( 01.01.2025 )

Privacy Policy

( 09.01.2026 )


  Privacy Policy


  REUNI LTD ("REUNI", "we", "us", or "our"), a company registered in England and Wales (Company No. 16677912), is

  committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal

   data when you use the REUNI mobile application and website.


  We are the data controller for your personal data. Our registered office is at 56 Argosy Crescent, Eastleigh, England,

  SO50 5RW.


  1. Information We Collect


  1.1 Information You Provide


  Account Information:

  - Full name

  - Date of birth

  - Email address (university .ac.uk email required)

  - Phone number

  - University name

  - Course/degree

  - Year of study

  - Username

  - Profile picture (optional)


  Payment Information:

  - Payment details are collected and processed by Stripe

  - We do not store your full card details

  - Stripe account information for sellers


  Transaction Information:

  - Ticket listings and purchases

  - Offer amounts and history

  - Transaction IDs and timestamps


  Ticket Information:

  - Ticket screenshots (for verification)

  - Event details

  - Barcode data (hashed for duplicate detection)


  1.2 Information Collected Automatically


  Device Information:

  - Device type and model

  - Operating system version

  - Unique device identifiers

  - IP address


  Usage Information:

  - App usage patterns

  - Features accessed

  - Search queries

  - Crash reports and error logs


  Location Information:

  - GPS coordinates (only when filing refund claims, for fraud verification)

  - Approximate location from IP address


  1.3 Information from Third Parties


  Event Platforms:

  - Event details from Fatsoma and FIXR APIs

  - Ticket verification data


  Payment Processors:

  - Transaction status from Stripe

  - Identity verification results


  2. How We Use Your Information


  We use your personal data for the following purposes:


  2.1 Providing Our Services

  - Creating and managing your account

  - Verifying your university student status

  - Processing ticket listings and purchases

  - Facilitating payments and payouts

  - Enabling communication between buyers and sellers


  2.2 Verification and Fraud Prevention

  - Verifying ticket authenticity using OCR and AI analysis

  - Detecting duplicate tickets using barcode and image hashing

  - Matching ticket holder names to user profiles

  - Preventing fraudulent transactions

  - Investigating refund claims using GPS and timestamp data


  2.3 Legal Compliance

  - Complying with UK tax law (6-year transaction record retention)

  - Responding to legal requests from law enforcement

  - Preventing money laundering and financial crime

  - Fulfilling our obligations under UK GDPR


  2.4 Service Improvement

  - Analysing usage patterns to improve features

  - Debugging and fixing technical issues

  - Developing new features and services


  2.5 Communications

  - Sending transaction confirmations and updates

  - Notifying you about offer activity

  - Important service announcements

  - Marketing communications (with your consent, opt-out available)


  3. Legal Basis for Processing.


We process your personal data under the following legal bases:

  Account creation and services — Contract performance

  Payment processing — Contract performance 

  Fraud prevention — Legitimate interests

  Ticket verification — Legitimate interests

Legal compliance — Legal obligation

  Marketing (with consent) — Consent

  Analytics and improvement — Legitimate interests




4. Data Sharing


  We share your personal data with the following third parties:


  4.1 Payment Processing - Stripe, Inc.

  - Processes all payments

  - Conducts identity verification for sellers

  - Manages payouts to seller bank accounts


  4.2 Analytics - PostHog

  - App usage analytics

  - Feature usage tracking

  - No personally identifiable information shared


  4.3 Error Tracking - Sentry

  - Crash reporting and error tracking

  - Technical debugging


  4.4 Ticket Verification - Claude AI (Anthropic)

  - AI-powered ticket screenshot analysis

  - Fraud detection assistance

  - Data processed securely, not used for AI training


  4.5 Email - Resend

  - Transactional email delivery


  4.6 Push Notifications - Apple APNs

  - Delivering push notifications to iOS devices


  4.7 Legal and Regulatory

  We may share your data with:

  - Law enforcement (when legally required)

  - Courts (in response to valid legal process)

  - Regulators (as required by law)


  We will notify you of such requests unless legally prohibited from doing so.


  5. Data Storage and Security


  5.1 Where We Store Your Data

  All personal data is stored within the United Kingdom using Supabase, a secure cloud database platform with UK data

  residency.


  5.2 Security Measures

  We implement appropriate technical and organisational measures to protect your data:

  - Encryption in transit (TLS/SSL)

  - Encryption at rest

  - Access controls and authentication

  - Regular security audits

  - Secure development practices


  5.3 Data Retention

Transaction records — Retained for 6 years (UK tax law) 

  Ticket images — Retained indefinitely (fraud prevention)

  Profile information — Retained until account deletion (service provision) 

  Email address — Retained indefinitely (prevent re-registration of banned users)

  Usage logs — Retained for 12 months (service improvement)

Crash reports — Retained for 90 days (debugging)

 

6. Your Rights


  Under UK GDPR, you have the following rights:


  6.1 Right of Access

  You can request a copy of all personal data we hold about you.


  6.2 Right to Rectification

  You can request correction of inaccurate personal data. For profile changes, we may require ID verification.


  6.3 Right to Erasure

  You can request deletion of your personal data. Note that:

  - Transaction records must be retained for 6 years (legal requirement)

  - Ticket images are retained for fraud prevention (legitimate interest)

  - Email addresses may be retained to prevent banned user re-registration


  6.4 Right to Restrict Processing

  You can request that we limit how we use your data in certain circumstances.


  6.5 Right to Data Portability

  You can request your data in a machine-readable format.


  6.6 Right to Object

  You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds.


  6.7 Right to Withdraw Consent

  Where processing is based on consent (e.g., marketing), you can withdraw at any time via Settings > Notifications in the

   app.


  6.8 How to Exercise Your Rights

  To exercise any of these rights, contact us at: info@reuniapp.com


  We will respond within 30 days. We may require ID verification for certain requests.


  7. Marketing Communications


  We may send you marketing emails about new features, events, and promotions.

  - Opt-in: You can enable marketing notifications in Settings

  - Opt-out: You can disable at any time in Settings or via email unsubscribe

  - No third-party marketing: We never share your data with marketing partners


  8. Cookies and Tracking


  The REUNI mobile app does not use cookies. We use the following for analytics:

  - PostHog: Anonymous usage analytics

  - Device identifiers: For push notifications and fraud prevention


  You can disable analytics in your device settings.


  9. Children's Privacy


  REUNI is only available to users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we

   discover that a user is under 18, we will terminate their account immediately.


  10. International Transfers


  Your data is stored in the United Kingdom and is not transferred outside the UK. Our third-party processors (Stripe,

  PostHog, Sentry) have appropriate data protection agreements in place for any international processing.


  11. Changes to This Policy


  We may update this Privacy Policy from time to time.

  - Material changes: 30 days advance notice via email and in-app notification

  - Minor changes: Effective immediately upon posting


  We will always display the "Last Updated" date at the top of this policy.


  12. Complaints


  If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the

  Information Commissioner's Office (ICO):


  Information Commissioner's Office

  Wycliffe House, Water Lane

  Wilmslow, Cheshire SK9 5AF

  Website: ico.org.uk

  Helpline: 0303 123 1113


  Contact Us


  For questions about this Privacy Policy or to exercise your data rights:


  Email: info@reuniapp.com

  Support: support@reuniapp.com


  ---

  REUNI LTD

  Company Number: 16677912