Obscura
Log inCreate Event

Privacy Policy

Last updated: 25 February 2026

Obscura ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Obscura platform, website, and services (the "Service"). We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

Information you provide

  • Account data: Name, email address, phone number, and profile information when you create an account
  • Payment data: Payment card details and billing information, processed securely by Stripe. We do not store your full card number on our servers
  • Event data: Event details, descriptions, images, and settings when you create an event as an organiser
  • Communications: Messages sent through the platform, support requests, and feedback

Information collected automatically

  • Usage data: Pages visited, features used, search queries, events viewed, and interactions with the Service
  • Device data: Device type, operating system, browser type, screen resolution, and unique device identifiers
  • Location data: Approximate location derived from your IP address, used to show relevant events near you
  • Log data: IP address, access times, referring URLs, and server logs

2. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service: Creating and managing your account, processing ticket purchases, facilitating event discovery, and enabling messaging between users
  • Payment processing: Processing transactions securely through Stripe, sending receipts, and managing refunds
  • Personalisation: Recommending events based on your interests, location, and past activity
  • Communications: Sending transactional emails (ticket confirmations, event updates), and with your consent, marketing communications
  • Safety and security: Detecting and preventing fraud, abuse, and unauthorised access
  • Improvement: Analysing usage patterns to improve the Service, fix bugs, and develop new features
  • Legal compliance: Complying with applicable laws, regulations, and legal obligations

Our lawful bases for processing are: performance of a contract (providing the Service), legitimate interests (improvement, security), consent (marketing), and legal obligation (compliance).

3. Cookies

We use cookies and similar technologies to operate the Service and improve your experience. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

4. Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

  • Event organisers: When you purchase a ticket, we share your name and contact information with the event organiser so they can manage attendance, communicate event updates, and fulfil their obligations to you
  • Stripe:Payment information is shared with Stripe for secure payment processing. Stripe's privacy policy governs their handling of your data
  • Service providers: We may share data with trusted third-party providers who assist us in operating the Service (hosting, analytics, email delivery), under strict data processing agreements
  • Legal requirements: We may disclose data when required by law, court order, or to protect our rights, property, or safety
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy. Specifically:

  • Account data: Retained while your account is active and for up to 12 months after deletion, to allow for account recovery
  • Transaction records: Retained for 7 years to comply with financial record-keeping requirements
  • Usage data: Retained in aggregated, anonymised form indefinitely for analytics purposes
  • Communications: Retained for up to 24 months after your last interaction

6. Your Rights (GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you
  • Right to rectification: You may request that we correct inaccurate or incomplete data
  • Right to erasure: You may request that we delete your personal data, subject to legal retention obligations
  • Right to restrict processing: You may request that we limit how we use your data
  • Right to data portability: You may request your data in a structured, machine-readable format
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at privacy@obscura.events. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encrypted storage, access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute security.

8. International Transfers

Your data may be processed by service providers located outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in accordance with UK data protection law.

9. Children

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: