Privacy Policy

1. Data Controller and Contact Details

1.1 Hunbun Ltd is the data controller for the purposes of UK data protection law in respect of personal data processed through the Platform.

1.2 If you have any questions about this Privacy Policy or how we process personal data, you may contact us at:

Email: support@myplusonesocial.com

2. Scope of This Privacy Policy

2.1 This Privacy Policy applies to all users of the Platform, including attendees, hosts and prospective users.

2.2 It does not apply to third-party websites, services or platforms that may be linked to or integrated with the Platform, which are governed by their own privacy policies.

3. Personal Data We Collect

3.1 Information collected during account creation

Users may browse events without creating an account. An account is required in order to purchase tickets and access certain features of the Platform. When you create an account, we may collect:

• Name
• Date of birth
• Email address
• Phone number

Date of birth is collected to ensure compliance with age restrictions, as events on the Platform are intended for users aged 18 and over. Phone numbers may be verified using one-time passcode (OTP) authentication.

3.2 Additional profile information (optional)

After creating an account, users may choose to provide additional profile information, including:

• Profile photos
• Location
• Gender and pronouns
• Sexual orientation
• Intentions (for example social, romantic or both)
• Social energy tags (for example life of the party, or golden retriever energy)
• Religion
• Occupation

Providing this information is optional but may enable additional features of the Platform.

3.3 Ticketing and transaction data

Where you purchase or host events, we collect:

• Events booked or listed
• Ticket purchase history
• Transaction records
• Refund information

Payment card details are processed directly by our payment service provider (Stripe) and are not stored by PlusOne.

3.4 Identity verification data

PlusOne offers optional identity verification via a third-party verification provider (currently Entrust, formerly known as Onfido). Verification is completed via a short video selfie processed directly by the verification provider. PlusOne receives verification status only (verified / not verified) and a timestamp. PlusOne does not store video selfies, biometric data or identity documents.

3.5 Automatically collected data

When you use the Platform, we may automatically collect:

• Device and browser information
• IP address
• Log files
• Usage and interaction data
• Analytics and performance data

4. Special Category Personal Data

4.1 Certain optional profile information may constitute special category personal data under UK GDPR, including:

• Sexual orientation
• Religion

4.2 We process special category personal data only where you have chosen to provide it and have given explicit consent.

4.3 You may choose not to provide this information or withdraw your consent at any time. Some features of the Platform may be limited if this information is not provided.

5. Purposes of Processing

5.1 We process personal data for the following purposes:

• Creating and managing user accounts
• Verifying user age eligibility (18+)
• Facilitating event discovery, ticketing and payments
• Providing optional profile and social features
• Enabling optional identity verification
• Providing customer support
• Ensuring platform safety, moderation and fraud prevention
• Improving, maintaining and developing the Platform
• Sending service-related communications
• Sending marketing communications where permitted

5.2 Use of photographs and recordings

We or event hosts may capture photographs or video at events for promotional, documentation or safety purposes. Where such media contains identifiable individuals, it may be processed on the basis of legitimate interests, provided that the use is reasonable and does not override your rights. If you do not wish to appear in photographs or recordings, you may inform the host or contact us.

6. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

6.1 Contractual necessity

To provide access to the Platform, process ticket purchases, manage accounts and deliver services.

6.2 Legitimate interests

To operate, secure and improve the Platform, prevent fraud, and ensure community safety.

6.3 Consent

To process special category personal data, send marketing communications, and deploy optional cookies or similar technologies.

7. Sharing of Personal Data

7.1 Event hosts

7.1.1 Where you book an event, PlusOne may share limited personal data with the relevant host, including:

• Name
• Email address
• Small profile photo (if uploaded)

7.1.2 Hosts do not receive sensitive personal data such as sexual orientation, religion, intentions or verification data.

7.1.3 Hosts act as independent data controllers in respect of this limited data and are contractually required to use it solely for operating their event.

7.2 Aggregated event insights

7.2.1 PlusOne may provide hosts with anonymised and aggregated insights following an event, including (by way of example):

• Total number of likes sent
• Total number of matches made

7.2.2 These insights do not identify individuals and do not allow hosts to determine who liked or matched with whom.

7.3 Service providers and third-party processors

PlusOne uses the following third-party service providers:

Infrastructure and hosting

• Amazon Web Services (AWS) – cloud hosting and infrastructure services
• MongoDB – database hosting and systems administration

Platform development and maintenance

• Grappus – software development, technical maintenance and platform support

Payments

• Stripe – payment processing and transaction management (Stripe is a regulated payment service provider and processes payment data in accordance with its own regulatory obligations.)

Identity verification

• Entrust (formerly Onfido) – identity verification services (Entrust processes video selfies and verification media directly. PlusOne receives verification status only and does not store biometric data.)

Analytics and product insights

• Google Analytics – website and usage analytics
• Mixpanel – product analytics and user behaviour analysis

Marketing and communications

• Meta Platforms, Inc. (including Facebook and Instagram) – advertising measurement and campaign performance
• Klaviyo – email communications, push notifications and lifecycle messaging

Customer support

• Freshdesk – customer support ticketing and communications

Mobile infrastructure

• Firebase – mobile infrastructure, push notifications and related services

7.3.2 Each provider is subject to contractual obligations requiring appropriate technical and organisational security measures and compliance with applicable data protection law.

7.3.3 From time to time, PlusOne may engage additional service providers. Where required by law, this Privacy Policy will be updated accordingly.

7.4 App stores

If you download the PlusOne app via the Apple App Store or Google Play Store, those app store providers act as independent data controllers and process personal data in accordance with their own privacy policies. PlusOne does not control how app store providers process your data.

7.5 Legal and regulatory disclosures

We may disclose personal data where required to do so by law, regulation, court order, or where necessary to protect the rights, safety or security of users or the Platform. We may also share information with payment service providers where necessary to process transactions.

7.6 Data controller and processor roles

7.6.1 PlusOne acts as the data controller for personal data processed through the Platform.

7.6.2 Event hosts act as independent data controllers in respect of limited attendee data shared with them for the purpose of operating events.

7.6.3 Third-party service providers listed in this Privacy Policy act as data processors, except where they operate as independent controllers under their own legal and regulatory obligations (for example, payment service providers and app stores).

8. International Data Transfers

8.1 Some service providers listed in this Privacy Policy are located outside the United Kingdom or process personal data outside the United Kingdom.

8.2 Where international transfers occur, PlusOne ensures appropriate safeguards are in place in accordance with UK GDPR, including the use of international data transfer agreements or standard contractual clauses approved by the UK Information Commissioner's Office.

8.3 Further information about these safeguards may be obtained by contacting us.

9. Data Retention

We retain personal data only for as long as necessary:

• Account data: while your account remains active
• Transaction data: as required for legal and accounting purposes
• Verification status: while your account is active
• Support communications: as required to resolve enquiries

When data is no longer required, it is securely deleted or anonymised.

10. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to certain processing
• Withdraw consent at any time

Requests may be submitted to support@myplusonesocial.com.

11. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss or misuse. While we take reasonable steps to safeguard data, no system can be guaranteed to be completely secure.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.

13. Governing Law

This Privacy Policy is governed by the laws of England and Wales