Privacy Policy
Effective Date: [DATE OF PUBLICATION] Last Updated: [DATE OF PUBLICATION]
1. Who We Are
This Privacy Policy describes how [ENTITY NAME] ("Freevent", "we", "us", "our") collects, uses, and protects the personal information of users of the Freevent platform, including our website at freevent.app, our mobile applications, and any related services (together, the "Service").
[ENTITY NAME] is a company [registered in Nigeria / to be registered in Nigeria] with registered office at [REGISTERED ADDRESS], Lagos State, Nigeria. We are the data controller of personal information collected through the Service.
If you have any questions about this Privacy Policy or how we handle your information, contact us at legal@freevent.app.
2. Scope and Applicability
This Privacy Policy applies to all users of the Service. By creating an account, signing in, or otherwise using Freevent, you acknowledge that you have read and understood how we process your personal information as described in this Policy.
Age requirement: Freevent is intended for users aged 18 and over. We do not knowingly collect personal information from individuals under 18. If you are under 18, please do not use the Service. If we learn that we have collected information from a person under 18, we will delete it.
This Policy is governed by the Nigeria Data Protection Act 2023 (the "NDPA") and other applicable Nigerian laws and regulations.
3. Information We Collect
We collect personal information in the following ways:
3.1 Information you provide directly
When you create an account or use the Service, you may give us:
- Account information: name, email address, password (stored hashed and salted, never in plain text), date of birth, phone number (if provided)
- Profile information: display name, username, profile photo, bio, home neighbourhood
- Interests and preferences: event categories you select, neighbourhoods you subscribe to, communication preferences
- Content you create: comments, ratings, reviews, photos uploaded to events, friend requests sent
- Communications: messages you send to us through support channels or other contact methods
3.2 Information collected automatically
When you use the Service, we automatically collect:
- Device information: device type, operating system, browser type, screen size, language preference, time zone
- Usage information: pages and screens viewed, events viewed, RSVPs and check-ins recorded, time and duration of sessions, features used, search queries, referral source
- Location information: approximate location based on IP address (always collected); precise location from GPS, Wi-Fi or Bluetooth (only with your explicit permission, used for nearby event recommendations and venue check-in)
- Technical information: IP address, network connection type, device identifiers, cookies and similar technologies (see Section 9)
- Authentication tokens issued and validated to keep you signed in
3.3 Information from third parties
If you sign in using Google, we receive the following from Google with your consent: your name, email address, profile photo, and Google account ID. We do not receive your Google password. The data we receive is governed by your Google account privacy settings.
If you connect with other Freevent users (friendships), we receive the connection metadata you and they create. We do not access your phone contacts or other social networks unless you explicitly grant that permission.
3.4 Information about other people
If you invite someone to an event or share an event with a friend, we may process limited information about that person (such as their email or phone number) solely to facilitate that invitation. We do not retain or use this information for any other purpose.
4. How We Use Your Information
We use the personal information we collect for the following purposes, on the following lawful bases under the NDPA:
| Purpose | Lawful Basis |
|---|---|
| Creating and maintaining your account | Performance of contract |
| Authenticating you each time you sign in | Performance of contract |
| Showing you a personalised feed of events based on your interests and location | Performance of contract / your consent |
| Sending you RSVP confirmations, event reminders, and ticket information | Performance of contract |
| Allowing organisers to scan your QR ticket and check you in at events | Performance of contract |
| Notifying you of friend activity (e.g. "Your friend just RSVPed to an event") | Your consent (you can opt out) |
| Sending product updates, marketing emails, and feature announcements | Your consent (you can opt out) |
| Improving our service, debugging issues, analysing trends, and developing new features | Legitimate interests |
| Preventing fraud, abuse, spam, and unauthorised access | Legitimate interests / legal obligation |
| Responding to legal requests and regulatory enquiries | Legal obligation |
| Communicating with you about changes to our terms, policies, or service | Legitimate interests / legal obligation |
We do not use your personal information for purposes that are materially different from those described in this Policy without notifying you and, where required, obtaining your consent.
