Privacy Policy

1. Introduction

This Privacy Policy explains how Giggly (“we”, “us”) collects, uses, stores, and protects personal information when you use giggly.uk and related services.

We are committed to handling your data responsibly and in line with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who we are

Giggly operates the event discovery platform at giggly.uk. For data protection queries, contact: [email protected].

3. Information we collect

3.1 Account and identity information

When you register or sign in, we may collect:

• Phone number (for SMS verification)
• Name, username, email address, and profile details you provide
• Country, city, and avatar (if you add them)
• Session and authentication data (secure cookies or tokens)

3.2 How you use Giggly

Depending on the features you use, we may process:

• Events you save to your calendar or heart
• Events you create or edit
• Promoters and venues you follow
• Ticket wallet entries and related metadata you store
• Ticket swap listings, offers, and messages connected to that feature
• Preferences (for example theme, filters, and pinned categories)

3.3 Technical data

We automatically collect limited technical information, such as IP address, browser type, device type, and general usage data needed to secure and improve the Service.

4. Why we use your information

We use your personal data to verify who you are so that you can use features on our website safely and securely. This includes enabling you to:

• Save events to your calendar — keep track of gigs you care about
• Use the ticket wallet — store and manage your ticket information in one place
• Use the ticket swap feature — connect with other users when you choose to list or respond to tickets
• Follow promoters and venues — personalise your feed and subscriptions
• Create and share events — where you choose to add content to the platform

We also use data to authenticate your account, prevent abuse, maintain security, respond to support requests, and improve the Service.

Legal bases (UK GDPR)

We rely on:

• Contract — processing necessary to provide the Service you use
• Legitimate interests — security, fraud prevention, and service improvement, balanced against your rights
• Consent — where required for optional communications or non-essential cookies
• Legal obligation — where we must comply with law

5. Data sharing

We will not sell your personal data. We do not share your data with advertisers or data brokers for their marketing.

We may share limited information only where necessary:

• Service providers who help us run Giggly under strict terms (for example cloud hosting on Cloudflare and SMS verification via Twilio). They process data only on our instructions.
• Other users — only what you choose to make visible (for example your display name, public profile, or events you publish).
• Legal and safety — if required by law, court order, or to protect rights, safety, and security.
• Business transfers — if we merge or sell assets, subject to appropriate safeguards.

6. International transfers

Your data may be processed on infrastructure operated by providers such as Cloudflare, which may involve storage or processing outside the UK. Where this occurs, we ensure appropriate safeguards (for example UK adequacy decisions or standard contractual clauses) are in place.

7. How long we keep data

• Account data — while your account is active and for a reasonable period after deletion where needed for legal or security purposes
• Session tokens — typically up to 30 days unless you sign out sooner
• SMS verification — verification codes are short-lived (handled by our provider)
• Event and usage records — retained as needed to operate the Service and maintain integrity of listings and calendars

8. Your rights

Under UK data protection law, you may have the right to:

• Access a copy of your personal data
• Correct inaccurate data
• Request erasure in certain circumstances
• Restrict or object to certain processing
• Data portability where applicable
• Withdraw consent where processing is based on consent

To exercise your rights, email [email protected]. We will respond within the timeframes required by law.

9. Security

We use appropriate technical and organisational measures to protect your data, including HTTPS encryption, secure session handling, and access controls on our systems. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

10. Cookies

We use cookies and similar technologies for essential functions (such as keeping you signed in) and preferences (such as theme). See our Cookie Policy for details.

11. Children

Giggly is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, please contact us and we will take appropriate steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date when we do. Significant changes may be highlighted on the Service or communicated where appropriate.

13. Complaints

If you have concerns about how we handle your data, contact us first at [email protected]. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

14. Contact

Privacy questions: [email protected]