B i g S m o k e

Privacy Policy

BIGSMOKE HUB LTD — Last updated: 17th February 2026

1. Who We Are

BIGSMOKE HUB LTD (“we”, “us”, “our”) is a company registered in the United Kingdom. We are the data controller for personal data collected through bigsmoke.app.

If you have questions about this policy or want to exercise your data protection rights, contact us:

  • Email: info@bigsmoke.app
  • Address: 5 Brayford Square, London, United Kingdom, E1 0SG

2. Personal Data We Collect

We collect only the personal data we need to run the Platform and deliver bookings/events.

A. Information you provide directly

  • First name
  • Last name
  • Phone number
  • Email address (only if required by your sign-in method or if you contact us)

B. Account & authentication data

We use a third-party authentication provider (Clerk) to help manage secure login. Clerk may process account identifiers and authentication/session data necessary to keep you signed in and protect the Platform.

C. Technical data (strictly necessary)

When you access the Platform, our servers (and hosting providers) process limited technical information to keep services secure and reliable:

  • IP address
  • Browser and device information (basic)
  • Server logs (timestamps, requested pages, error logs)

D. Event media (photos/videos)

We may capture photos or videos at events. This may include your image. See Section 6 (How we use your data) and Section 10 (Your rights) for how to object or opt out where applicable.

We do not store payment card details.

3. How We Use Your Data (Purposes & Lawful Bases)

Under UK GDPR, we must have a lawful basis for processing. We rely on the following:

A. Creating and managing your account

Legal basis: Performance of a contract (Article 6(1)(b))

  • Create and manage your account
  • Authenticate users and maintain secure sessions
  • Provide Platform features

B. Bookings, tickets, and essential communications

Legal basis: Performance of a contract (Article 6(1)(b))

  • Process and manage bookings
  • Send confirmations, reminders, and operational messages (e.g., schedule/venue changes)
  • Provide customer service linked to your booking

C. Customer support and enquiries

Legal basis: Performance of a contract (Article 6(1)(b)) and/or legitimate interests (Article 6(1)(f))

  • Respond to enquiries and resolve issues
  • Maintain service quality and continuity

D. Security, fraud prevention, and platform integrity

Legal basis: Legitimate interests (Article 6(1)(f))

  • Detect and prevent fraud or abuse
  • Maintain system security and troubleshoot

Our legitimate interest is operating a secure, reliable Platform and protecting users and our business.

E. Event photography/video (where used for promotion)

Legal basis: Legitimate interests (Article 6(1)(f)) for event documentation and promoting our events.

Where we create close-up promotional content focused on an identifiable individual, we will take reasonable steps to accommodate opt-out requests (and may request consent where appropriate).

We do not send marketing communications unless you have explicitly opted in.

4. Payment Processing (Revolut)

Payments are facilitated via Revolut. We do not store payment card details.

Depending on the payment method, Revolut may process transaction-related personal data as an independent controller (or as otherwise defined in its documentation). Please refer to Revolut’s privacy information for details of how it processes payment data.

We may receive payment status updates via Revolut webhooks (e.g., payment succeeded/failed) to confirm and manage bookings.

5. Service Providers (Processors)

We use third-party providers to operate our services. Where they process personal data on our behalf, we use appropriate contractual protections.

  • Clerk — authentication and account management
  • MongoDB (or MongoDB Atlas) — database hosting
  • Vercel — application hosting and infrastructure
  • Resend / IONOS — transactional email delivery (where applicable)

6. Cookies & Similar Technologies

The Platform uses strictly necessary technologies for security and authentication (for example, session cookies or tokens used by our authentication provider).

We do not use analytics cookies, advertising cookies, or tracking pixels.

Because we only use strictly necessary technologies, a cookie consent banner is typically not required. (If this changes, we will update this policy and implement appropriate controls.)

7. International Transfers

Some service providers may process data outside the United Kingdom. Where international transfers occur, we ensure appropriate safeguards are in place, such as UK adequacy regulations, Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA), or other lawful mechanisms.

8. Data Retention

We keep personal data only as long as necessary for the purposes described above, including to manage bookings and meet legal requirements.

  • Account data: for as long as your account remains active. You can request deletion (see Section 10).
  • Booking/transaction records: retained as required for accounting/tax/legal obligations (typically up to 6 years in the UK, depending on the record type).
  • Security/server logs: retained for a limited period (typically days to a few months) unless needed to investigate incidents.

Where we no longer need your data, we will delete or anonymise it.

9. Data Security

We implement appropriate technical and organisational measures, including encrypted HTTPS connections, access controls, secure cloud infrastructure, and authentication protections.

While we take reasonable steps to protect data, no system is completely secure.

10. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction
  • Request deletion (subject to legal/contractual limits)
  • Request restriction of processing
  • Object to processing (including where we rely on legitimate interests)
  • Request data portability (where applicable)

To exercise your rights, contact: info@bigsmoke.app. We may need to verify your identity before responding.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk

11. Automated Decision-Making

We do not use your personal data for solely automated decision-making that produces legal or similarly significant effects.

12. Changes to This Policy

We may update this Privacy Policy periodically. The current version will always be available on our website. If changes are material, we will take reasonable steps to notify you.

If you believe you received this page in error, go back to bigsmoke.app.