DiscoverNearbyChats
Sign in

LEGAL

Privacy Policy

Effective date: 1 May 2025  ·  Version 1.0

1. Who We Are

PartyRadar Ltd ("PartyRadar", "we", "us", "our") is the data controller for personal data collected through the PartyRadar app and website (partyradar.org).

We are committed to protecting your privacy and handling your data in an open and transparent way. This policy explains what data we collect, why, and how we use it. It applies to all users of the Service in the United Kingdom and European Economic Area (EEA).

Our lead supervisory authority under UK GDPR is the Information Commissioner's Office (ICO).

2. Data We Collect and Why

We collect and process the following categories of personal data:

DataPurposeLegal Basis (UK GDPR)
Name, email address, usernameAccount creation and identificationContract (Art. 6(1)(b))
Date of birthAge verification (18+ requirement)Legal obligation (Art. 6(1)(c))
Profile photoProfile display and community featuresConsent (Art. 6(1)(a))
Location data (approximate)Showing nearby events and usersConsent (Art. 6(1)(a))
Device token (FCM)Push notificationsConsent (Art. 6(1)(a))
Payment informationTicket purchases, subscriptions, wallet top-upsContract (Art. 6(1)(b))
Event and RSVP historyCore Service functionalityContract (Art. 6(1)(b))
Messages and DMsIn-app messaging (end-to-end encrypted)Contract (Art. 6(1)(b))
IP address and device infoSecurity, fraud prevention, analyticsLegitimate interests (Art. 6(1)(f))
Usage data (pages viewed, taps)Product improvementLegitimate interests (Art. 6(1)(f))

We do not collect special category data (e.g. health, biometric, racial or ethnic origin data) except where you voluntarily disclose it in your profile bio, which is publicly visible.

3. Location Data

PartyRadar uses your device location to show you events and users near you. Location access is optional — you can use the Service without granting location permission, but nearby features will be unavailable.

  • We request "While Using the App" permission on iOS and "Foreground" permission on Android.
  • We do not request background location access.
  • Your precise coordinates are used server-side to calculate distances; we store only your last approximate city, not a continuous location history.
  • Location data is not shared with advertisers.

4. Cookies and Tracking

Our website uses the following technologies:

  • Essential cookies: required for authentication and security (e.g. pr_auth session cookie). Cannot be disabled.
  • Analytics (optional): we may use privacy-respecting analytics (no cross-site tracking). You will be asked for consent where required.
  • We do not use third-party advertising cookies or sell your data to advertisers.

5. How We Use Your Data

  • Providing, maintaining, and improving the Service
  • Processing payments and managing subscriptions
  • Sending transactional notifications (booking confirmations, payment receipts)
  • Sending push notifications about nearby events (with your consent)
  • Detecting and preventing fraud, spam, and abuse
  • Complying with legal obligations
  • Resolving disputes and enforcing our Terms of Service

We do not use your data for automated decision-making that produces legal or similarly significant effects, except for fraud prevention scoring where we may suspend accounts pending manual review.

6. Sharing Your Data

We share personal data with the following categories of recipients:

  • Stripe, Inc. — payment processing. Stripe is a certified PCI DSS Level 1 service provider.
  • Google Firebase / Google LLC — authentication and push notifications (FCM).
  • Mapbox, Inc. — map tiles and geocoding for the discovery map.
  • Hosting providers (Railway.app, Vercel) — infrastructure.
  • Event hosts — when you RSVP to an event, the host sees your display name and profile photo.
  • Law enforcement or regulatory authorities — only where required by law or court order.

We do not sell, rent, or trade your personal data with third parties for marketing purposes.

Where we transfer data outside the UK/EEA (e.g. to US-based processors), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.

7. Data Retention

  • Account data: retained for the lifetime of your account, plus 30 days after deletion to allow recovery.
  • Transaction records: retained for 7 years for tax and accounting purposes.
  • Messages: retained until deleted by you or until account deletion.
  • Location history: not stored beyond the current session.
  • Device logs and crash reports: retained for 90 days.
  • Moderation records (content violations): retained for 3 years for safety purposes.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Rights related to automated decision-making.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting past processing.

To exercise any of these rights, please contact us at hello@partyradar.org. We will respond within one calendar month. You may also complain to the ICO at ico.org.uk.

You can delete your account at any time from Settings → Delete Account. Deletion is irreversible and removes your profile, events, and messages within 30 days.

9. Children's Privacy

The Service is not directed at, and we do not knowingly collect personal data from, anyone under the age of 18. If you believe a minor has created an account, please contact us immediately at hello@partyradar.org and we will promptly delete the account.

10. Security

We implement industry-standard security measures including:

  • TLS encryption in transit for all API communications.
  • End-to-end encryption for direct messages.
  • Passwords are never stored — authentication is handled by Google Firebase.
  • Payment data is handled exclusively by Stripe; we do not store card numbers.
  • Access to production databases is restricted to authorised personnel only.
  • Regular security audits and dependency vulnerability scans.

Despite these measures, no system is completely secure. We encourage you to use a strong, unique password for your Google or Apple account used to sign in.

11. Third-Party Links

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before sharing any personal data with them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the app or by email at least 14 days before the change takes effect. The "Effective date" at the top of this page indicates when the policy was last revised.

13. Contact Us

For general privacy enquiries:

hello@partyradar.org

For data protection officer enquiries:

hello@partyradar.org

PartyRadar Ltd