Privacy Policy

Last Updated: 7 December 2025

This Privacy Policy explains how CommunityPlaces collects, uses, and protects your personal information in compliance with Guernsey GDPR and ODPA regulations.

1. Information We Collect

Personal Information

  • Account Information: Email address, username, password (encrypted)
  • Profile Information: Display name, avatar image (optional)
  • Contact Information: Email address for communications

Event-Related Information

  • Event Data: Event titles, descriptions, dates, locations, categories
  • Venue Information: Venue names, addresses, coordinates
  • User Interactions: Events you create, follow, or interact with

Technical Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, device type, IP address (anonymized)
  • Cookies: Essential cookies for functionality and analytics

2. How We Use Your Information

Service Provision

  • Create and manage your user account
  • Enable event creation, discovery, and management
  • Provide personalized event recommendations
  • Facilitate user interactions and event following

Communication

  • Send important service updates and notifications
  • Respond to your inquiries and support requests
  • Notify you about events you're following (if enabled)

Platform Improvement

  • Analyze usage patterns to improve our service
  • Develop new features and functionality
  • Ensure platform security and prevent abuse

3. Legal Basis for Processing

Contract Performance

We process your personal data to provide the services you've requested, including account management and event functionality.

Legitimate Interests

We process data to improve our service, ensure security, and provide a better user experience, balanced against your privacy rights.

Consent

For optional features like marketing communications, we rely on your explicit consent, which you can withdraw at any time.

4. Data Sharing and Third Parties

Service Providers

We work with trusted third-party service providers who help us operate our platform:

  • Supabase: Database and authentication services
  • Vercel: Hosting and content delivery
  • Mapbox: Mapping and location services

Public Information

Event information you create (titles, descriptions, dates, venues) is publicly visible to help others discover events. Your personal account details remain private.

Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and the safety of our users.

5. Data Security

Technical Safeguards

  • All data transmission encrypted using HTTPS/TLS
  • Passwords hashed using industry-standard algorithms
  • Regular security updates and vulnerability assessments
  • Access controls and authentication mechanisms

Operational Safeguards

  • Limited access to personal data on a need-to-know basis
  • Regular staff training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery planning

6. Your Rights Under GDPR

Under Guernsey GDPR and ODPA regulations, you have standard data protection rights including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure in certain circumstances
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To exercise any of these rights: Please use our contact form and select "Privacy Policy / Data Rights" as the inquiry type.

7. Data Retention

Account Data

Retained while your account is active. We minimize data retention to reasonable expectations and delete personal data promptly after account closure.

Event Data

Public event information may be retained for historical purposes. Personal associations removed upon account deletion.

Analytics Data

Anonymized usage data retained for up to 2 years for service improvement.

8. Cookies and Tracking

Essential Cookies

Required for basic platform functionality:

  • Authentication and session management
  • User preferences and settings
  • Security features and CSRF protection

Analytics Cookies

We use analytics to understand how our platform is used and improve user experience. This data is anonymized and aggregated.

Cookie Management

You can control cookie settings through your browser preferences. Note that disabling essential cookies may affect platform functionality.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through our platform. The "Last Updated" date at the top of this policy indicates when it was last revised.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us using our contact form.

For Privacy Inquiries: Select "Privacy Policy / Data Rights" as the inquiry type

For Data Protection Officer: Select "Legal Matter" as the inquiry type