Privacy Policy

This policy applies to personal data processed through the LitterLink website and related services, including public event discovery, user accounts, profiles, dashboards, groups, organiser applications, uploaded media, and service communications.

In this policy, "personal data" means information that identifies you or can reasonably be linked to you.

• Account and authentication data: your email address, password submitted at sign-up or sign-in, and, if you use Google sign-in, profile information made available by Google such as your name, email address, and avatar.
• Profile data: display name, optional home postcode, avatar image, organiser status, admin status, and account creation date.
• Event data: titles, descriptions, event postcodes, latitude and longitude derived from those postcodes, address labels, event times, attendee limits, organiser contact details, event status, attendance records, and post-event impact data.
• Participation data: which events you joined and when you joined them.
• Group data: group names, descriptions, logos, website links, social links, contact email addresses, type of organisation, and group creator details.
• Organiser application data: your motivation, experience, organisation name, social links, application status, and review timestamps.
• Media: avatars, group logos, and event photos you upload.
• Communication and preference data: your email preferences and any email correspondence connected to organiser applications or support requests.
• Technical and usage data: session and security data needed to keep you signed in, plus limited usage and performance data processed through our hosting and analytics providers.

• Directly from you when you create an account, edit your profile, join an event, create an event or group, upload media, or submit an organiser application.
• From Google if you choose Google OAuth sign-in.
• From postcodes.io when you enter a UK postcode for event search, event creation, or optional profile location features.
• Automatically from our infrastructure providers when you use the site, for example to maintain secure sessions and understand site performance.

LitterLink is a community platform, so some information is intended to be visible to other users and visitors. Please only publish information you are comfortable sharing.

• If you organise an event, your display name, organiser status, event details, organiser contact details, event statistics, and any event photos may be visible on public event pages.
• If you join an event, your display name and joined date may be shown on the event page to other visitors.
• If you create a group, the group name, description, logo, website, social links, contact email address, and associated events may be public.
• Avatars, group logos, and event photos may be served from public URLs so they can be displayed on the site.

Please do not include sensitive personal data or personal data about other people in event descriptions, contact details, group pages, photos, or free-text fields unless you have a valid legal basis and any necessary permission to do so.

• Supabase: authentication, database, and file storage provider.
• Vercel: hosting provider, plus Vercel Analytics and Speed Insights for product and performance monitoring.
• Resend: transactional email provider used for organiser-application related emails and similar service communications.
• postcodes.io: postcode geocoding provider used server-side when you search by postcode or create an event.
• Google: if you choose Google sign-in, Google processes your data as part of the sign-in flow under its own terms and privacy information.
• Professional advisers, regulators, and authorities: where reasonably necessary to protect rights, investigate misuse, or comply with law.

Where these providers act on our behalf, we expect them to process personal data under appropriate contractual and security controls.

Some of our providers may process personal data outside the UK or EEA. Where that happens, we aim to use appropriate safeguards such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms made available by the relevant provider.

We keep personal data only for as long as necessary for the purposes described in this policy, including to provide the service, keep appropriate business records, resolve disputes, enforce terms, and protect the platform.

• Account, profile, participation, and preference data: retained while your account is active. When you delete your account, these records — including your email address, display name, postcode, avatar, email preferences, RSVP records, and organiser application — are permanently removed.
• Event and group content: events, groups, and post-event impact statistics are preserved after account deletion for community record-keeping. Your personal link to them is severed — the organiser or creator field is cleared and any organiser contact details are removed — so the retained data is no longer associated with you.
• Media files: your avatar and any event photos you uploaded are deleted from storage when you delete your account. Group logos are retained with the group record.
• Organiser application data: deleted as part of account deletion, as it is linked to your profile.
• Technical and analytics data: according to our providers' retention settings and only for as long as reasonably necessary for security and service improvement.

We use technical and organisational measures designed to protect personal data, including access controls, authentication tooling, and managed infrastructure providers. No system is completely secure, however, and we cannot guarantee absolute security.

Depending on your location and the circumstances, you may have the right to:

• request access to the personal data we hold about you;
• ask us to correct inaccurate or incomplete personal data;
• ask us to delete your personal data — you can do this immediately and without contacting us by using the Delete account option on your profile page;
• ask us to restrict how we use your personal data;
• object to processing based on legitimate interests;
• receive a copy of certain personal data in a portable format;
• withdraw consent where processing relies on consent — marketing email preferences can be updated at any time on your profile page; and
• complain to the UK Information Commissioner's Office or your local data protection authority.

For any other rights requests, email hello@litterlink.co.uk. We may need to verify your identity before acting on a request.

• Essential session technology: we use cookies or similar session mechanisms to keep you signed in and protect account access.
• Analytics and performance: we use Vercel Analytics and Speed Insights to understand how the site is used and how it performs.
• Postcode lookup: we do not currently use live browser geolocation. Instead, when you enter a UK postcode for search or event creation, that postcode is sent server-side to postcodes.io to obtain latitude and longitude.
• Optional home postcode: if you add a postcode to your profile, we may use it to centre event discovery and support nearby-event features.

We do not use solely automated decision-making or profiling that produces legal or similarly significant effects about you. Organiser approvals and rejections are reviewed by people.

We may update this policy from time to time to reflect changes to the service, the law, or our providers. When we make material changes, we will update the "Last updated" date on this page and, where appropriate, take additional steps to notify users.

If you have questions about this policy or want to exercise your privacy rights, contact LitterLink at hello@litterlink.co.uk.