Privacy Policy

When you create an account and use Arcus, we collect:

Account & Identity:

• Email address and password for account creation

• Full name and display name

• Instagram handle (used as your username)

Contact Information (optional):

• Phone number

• Location/area of residence

Demographics (optional):

• Age

• Gender

Interests & Preferences:

• Training and activity preferences

• Marketing email preferences

Social & Activity Data:

• Profile photos and bio

• Friend/follow connections

• Event RSVPs, ticket purchases, and attendance history

• Check-in timestamps

• Referral relationships

Payment Data (for paid events):

• Transaction records (amount, date, ticket tier, payment status)

• Stripe payment reference IDs

• We do NOT store your card number, CVV, or full payment credentials — these are handled entirely by Stripe

Technical Data:

• Device information for push notifications

• Last active timestamps

We use your information to:

• Create and manage your account

• Enable event discovery, RSVPs, ticket purchases, and check-ins

• Connect you with other members and communities

• Improve app functionality and user experience

• Send important updates about events and features

• Maintain security and prevent fraud

When you RSVP to or purchase a ticket for an event:

• Your name, email, and Instagram handle may be shared with the brand hosting the event

• For paid events, your ticket and payment status is shared with the brand

• This allows hosts to manage guest lists, check-in attendees, and handle event communications

Anonymized analytics:

• We provide hosts with aggregated demographic insights (age ranges, gender distribution)

• This data is anonymized and never identifies individual users

• This helps brands understand their audience and improve future events

Event Photography:

• Photos and videos may be taken at Arcus events

• These materials may be used for promotional purposes on our website, app, and social media

• Brands hosting events may also photograph and share images on their own social media and marketing channels

• By attending events, you consent to being photographed or recorded by Arcus and the hosting brand

User-Uploaded Content:

• You retain ownership of photos and content you upload to your profile

• By uploading content, you grant Arcus a non-exclusive license to display it within the app

• Your content may appear in event recaps, member highlights, or promotional materials

Opting Out:

• You may request removal of specific images featuring you from Arcus platforms

• For images posted by event hosts, please contact them directly

• Contact us to opt out of future event photography

• You can delete your uploaded content anytime from your profile settings

We use Supabase for:

• Database hosting and management

• User authentication and authorization

• File storage for photos and media

• Real-time features and notifications

Supabase operates in compliance with GDPR and industry security standards. Your data is encrypted in transit and at rest.

We use Stripe for:

• Payment processing for paid event tickets

• Stripe Payments UK Limited is authorised by the Financial Conduct Authority

• Your card details are handled entirely by Stripe and never touch Arcus servers

• Payments go directly to the event organiser's Stripe account — Arcus does not hold your funds

• For more information, see Stripe's privacy policy at stripe.com/privacy

We retain your information while your account is active. When you delete your account:

• Your profile and personal data are permanently removed

• Event attendance records are anonymized

• Some data may be retained for legal compliance (30 days)

Payment records:

• Transaction records (amounts, dates, payment references) are retained for 6 years after the transaction date, as required by HMRC for tax and accounting purposes

• This applies even if you delete your account

You can delete your account anytime from Settings.

You have the right to:

• Access your personal data

• Update or correct your information

• Delete your account and data

• Export your data

• Opt out of marketing communications

Exercise these rights through your account settings or contact us.

We implement industry-standard security measures:

• End-to-end encryption for data transmission

• Secure authentication with JWT tokens

• Regular security audits and updates

• Access controls and monitoring

While we take security seriously, no system is completely secure. Please protect your account credentials.

Arcus is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this privacy policy periodically. We will notify you of significant changes through the app or email. Continued use after changes constitutes acceptance of the updated policy.

Last updated: March 2026