Token-Based Authentication: Access requires valid trip-specific tokens
• Encryption: TLS 1.3 for transmission, AES encryption at rest
• Access Control: Files are isolated per trip and only accessible to authorized users

6.2 Your Security Responsibilities

• Keep your access token confidential
• Do not share access links with unauthorized persons
• Report suspected security issues to hello@tixace.com

6.3 No Absolute Security

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data against all possible threats.

7. File Deletion

• User Deletion: You can delete your uploaded files at any time using the delete button
• Important Files: Files marked as "important" by trip organizers cannot be deleted by travelers
• Immediate Removal: Deleted files are immediately removed from storage and cannot be recovered
• Automatic Deletion: All files are automatically deleted 90 days after trip completion

8. Prohibited Content

You may not upload content that:

• Is illegal, fraudulent, or violates any laws
• Contains viruses, malware, or malicious code
• Infringes on intellectual property rights
• Is defamatory, obscene, pornographic, or offensive
• Promotes violence, hatred, or discrimination
• Violates others' privacy or confidentiality
• Contains excessive amounts of unrelated content (spam)

8.1 Enforcement

We reserve the right to:

• Remove content that violates these terms
• Suspend or terminate access for violations
• Report illegal content to authorities
• No refunds for suspended accounts due to violations

9. Liability Limitations

9.1 "As Is" Service

TixAce Drive is provided "as is" without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

9.2 No Uptime Guarantee

We strive for high availability but do not guarantee uninterrupted service. We are not liable for downtime, maintenance, or technical issues.

9.3 Data Loss

While we implement backups and redundancy, we are not liable for data loss due to:

• Technical failures or infrastructure issues
• User error (accidental deletion)
• Security breaches despite reasonable precautions
• Force majeure events

You are responsible for maintaining backups of important files.

9.4 Limited Liability

To the maximum extent permitted by law, our liability is limited to the amount you paid for the TixAce Drive service (if any) in the 12 months preceding the claim. We are not liable for indirect, incidental, consequential, or punitive damages.

10. Changes to Terms

We reserve the right to modify these terms at any time. Changes will be effective:

• Immediately upon posting the updated terms
• We will update the "Last Updated" date at the top
• For material changes, we may notify you via email or in-app notification
• Continued use of the service constitutes acceptance of updated terms

We recommend reviewing these terms periodically.

11. Contact & Data Protection

11.1 General Inquiries

For questions, support, or concerns about TixAce Drive:

11.2 Data Protection Officer (GDPR)

For GDPR-related requests (access, erasure, portability, complaints):

We will respond to GDPR requests within 30 days as required by law.

11.3 Security Issues

To report security vulnerabilities: