Privacy Policy

Last updated: 26 June 2026

In short: Open Ticket Scanner does not collect, sell, or share your personal data. It has no accounts, no analytics, and no third-party tracking. Everything you enter stays on your device, except the scan requests the app sends to the ticket-validation server you configure.

This policy explains how the Open Ticket Scanner mobile app (the “App”) handles information. The App is published by Fruitcake (“we”, “us”) and is free and open source. If you operate the App to check tickets at an event, note that the validation server you point it at is yours — see Operators & your server below.

What the App stores

The App stores the following locally on your device only. We never receive it.

Data	Why	Where
Scanner configurations — name, API URL, optional API key, scanner name, and scan settings	So the App knows which server to validate against and how to behave	On-device key–value storage
Scan history — the scanned code, result status, and timestamp	So you can review check-ins and spot duplicates	On-device database
A randomly generated device identifier	To identify this particular scanner to your server	On-device storage
App preferences — haptic and sound feedback toggles	To remember your settings	On-device storage

This data stays on the device. It is removed when you delete the relevant configuration, clear the history in the App, or uninstall the App.

Camera

The App uses your device camera only to scan QR codes and barcodes in real time. Camera frames are processed on the device to read the code and are not stored, recorded, or transmitted by the App. You grant camera access through your operating system's standard permission prompt and can revoke it at any time in your device settings.

What gets sent over the network

When you scan a ticket in a ticket-validation configuration, the App sends a request to the API URL you entered for that configuration. That request contains:

the scanned code value and its barcode type;
the configuration's identifier and the scanner name you set;
the device identifier described above;
the time of the scan; and
the App version (sent as a request header).

These requests go only to the server you configure — not to us. If you add an API key to a configuration, it is sent with these requests to authenticate to your server. The App contains no advertising or analytics SDKs and makes no other background network connections of its own.

Operators & your server

Open Ticket Scanner is a tool for connecting to a ticketing backend that you choose or run. The server that receives the scan requests is operated by you or your ticketing provider, not by us. What that server logs, stores, or does with the data — including any personal data associated with a ticket — is governed by your own privacy practices and agreements with your attendees, not by this policy. If you deploy the App for an event, you are responsible for handling attendee data lawfully.

Permissions the App requests

Camera — to scan codes (required for scanning).
Internet — to send scan requests to your configured server.
Vibration / audio — for optional haptic and sound feedback on a result.

Children

The App is a utility intended for event staff and is not directed at children. We do not knowingly collect any information from children.

Keeping & deleting your data

Because the App stores data only on your device, you are in control of it. You can clear a configuration's scan history from within the App, delete a configuration, or uninstall the App to remove all locally stored data. To remove data held by a validation server, contact whoever operates that server.

Changes to this policy

We may update this policy as the App evolves. Material changes will be reflected here with a new “Last updated” date. Because the App is open source, the history of this document is also available in the project repository.

Contact

Questions about this policy? Email barry@fruitcake.nl or open an issue on GitHub.

← Back to home