Privacy Policy

Last updated: February 28, 2026

This Privacy Policy explains how Clubbr (“Clubbr”, “we”, “us”) collects, uses, shares, and protects personal data when you use our marketplace. We’re built for Warwick students and we aim to be transparent and careful with your information.

We collect the data needed to run the marketplace (account verification, listings, transactions, reports, and security). Payments are processed by Stripe (we don’t store full card details where a payment processor is used). Seller payout bank details are stored encrypted at rest. We do not sell your data.

1. Who we are

The data controller for Clubbr is Anuj Attarde trading as Clubbr.

Support contact: support@clubbr.uk

2. What data we collect

2.1 Account and verification

  • Warwick email address and verification status
  • Password hash (we never store your plaintext password)
  • Account identifiers and basic settings

2.2 Marketplace activity

  • Listings you create (ticket details, price, restrictions, event metadata)
  • Messages or support communications you send
  • Reports you submit and any evidence you provide

2.3 Transactions

  • Purchase and sale records (amounts, fees, timestamps, status)
  • Delivery records (e.g. download events or delivery confirmations, where applicable)

2.4 Payments and payouts

  • Payment processing is handled by Stripe. Where a payment processor is used, we do not store full card details (those are handled by the processor).
  • For seller payouts, we may collect bank details (e.g. account holder name, sort code, account number). These are stored encrypted at rest with restricted access.

2.5 Technical and security data

  • IP address, device/browser information, and approximate location derived from IP (city-level)
  • Logs related to authentication, security, and fraud prevention
  • Cookie/session identifiers for login and security

3. How we use data

  • To create accounts, verify eligibility, and provide the Service
  • To operate the marketplace: listings, browsing, purchases, delivery, and payouts
  • To prevent fraud, enforce rules, investigate reports, and protect users
  • To provide support and communicate important updates
  • To maintain records for accounting, dispute handling, and compliance
  • To improve reliability, performance, and user experience

4. Lawful bases

We process personal data under these bases (UK GDPR):

  • Contract: to provide the marketplace and complete transactions you request
  • Legitimate interests: fraud prevention, security, and improving platform integrity
  • Legal obligation: recordkeeping and responding to lawful requests
  • Consent: where required for non-essential cookies

5. Sharing and processors

We may share data with trusted service providers (“processors”) that help us run Clubbr:

  • Hosting/infrastructure: Cloudflare
  • Email delivery: Brevo
  • Payments: Stripe

5.1 Sharing with other users

We share limited information necessary for marketplace operation. For example, we may show “Verified Warwick seller” and limited seller identifiers before purchase. Certain information (such as seller contact details) may be shown after purchase where necessary for accountability and dispute resolution.

5.2 Law enforcement and legal requests

We may disclose information if required by law, court order, or where reasonably necessary to investigate fraud, protect users, or enforce our Terms.

5.3 We do not sell your data

We do not sell personal data to advertisers.

6. Security

We use measures designed to protect your personal data, including encryption in transit (TLS), access controls, logging/monitoring, and encryption at rest for sensitive payout data (such as bank details).

No system can be guaranteed 100% secure, but we work to reduce risk and respond to incidents quickly.

7. Retention

We keep personal data only as long as needed for the purposes above. Typical factors include your account status, dispute windows, fraud prevention needs, and legal/accounting obligations.

  • Account data: while active, plus a limited period after deletion for security/legal reasons
  • Transaction records: retained for accounting and disputes as required
  • Bank details: kept while needed for payouts; removed/rotated when no longer needed, subject to obligations
  • Security logs: retained for a limited period appropriate for abuse detection and investigations

8. Your rights

You may have rights under UK GDPR, including:

  • Access, rectification, erasure (in some cases)
  • Restriction, objection (in some cases)
  • Data portability (in some cases)
  • Withdraw consent (where processing is based on consent)

To exercise rights, email support@clubbr.uk. We may request verification.

9. Cookies

Clubbr uses cookies and similar technologies primarily for essential login/session security and reliability.

10. Children

Clubbr is not intended for users under 18. If we become aware an under-18 user has created an account, we may suspend or delete it.

11. Contact and complaints

Support: support@clubbr.uk

If you have concerns, contact us first. You also have the right to complain to the UK Information Commissioner’s Office (ICO).