Privacy Policy

1. Information We Collect

We collect information you provide directly:

  • Account information (name, email, password)
  • Profile information (username, bio, avatar, banner, location, social links)
  • Party details (title, description, location, date, time)
  • Address information including postcode for location-based features
  • Guest information (names, emails, phone numbers)
  • Payment information (processed securely via Stripe)
  • Bank details (for payout processing)
  • Device location (only when you use Events Near Me feature)
  • Check-in data and stamp collection records
  • Custom stamp designs created by hosts

2. How We Use Your Information

We use your information to:

  • Provide and improve our services
  • Process payments and payouts
  • Send important updates about your events
  • Send ticket confirmations and custom emails
  • Communicate with you about your account
  • Enable location-based event discovery (with your permission)
  • Generate analytics and insights for your events
  • Display your public profile and stamp collection
  • Generate digital stamps when you check in to events
  • Show your event map with check-in locations (if enabled)

3. Public Profile Data

When you create a public profile, the following information may be publicly visible:

  • Your username, display name, avatar, and banner image
  • Your bio and location (if provided)
  • Social media links you choose to add
  • Your stamp collection (if enabled in display settings)
  • An interactive map of event locations you've attended (if enabled)
  • Statistics such as events attended, stamps earned, and cities visited

You can control what is publicly visible through your profile display settings. You can disable stamp collection or event map visibility at any time. Profile metadata (name, bio, avatar) may be included in link previews when your profile is shared on social media.

4. Location Data

When you create an event, we collect your postcode to:

  • Display the general area (e.g., "Newquay, Cornwall") to potential guests
  • Enable location-based event discovery
  • Show events on maps (approximate location only)
  • Plot check-in locations on your profile event map (city-level only)

Full addresses are only shared with confirmed guests. We use the postcodes.io API to convert postcodes to coordinates and region names. Event map pins on profiles show city-level locations only, not exact addresses.

5. Digital Stamp Data

When you check in to an event, we create a digital stamp record that includes:

  • The event name and type
  • The city where the event was held
  • The date and time of check-in
  • A rarity level based on event characteristics
  • Custom stamp design data (if the host created a custom stamp)

Stamp data is linked to your account. If you have a public profile with stamps enabled, your stamp collection is visible to anyone. Each stamp has a shareable link. You can disable stamp visibility in your profile display settings.

6. Information Sharing

We do not sell your personal information. We share information only:

  • With service providers (Stripe for payments, Supabase for data storage, AWS SES for emails, Vercel for hosting)
  • With postcodes.io for location lookups (postcodes only)
  • Publicly on your profile page (only the data you choose to display)
  • When required by law
  • With your consent

7. Data Security

We implement industry-standard security measures to protect your data. Bank details are stored securely and only used for processing payouts. All data is encrypted in transit and at rest. Passwords are hashed using bcrypt and are never stored in plain text.

8. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data (once every 7 days)
  • Cancel your subscription at any time
  • Delete individual parties and associated guest data
  • Opt out of public event discovery
  • Hide your stamp collection from your public profile
  • Hide your event map from your public profile
  • Disable your public profile entirely

9. Data Export

You can request a full export of your data through your account settings. The export includes your profile information, all parties you've created, guest lists, stamp collection, and analytics data. Exports are limited to once every 7 days and will be sent to your registered email address.

10. Data Retention

We retain your data for as long as your account is active. When you delete your account, we will delete all associated data within 30 days, including your profile, stamps, and event history. Some data may be retained for legal compliance purposes.

11. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

12. Contact

For privacy-related questions, contact us at privacy@pullup.at

Last updated: February 2026