We connect to your ticketing and marketing platforms via official APIs. Your data is read-only, encrypted in transit and at rest, and never shared with third parties.
Showtool connects to Weeztix, Ticketmaster, Paylogic, CM.com, Meta Ads, and Google Ads through their official, published APIs. We use OAuth where available, and API keys with the minimum required permission scope everywhere else.
We request read-only access. Showtool cannot modify your ticket listings, create events, publish ads, or make changes of any kind to your data on any connected platform.
Your API credentials and OAuth tokens are stored encrypted at rest using AES-256 encryption. They are never logged, transmitted in plaintext, or visible to Showtool staff.
Showtool only reads data. It cannot modify events, tickets, ads, or any other content on your connected platforms.
API keys and OAuth tokens are stored encrypted at rest. They are never visible to Showtool employees or logged in any system.
All communication between your browser and Showtool is encrypted via TLS. We enforce HTTPS and use HSTS.
Your ticket sales data and ad performance data are never sold, rented, or shared with any third party. Period.
Showtool is hosted on European infrastructure. Your data stays within EU borders and is subject to GDPR.
Dependencies are updated regularly. We follow industry-standard patch management for our application stack.
We only collect what we need to run the service. We do not collect behavioural analytics or build advertising profiles.
Password-protected share links use server-side authentication. Shared data is scoped to what you explicitly choose to share.
Payment is handled by Stripe. Showtool never sees or stores your credit card number or billing details.
Logins and share link access are logged. You can see who accessed shared links from your dashboard.
If you discover a security vulnerability in Showtool, please report it to us at security@showtool.app. We take all reports seriously and will respond within 72 hours.
Please do not publicly disclose the vulnerability until we have had a reasonable time to investigate and address it. We appreciate responsible disclosure and will acknowledge your contribution if you choose.