Website Design
Privacy Policy
IntroductionCongleton Vibe ("we", "us", "our") is a mobile application that helps users discover nightlife events and venues in Congleton, Cheshire, and enables venue owners to manage their listings and subscriptions. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK data protection law.2. Data Controller Didgy-Media is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at: info@didgy-media.com.
Personal Data We Collect
We collect the following categories of personal data:3.1 Account Information (Venue Owners)
Email address (for account creation, login, and communication)
Password (stored securely using industry-standard hashing)
Venue name and business details
3.2 User Profile Data (App Users)
Display name or username (optional)
Profile photo or avatar (optional, stored locally or uploaded)
3.3 Usage Data
Event check-ins and attendance ("I'm Going" selections)
Favourite/saved venues and events
Event ratings and reviews (1-5 star ratings)
Notification subscription preferences
3.4 Payment Data (Venue Owners on Paid Plans)
Stripe customer ID and subscription status
We do NOT store card numbers, CVVs, or full payment details — these are processed securely by Stripe (our PCI DSS-compliant payment processor)
3.5 Technical Data
Device type, operating system, and app version
IP address (logged temporarily for security purposes)
4. Lawful Basis for ProcessingWe process your personal data under the following lawful bases as defined by UK GDPR Article 6:
Contract: To provide the app service, manage venue accounts, process subscriptions, and deliver features you have signed up for.
Consent: For optional features such as profile photos and marketing communications. You can withdraw consent at any time.
Legitimate Interest: To improve the app, prevent fraud, ensure security, and provide aggregated analytics (e.g. crowd counts, average ratings).
5. How We Use Your DataWe use your personal data to:
Create and manage your account
Display event listings, venue profiles, and real-time crowd information
Process check-ins and show aggregate attendance data to other users
Process subscription payments via Stripe
Display ratings and reviews to help users make decisions
Improve app functionality and user experience
Detect and prevent misuse, fraud, or security threats
6. Data Sharing and Third PartiesWe share personal data only with the following third parties, and only to the extent necessary:
Supabase (database hosting and authentication) — EU/UK-adequate data processing
Stripe (payment processing) — PCI DSS Level 1 certified, processes payments securely
Expo / React Native (app infrastructure) — technical telemetry only
postcodes.io (UK postcode geocoding) — postcode lookup only, no personal data sent
We do NOT sell, rent, or trade your personal data to any third party for marketing or advertising purposes.7. Data RetentionWe retain your personal data for as long as necessary to provide the service:
Active accounts: Data retained while your account is active
Deleted accounts: Personal data deleted within 30 days of account deletion
Event data: Historical event listings may be retained in anonymised form
Payment records: Retained for 7 years as required by HMRC for tax compliance
Check-in data: Automatically cleared after each event ends
8. Your Rights Under UK GDPRUnder UK data protection law, you have the following rights:
Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Ask us to correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Ask us to limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw consent for optional processing at any time
To exercise any of these rights, email us at: privacy@congletonvibe.co.uk. We will respond within 30 days as required by law.9. Data SecurityWe implement appropriate technical and organisational measures to protect your personal data, including:
Encrypted data transmission (TLS/SSL)
Secure password hashing (bcrypt)
Row-level security policies on all database tables
Server-side processing for sensitive operations (payments, authentication)
Regular security reviews and updates
10. International Data TransfersOur infrastructure providers may process data outside the UK. Where this occurs, we ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs) or UK adequacy decisions, in compliance with UK GDPR Chapter V.11. ChildrenCongleton Vibe is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.12. Cookies and Local StorageAs a mobile application, we do not use browser cookies. We use local device storage (AsyncStorage) to store your preferences, check-in history, and profile data locally on your device. This data is not transmitted to third parties.13. Changes to This PolicyWe may update this Privacy Policy from time to time. Material changes will be communicated via an in-app notice. Continued use of the app after changes constitutes acceptance of the updated policy.14. ComplaintsIf you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
15. Contact UsFor any questions about this Privacy Policy or to exercise your data rights, contact us at:
Email: info@didgy-media.co.uk
Subject: Data Protection Enquiry