Privacy Policy

Nowt On (trading as "Nowt On") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, transfer, and safeguard your personal information when you access and use the Nowt On platform, including our website, mobile applications, and integrations with third-party services such as Meta (Facebook and Instagram) and WhatsApp.

By accessing or using our platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this policy.

The Data Controller responsible for your personal information is:

If you have any questions about how we handle your personal data, please contact us at the email address above.

2.1. Visitors

When you browse our website without creating an account, we may collect:

• Technical and usage information (e.g., IP address, browser type, pages visited, session duration)
• Cookies and similar tracking technologies (see Section 6)

This information helps us improve our platform's performance and user experience.

2.2. Registered Users and Customers

When you create a profile or use our services, we collect:

• Name
• Email address
• Authentication tokens (e.g., magic link tokens, Meta access tokens)

2.3. Business Accounts

For businesses that create and manage events on our platform, we collect:

• Business name
• Contact name(s)
• Mobile number
• Business email address
• Event content (titles, URLs, images, descriptions)

2.4. Integrations and Linked Accounts

If you choose to integrate or connect your account with third-party services (such as Meta or WhatsApp):

• We collect information you explicitly authorise through those services (e.g., profile name, Page identifiers, event posts)
• We do not access additional information beyond what you authorise

We use your personal information to:

• Provide and operate the Nowt On platform and its features
• Authenticate and secure your account
• Allow you to create, manage, save, and share events
• Enable integrations with third-party platforms (e.g., Meta, WhatsApp)
• Communicate with you via channels you opt into (e.g., email, WhatsApp)
• Improve our services and troubleshoot issues
• Comply with legal obligations

We do not use your personal information for marketing outside the platform without your explicit consent.

Where applicable under data protection law (UK GDPR / Data Protection Act 2018):

• Contract performance — to provide the services you request (e.g., account management, event listings)
• Consent — when linking third-party accounts or opting into messaging (e.g., WhatsApp notifications). You may withdraw consent at any time by contacting info@nowton.events or adjusting your account settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Legitimate interests — to improve services and ensure platform security, where those interests do not override your rights and freedoms
• Legal obligation — where we are required to process data to comply with applicable law

5.1. Data Processors and Service Providers

We share personal information with trusted third-party service providers that help us operate the platform. These include:

• Vercel (application hosting and deployment) — United States
• Supabase (backend database and storage) — European Union / United States
• Railway (infrastructure for workflow automation) — United States
• n8n (automated workflows and event processing)
• Meta Platform / WhatsApp Business API (social media integration and messaging) — United States
• Mailjet (email delivery) — European Union
• Google Gemini API (AI-assisted processing of post text to detect event information) — United States

Each processor is engaged under appropriate contractual terms and is only permitted to process your data on our instructions and for the stated purpose.

5.2. Third-Party Platforms

When you choose to connect your Meta (Facebook/Instagram) account:

• We receive only the data you authorise through Meta's permissions
• Your use of Meta services is also governed by Meta's Privacy Policy and your settings with Meta
• We do not sell personal data to third parties

5.3. Legal Obligations

We may disclose personal information if required to:

• Comply with a legal obligation or court order
• Protect and defend our rights or property
• Respond to lawful requests by public authorities

Some of our third-party processors are based outside the United Kingdom and the European Economic Area (EEA), including in the United States (Vercel, Railway, Google, Meta). When we transfer your personal data to these processors, we ensure appropriate safeguards are in place, which may include:

• UK International Data Transfer Agreements (IDTAs) or UK Addendum to Standard Contractual Clauses (SCCs)
• UK adequacy regulations (where the destination country has been deemed adequate by the UK Secretary of State)
• Processor-maintained certifications or binding corporate rules

You may request details of the specific transfer safeguards we rely on by contacting info@nowton.events.

We use cookies and similar technologies to operate and improve the Platform:

• Essential cookies — required for authentication, session management, and core platform functionality. These cannot be disabled without affecting platform use. No consent is required for these cookies.
• Google Analytics 4 — we use Google Analytics to understand how visitors discover and interact with the platform. GA4 may set cookies (_ga, _gid) to help distinguish users and sessions. Data collected is anonymised and used only for aggregate reporting (page views, traffic sources, device types). No personally identifiable information is sent to Google. You can opt out via your Account Settings or by using the Google Analytics opt-out browser add-on.
• Interaction tracking — when you view or click on events, anonymised interaction records (event views, outbound link clicks, saves) are stored in our own database (Supabase). These records are linked to events, not to individual users, unless you are logged in, in which case your user ID is stored alongside the interaction to enable personalised features such as saved events.

You can manage or disable essential cookies through your browser settings, though this will affect platform functionality. Analytics tracking can be disabled at any time via Account Settings → Privacy.

When you connect a social media account, we use the Google Gemini API to analyse the text of your public posts to detect potential event information. This processing:

• Is used solely to generate draft event suggestions for your review
• Is always subject to human review — no draft is published without your explicit approval
• Does not involve any solely automated decisions with legal or similarly significant effects on you (as defined under UK GDPR Article 22)

We implement commercially reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. These include encryption of personal information at rest and in transit, secure storage practices, and access controls.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours as required by law, and will notify affected users without undue delay where the breach is likely to result in high risk to those individuals.

We retain personal information only as long as necessary. Our retention periods are as follows:

• Active account data — retained while your account remains active
• Account data after deletion — permanently erased from active systems within 30 days of account deletion or a verified deletion request
• Event content — erased with your account (or sooner on request)
• Server and access logs — retained for up to 12 months for security and performance purposes
• Financial or legal records (if applicable) — retained for up to 7 years in accordance with HMRC record-keeping requirements

For detailed instructions on data deletion, see nowton.events/data-deletion.

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Access — request a copy of the personal information we hold about you
• Correction — update or correct inaccurate personal data
• Erasure — request deletion of your account and personal information ("right to be forgotten")
• Restriction — ask us to restrict processing of your data in certain circumstances
• Portability — receive your personal data in a structured, machine-readable format and transfer it to another controller
• Object — object to processing based on legitimate interests or for direct marketing
• Withdraw consent — withdraw consent at any time for processing based on consent (e.g., WhatsApp notifications), without affecting prior lawful processing
• Automated decision-making — not be subject to solely automated decisions that produce legal or similarly significant effects

To exercise any of these rights, contact us at info@nowton.events. We will respond within one calendar month as required by law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with the law:

• Website: ico.org.uk/make-a-complaint
• Phone: 0303 123 1113

Nowt On is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at info@nowton.events and we will delete it promptly.

We may update this policy from time to time. Significant changes will be reflected with an updated effective date on this page, and where appropriate we will notify you by email or in-platform notice. Your continued use of our services after changes take effect indicates your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy, or wish to exercise your data rights, contact: