Privacy Policy
 

Introduction

Congleton Vibe ("we", "us", "our") is a mobile application that helps users discover nightlife events and venues in Congleton, Cheshire, and enables venue owners to manage their listings and subscriptions. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK data protection law.

2. Data Controller

Congleton Vibe is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at: privacy@congletonvibe.co.uk

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Account Information (Venue Owners)

• Email address (for account creation, login, and communication)

• Password (stored securely using industry-standard hashing)

• Venue name and business details

3.2 User Profile Data (App Users)

• Display name or username (optional)

• Profile photo or avatar (optional, stored locally or uploaded)

3.3 Usage Data

• Event check-ins and attendance ("I'm Going" selections)

• Favourite/saved venues and events

• Event ratings and reviews (1-5 star ratings)

• Notification subscription preferences

3.4 Payment Data (Venue Owners on Paid Plans)

• Stripe customer ID and subscription status

• We do NOT store card numbers, CVVs, or full payment details — these are processed securely by Stripe (our PCI DSS-compliant payment processor)

3.5 Technical Data

• Device type, operating system, and app version

• IP address (logged temporarily for security purposes)

4. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by UK GDPR Article 6:

• Contract: To provide the app service, manage venue accounts, process subscriptions, and deliver features you have signed up for.

• Consent: For optional features such as profile photos and marketing communications. You can withdraw consent at any time.

• Legitimate Interest: To improve the app, prevent fraud, ensure security, and provide aggregated analytics (e.g. crowd counts, average ratings).

5. How We Use Your Data

We use your personal data to:

• Create and manage your account

• Display event listings, venue profiles, and real-time crowd information

• Process check-ins and show aggregate attendance data to other users

• Process subscription payments via Stripe

• Display ratings and reviews to help users make decisions

• Improve app functionality and user experience

• Detect and prevent misuse, fraud, or security threats

6. Data Sharing and Third Parties

We share personal data only with the following third parties, and only to the extent necessary:

• Supabase (database hosting and authentication) — EU/UK-adequate data processing

• Stripe (payment processing) — PCI DSS Level 1 certified, processes payments securely

• Expo / React Native (app infrastructure) — technical telemetry only

• postcodes.io (UK postcode geocoding) — postcode lookup only, no personal data sent

We do NOT sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

7. Data Retention

We retain your personal data for as long as necessary to provide the service:

• Active accounts: Data retained while your account is active

• Deleted accounts: Personal data deleted within 30 days of account deletion

• Event data: Historical event listings may be retained in anonymised form

• Payment records: Retained for 7 years as required by HMRC for tax compliance

• Check-in data: Automatically cleared after each event ends

8. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you

• Right to Rectification: Ask us to correct inaccurate or incomplete data

• Right to Erasure: Request deletion of your data ("right to be forgotten")

• Right to Restrict Processing: Ask us to limit how we use your data

• Right to Data Portability: Receive your data in a structured, machine-readable format

• Right to Object: Object to processing based on legitimate interest

• Right to Withdraw Consent: Withdraw consent for optional processing at any time

To exercise any of these rights, email us at: privacy@congletonvibe.co.uk. We will respond within 30 days as required by law.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted data transmission (TLS/SSL)

• Secure password hashing (bcrypt)

• Row-level security policies on all database tables

• Server-side processing for sensitive operations (payments, authentication)

• Regular security reviews and updates

10. International Data Transfers

Our infrastructure providers may process data outside the UK. Where this occurs, we ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs) or UK adequacy decisions, in compliance with UK GDPR Chapter V.

11. Children

Congleton Vibe is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Cookies and Local Storage

As a mobile application, we do not use browser cookies. We use local device storage (AsyncStorage) to store your preferences, check-in history, and profile data locally on your device. This data is not transmitted to third parties.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via an in-app notice. Continued use of the app after changes constitutes acceptance of the updated policy.

14. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk

• Helpline: 0303 123 1113

• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

15. Contact Us

For any questions about this Privacy Policy or to exercise your data rights, contact us at:

• Email: info@didgy-media.co.uk

• Subject: Data Protection Enquiry