This Privacy Policy describes how "Glana" LLC ("Glana", "we", "us") collects, uses, stores, and protects personal data when you use glana.am, app.glana.am (Glana Restaurants), and tickets.glana.am (Glana Tickets).
We process personal data in accordance with the Law of the Republic of Armenia "On Protection of Personal Data" and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Who we are
"Glana" LLC, registered in the Republic of Armenia at: Yerevan, Kentron Administrative District, Byron Street, building 1/1, apartment 12, postal code 0009.
Contact for all privacy matters: legal@glana.am.
2. Our roles
- For Glana Tickets accounts, ticket purchases, and demo/partner enquiries, Glana acts as the data controller.
- For Glana Restaurants guest payments, Glana processes payment-related data as the merchant of record and platform operator; bill contents and order data originate from the restaurant's point-of-sale system, for which the restaurant is responsible.
3. What data we collect
Glana Restaurants (app.glana.am) — guests
- Bill and order data for your table (items, amounts), received from the restaurant's POS system
- Transaction data: amount, currency, payment method type, payment status, timestamp, table identifier
- A pseudonymous first-party visitor identifier (signed UUID stored in a cookie) used for fraud prevention, payment-session integrity, and aggregate platform analytics
- Technical data: IP address, browser type, device type, language preference
- Optional: rating and feedback you choose to submit after payment
No registration is required and we do not collect your name, email, or phone number for restaurant payments.
Glana Tickets (tickets.glana.am) — buyers
- Account data: phone number and/or email address (verified by one-time code)
- Purchase data: tickets bought, amounts, payment status, timestamps
- Ticket QR credentials and entry validation records
- Resale listings and transactions on the in-platform marketplace
- Marketing attribution data (UTM parameters of the link you arrived from)
- Technical data: IP address, browser type, device type, language preference
Restaurant partners and event organizers
- Contact data submitted via demo/partner request forms: name, email, phone, business name, POS system type
- Dashboard account credentials (passwords are stored in hashed form only)
- Settlement and payout records
Payment card data
We do not collect, store, or have access to full card numbers, CVV codes, or other raw payment credentials. All card data is entered directly into the hosted payment infrastructure of "Ameriabank" CJSC and processed under mandatory 3-D Secure authentication. Apple Pay and Google Pay transactions use tokenised credentials handled by the respective wallet provider and Ameriabank.
4. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Processing payments and issuing fiscal receipts | Performance of a contract; legal obligation (Armenian fiscal legislation) |
| Operating ticket accounts, delivering tickets, validating entry | Performance of a contract |
| Refunds, reconciliation, dispute and chargeback handling | Performance of a contract; legal obligation |
| Fraud prevention and platform security | Legitimate interest |
| Aggregate, non-marketing platform analytics (first-party only) | Legitimate interest |
| Responding to demo and partner enquiries | Steps prior to entering a contract |
| Transactional emails (confirmations, receipts, one-time codes) | Performance of a contract |
We do not use your data for third-party advertising and we do not sell personal data.
5. Where your data is processed and stored
Our platform is hosted on Vercel infrastructure with databases hosted on Neon (PostgreSQL) located in Frankfurt, Germany (European Union). Application functions are executed in the EU; for part of the Restaurants product, certain processing may temporarily occur on infrastructure in the United States until our EU region migration is completed, after which all processing and storage will take place exclusively in the EU.
Transfers of personal data from Armenia to the EU are made to jurisdictions ensuring an adequate level of protection in accordance with Armenian data protection law.
6. Who we share data with
| Recipient | Purpose |
|---|---|
| "Ameriabank" CJSC (Armenia) | Payment acquiring and processing (VPOS), 3-D Secure, refunds, chargebacks |
| Apple Inc. / Google LLC | Apple Pay / Google Pay wallet tokenisation (initiated by your device) |
| Licensed Armenian fiscalisation providers | Generation of mandatory E-HDM fiscal receipts |
| Vercel Inc. / Neon Inc. | Hosting and database infrastructure (EU region) |
| Resend | Delivery of transactional emails (confirmations, receipts, one-time codes) |
| Restaurants / event organizers | Transaction records relating to their own venue or event (no payment credentials) |
All processors act under data processing terms and only on our instructions. We may also disclose data where required by law or competent authority.
7. Retention
- Transaction and fiscal records: retained as required by Armenian tax and accounting legislation
- Ticket account data: for the life of the account; deleted upon verified deletion request, subject to legal retention obligations
- Guest feedback: up to 12 months
- Demo / partner enquiries: up to 12 months if no partnership is formed
- Technical logs: up to 12 months
8. Your rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure of your data (subject to legal retention obligations);
- object to or request restriction of processing;
- receive your data in a portable format where technically feasible;
- lodge a complaint with the Personal Data Protection Agency of the Republic of Armenia or your local supervisory authority.
To exercise any right, contact legal@glana.am. We respond within 30 days. We may need to verify your identity before acting on a request.
9. Cookies and similar technologies
We use only first-party cookies that are strictly necessary or functional. We do not use third-party advertising or analytics cookies. Full details, including a complete cookie table per product, are in our Cookie Policy. If we introduce any technology requiring consent in the future (such as analytics or advertising tags, or device fingerprinting), we will request your consent through a consent banner before activating it.
10. Security
We protect personal data through TLS encryption in transit, encrypted storage, httpOnly authentication cookies, CSRF protection, access controls, hashed passwords, and automated transaction reconciliation. No internet transmission is entirely risk-free; we apply commercially reasonable safeguards and continuously improve them.
11. Children
The platform is not directed at children. Ticket purchases require a verified account, and age restrictions for specific events are set and enforced by the organizer.
12. Changes
We may update this Privacy Policy from time to time. The current version is always available on this page with its effective date. Material changes affecting Glana Tickets account holders will be notified by email or in-product notice.
13. Contact
"Glana" LLC
Yerevan, Kentron Administrative District, Byron Street, building 1/1, apartment 12, 0009, Republic of Armenia
Email: legal@glana.am