Privacy Policy
Last Updated: 9 January 2026
REUNI LTD ("REUNI", "we", "us", or "our"), a company registered in England and Wales (Company No. 16677912), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the REUNI mobile application and website.
We are the data controller for your personal data. Our registered office is at 56 Argosy Crescent, Eastleigh, England, SO50 5RW.
1. Information We Collect
1.1 Information You Provide
Account Information:
- Full name
- Date of birth
- Email address (university .ac.uk email required)
- Phone number
- University name
- Course/degree
- Year of study
- Username
- Profile picture (optional)
Payment Information:
- Payment details are collected and processed by Stripe
- We do not store your full card details
- Stripe account information for sellers
Transaction Information:
- Ticket listings and purchases
- Offer amounts and history
- Transaction IDs and timestamps
Ticket Information:
- Ticket screenshots (for verification)
- Event details
- Barcode data (hashed for duplicate detection)
1.2 Information Collected Automatically
Device Information:
- Device type and model
- Operating system version
- Unique device identifiers
- IP address
Usage Information:
- App usage patterns
- Features accessed
- Search queries
- Crash reports and error logs
Location Information:
- GPS coordinates (only when filing refund claims, for fraud verification)
- Approximate location from IP address
1.3 Information from Third Parties
Event Platforms:
- Event details from Fatsoma and FIXR APIs
- Ticket verification data
Payment Processors:
- Transaction status from Stripe
- Identity verification results
2. How We Use Your Information
We use your personal data for the following purposes:
2.1 Providing Our Services
- Creating and managing your account
- Verifying your university student status
- Processing ticket listings and purchases
- Facilitating payments and payouts
- Enabling communication between buyers and sellers
2.2 Verification and Fraud Prevention
- Verifying ticket authenticity using OCR and AI analysis
- Detecting duplicate tickets using barcode and image hashing
- Matching ticket holder names to user profiles
- Preventing fraudulent transactions
- Investigating refund claims using GPS and timestamp data
2.3 Legal Compliance
- Complying with UK tax law (6-year transaction record retention)
- Responding to legal requests from law enforcement
- Preventing money laundering and financial crime
- Fulfilling our obligations under UK GDPR
2.4 Service Improvement
- Analysing usage patterns to improve features
- Debugging and fixing technical issues
- Developing new features and services
2.5 Communications
- Sending transaction confirmations and updates
- Notifying you about offer activity
- Important service announcements
- Marketing communications (with your consent, opt-out available)
3. Legal Basis for Processing
We process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and services | Contract performance |
| Payment processing | Contract performance |
| Fraud prevention | Legitimate interests |
| Ticket verification | Legitimate interests |
| Legal compliance | Legal obligation |
| Marketing (with consent) | Consent |
| Analytics and improvement | Legitimate interests |
4. Data Sharing
We share your personal data with the following third parties:
4.1 Payment Processing
Stripe, Inc.
- Processes all payments
- Conducts identity verification for sellers
- Manages payouts to seller bank accounts
- Stripe Privacy Policy
4.2 Analytics and Monitoring
PostHog
- App usage analytics
- Feature usage tracking
- No personally identifiable information shared
- PostHog Privacy Policy
Sentry
- Crash reporting and error tracking
- Technical debugging
- Sentry Privacy Policy
4.3 Ticket Verification
Claude AI (Anthropic)
- AI-powered ticket screenshot analysis
- Fraud detection assistance
- Data processed securely, not used for AI training
4.4 Email Communications
Resend
- Transactional email delivery
- Resend Privacy Policy
4.5 Push Notifications
Apple Push Notification Service (APNs)
- Delivering push notifications to iOS devices
- Apple Privacy Policy
4.6 Event Data
Fatsoma and FIXR APIs
- Fetching event information
- Verifying ticket validity
4.7 Legal and Regulatory
We may share your data with:
- Law enforcement (when legally required)
- Courts (in response to valid legal process)
- Regulators (as required by law)
We will notify you of such requests unless legally prohibited from doing so.
5. Data Storage and Security
5.1 Where We Store Your Data
All personal data is stored within the United Kingdom using Supabase, a secure cloud database platform with UK data residency.
5.2 Security Measures
We implement appropriate technical and organisational measures to protect your data:
- Encryption in transit (TLS/SSL)
- Encryption at rest
- Access controls and authentication
- Regular security audits
- Secure development practices
5.3 Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Transaction records | 6 years | UK tax law requirement |
| Ticket images | Indefinitely | Fraud prevention (duplicate detection) |
| Profile information | Until account deletion | Service provision |
| Email address | Indefinitely after deletion | Prevent banned user re-registration |
| Usage logs | 12 months | Service improvement |
| Crash reports | 90 days | Technical debugging |
6. Your Rights
Under UK GDPR, you have the following rights:
6.1 Right of Access
You can request a copy of all personal data we hold about you.
6.2 Right to Rectification
You can request correction of inaccurate personal data. For profile changes, we may require ID verification.
6.3 Right to Erasure
You can request deletion of your personal data. Note that:
- Transaction records must be retained for 6 years (legal requirement)
- Ticket images are retained for fraud prevention (legitimate interest)
- Email addresses may be retained to prevent banned user re-registration
6.4 Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
6.5 Right to Data Portability
You can request your data in a machine-readable format.
6.6 Right to Object
You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds.
6.7 Right to Withdraw Consent
Where processing is based on consent (e.g., marketing), you can withdraw at any time via Settings > Notifications in the app.
6.8 How to Exercise Your Rights
To exercise any of these rights, contact us at: info@reuniapp.com
We will respond within 30 days. We may require ID verification for certain requests.
7. Marketing Communications
We may send you marketing emails about new features, events, and promotions.
- Opt-in: You can enable marketing notifications in Settings
- Opt-out: You can disable at any time in Settings or via email unsubscribe
- No third-party marketing: We never share your data with marketing partners
8. Cookies and Tracking
The REUNI mobile app does not use cookies. We use the following for analytics:
- PostHog: Anonymous usage analytics
- Device identifiers: For push notifications and fraud prevention
You can disable analytics in your device settings.
9. Children's Privacy
REUNI is only available to users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that a user is under 18, we will terminate their account immediately.
10. International Transfers
Your data is stored in the United Kingdom and is not transferred outside the UK. Our third-party processors (Stripe, PostHog, Sentry) have appropriate data protection agreements in place for any international processing.
11. Changes to This Policy
We may update this Privacy Policy from time to time.
- Material changes: 30 days advance notice via email and in-app notification
- Minor changes: Effective immediately upon posting
We will always display the "Last Updated" date at the top of this policy.
12. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
Contact Us
For questions about this Privacy Policy or to exercise your data rights:
Email: info@reuniapp.com
Data Protection Contact:
REUNI LTD
56 Argosy Crescent
Eastleigh, England
SO50 5RW
Company Number: 16677912
Effective 9 January 2026