Cookie Policy
Last updated: June 20, 2026
This Website is owned and operated by Ticketted Pty Ltd (we, us, our). This page explains the cookies and similar technologies (local storage, session storage) used by Ticketted, what they do, and how you can control them. For broader information on how we handle personal information, see our Privacy Policy.
The anonymous, non-personal information collected and analysed through cookies is not personal information as defined in the Privacy Act 1988 (Cth). Where we log your IP address (for example, on campaign attribution clicks), it is used to derive coarse information such as the country your computer is located in. Raw IP addresses are not retained — only the hashed form (with a daily-rotating salt) is stored, as described in the campaign attribution section below.
What's a cookie?
A cookie is a small piece of data stored by your browser when you visit a site. Cookies make it possible for a site to remember things between page loads — like whether you're signed in, what's in your cart, or whether you've already dismissed a banner.
Categories we use
Essential — always on
These cookies are required for the platform to work. We can't turn them off, and you don't need to consent to them.
- Clerk session cookies (
__session,__client_uat,__refresh_*) — sign-in state and CSRF protection. Set by our authentication provider, Clerk. - Convex connection cookie — keeps the realtime websocket attached to your session.
- Next.js cookies — anti-CSRF token; routing preferences.
- Stripe.js cookies (
__stripe_mid,__stripe_sid) — fraud-prevention on the payment iframe. Only set during checkout. - Theme + consent preferences — your light/dark choice and your analytics-consent decision are stored in
localStorageon your device. They don't leave the browser.
Analytics — consent-gated
These are off by default. We only set them after you click "Accept analytics" on the banner. You can revoke at any time by clearing your browser storage for ticketted.com.
- Amplitude (
AMP_*,amp-cookie-*) — page views, feature usage, anonymous device ID. Used to understand which features get used and what breaks. - Amplitude Session Replay — records a video-like replay of your session for debugging UX issues. Sensitive form fields (email, payment) are masked by default; we don't record password fields.
Seller campaign attribution — set on click
Sellers can create their own trackable links (e.g. ticketted.com/r/summer-fest-AbC123) to share in ads, social posts, and DMs. These cookies are only set if you actually click one of those links. A normal visit to the homepage or an event page never sets them.
tt_camp— records which campaign sent you. Expires after 30 days. First-party, HttpOnly, SameSite=Lax.tt_vid— a random visitor id used so the seller can see "unique clicks" without us ever storing your IP. Expires after 1 year. First-party, HttpOnly, SameSite=Lax.
What the seller sees: a count of visits, signups, RSVPs, and ticket purchases attributed to each of their campaigns, plus a coarse breakdown by device class (mobile/tablet/desktop) and country. We never share your IP or any direct identifier with the seller; IPs are hashed with a daily-rotating salt and not retained in raw form.
Marketing — none
We don't use third-party advertising or marketing tracking. No Facebook Pixel, Google Ads tag, LinkedIn Insight Tag, etc.
How to control cookies
- Analytics consent: use the banner that appears on your first visit. If you've dismissed it without choosing, clear
localStorageforticketted.com(DevTools → Application → Local Storage → deleteticketted.analytics-consent) and the banner returns. - Essential cookies: managed by your browser. Most browsers let you block third-party cookies via Settings. Blocking Clerk's session cookies will prevent sign-in.
Changes to this policy
If we add a new tracker, we'll update this page and surface the change in the consent banner before the new tracker fires. We won't add new categories silently.
Questions
Email support@ticketted.com.