This policy explains what personal data coming.up.in collects, why we collect it, and how we handle it. We've written it in plain English — if anything is unclear, email us at hello@coming.up.in.
Who we are
coming.up.in is an event discovery platform. We publish events happening in UK cities so that locals can find out what's on near them. The data controller is coming.up.in (contact: hello@coming.up.in).
What data we collect
If you list an event or create an account:
- Your name and email address
- Your organisation name and social media handles (if provided)
- Your general location / city
- Payment information — handled entirely by Stripe, we never see your card details
- Event details you submit (title, description, images, dates, venue)
If you subscribe to our email digest:
- Your email address and the city you're interested in
Automatically when you visit:
- Standard web server logs (IP address, browser type, pages visited)
- Cookies — see the Cookies section below
Why we collect it
- To run the service — creating accounts, publishing events, processing payments, and sending receipts
- To send the weekly digest — only to people who have explicitly subscribed
- To improve the platform — understanding which features are used and fixing bugs
- Legal compliance — keeping records for tax and fraud prevention purposes
We do not sell your data to third parties and we do not use it for advertising targeting.
Who processes your data
We use a small number of trusted third-party services to operate the platform:
Cookies
We use a minimal set of cookies:
- Authentication cookie — set by Supabase when you log in. Keeps you signed in to your account. Strictly necessary.
- Map interaction — Mapbox may set cookies when you interact with the map. These are functional, not tracking.
We don't use advertising cookies or third-party analytics trackers (no Google Analytics, no Meta Pixel). If that changes, we'll update this policy and ask for consent.
Your rights under UK GDPR
You have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — ask us to fix inaccurate data
- Deletion — ask us to delete your account and associated data
- Portability — receive your data in a machine-readable format
- Restriction — ask us to stop processing your data while a dispute is resolved
- Objection — object to processing based on legitimate interests
To exercise any of these rights, email hello@coming.up.in. We'll respond within 30 days.
How long we keep your data
- Account data is retained while your account is active. You can request deletion at any time.
- Event listings are kept for 12 months after the event ends, then removed from public view (retained in backups for up to 90 days).
- Payment records are kept for 7 years as required by HMRC.
- Email subscriber records are kept until you unsubscribe. Every email includes an unsubscribe link.
Data security
All data in transit is encrypted with TLS. Data at rest is encrypted by Supabase and Vercel. Access to the database is restricted to authorised personnel and automated systems only. We use Row-Level Security in Supabase so each organiser can only access their own data.
Despite these measures, no system is 100% secure. If you discover a vulnerability, please report it responsibly to hello@coming.up.in.
Complaints
If you believe we've handled your data incorrectly, please contact us first at hello@coming.up.in — we'd like the chance to put it right.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection regulator.
Changes to this policy
We may update this policy when we add new features or services. If we make significant changes, we'll email registered users and update the "Last updated" date at the top of this page.