5. Sharing Your Information
We share your personal information only as described below.
5.1 With other Freevent users
- Your profile information (display name, username, profile photo, bio) is visible to other users.
- When you RSVP to an event, your participation may be visible to the event organiser and (depending on your settings) to your friends and other attendees of that event.
- When you mark an event as "Interested," that activity may be visible to your friends.
- Your achievements, streak count, and Explorer Score are visible to friends.
You can review and adjust your visibility settings in your profile at any time.
5.2 With event organisers
When you RSVP to or check in at an event, the organiser of that event receives: your display name, profile photo, RSVP timestamp, check-in time (if checked in), and any additional information you choose to share (e.g. guest count for group RSVPs).
Organisers may use this information solely to manage their event. We require organisers, by contract, not to use it for any other purpose without your separate consent.
5.3 With service providers
We share information with carefully selected third-party service providers that perform services on our behalf, including:
- Hosting and database: Supabase (cloud infrastructure)
- Authentication: Google (sign-in)
- Email delivery: [email provider name, e.g. Postmark, Resend, AWS SES]
- Analytics: [analytics provider, if any]
- Error monitoring: [Sentry or equivalent, if any]
- Customer support: [support tooling, if any]
These providers process your information only on our instructions and only as necessary to provide their services. They are bound by data protection obligations consistent with this Policy.
5.4 With legal authorities
We may disclose your information if required to do so by law, court order, or other valid legal request from a Nigerian or foreign authority with jurisdiction over us; or where we believe in good faith that disclosure is necessary to:
- Comply with a legal obligation
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing on the Service
- Protect the personal safety of users or the public
5.5 In connection with a business transfer
If [ENTITY NAME] is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer before your information becomes subject to a different privacy policy.
5.6 We do not sell your personal information
We do not sell your personal information to third parties for advertising, marketing, or any other purpose.
6. International Data Transfers
The Service primarily operates from infrastructure located in [REGION — e.g. European Union]. To the extent your personal information is transferred or accessed outside Nigeria, we ensure such transfers are conducted in accordance with the NDPA, including by using providers that adhere to internationally recognised data protection standards, or with your consent.
7. How Long We Keep Your Information
We retain personal information for as long as necessary to provide the Service to you and for the legitimate business purposes described in this Policy.
| Type of data | Retention period |
|---|---|
| Account information | While your account is active, plus [30 / 90] days after deletion |
| Event RSVPs and check-in history | While your account is active, plus [12] months after deletion |
| Authentication logs | [12] months |
| Support communications | [24] months |
| Marketing consent records | Until you withdraw consent, plus [12] months |
| Analytics data | [24] months in identifiable form, then aggregated |
Where we are required by law to keep records longer (e.g. for tax, accounting, or regulatory reasons), we will do so.
If you delete your account, we will remove your personal information from our active systems within [30] days, except where retention is required by law or for the legitimate purposes described above. Backup copies may be retained for up to [90] additional days before being overwritten.
8. Your Rights
Under the NDPA, you have the following rights with respect to your personal information:
- Right to be informed about how your information is processed (this Privacy Policy serves this purpose)
- Right of access to a copy of the personal information we hold about you
- Right to rectification of inaccurate or incomplete information
- Right to erasure ("right to be forgotten") in certain circumstances
- Right to restrict processing in certain circumstances
- Right to data portability — receive your information in a structured, commonly used format
- Right to object to processing in certain circumstances, including for direct marketing
- Right not to be subject to automated decision-making that significantly affects you
- Right to withdraw consent at any time, where processing is based on consent
- Right to lodge a complaint with the Nigeria Data Protection Commission (NDPC)
To exercise any of these rights, contact us at legal@freevent.app. We will respond within 30 days, as required by the NDPA, and may extend this period by a further 60 days for complex requests, in which case we will notify you of the extension and the reasons.
We may need to verify your identity before processing your request. We will not charge you a fee unless your request is manifestly unfounded or excessive.
9. Cookies and Similar Technologies
We use cookies and similar technologies (such as local storage and pixels) to:
- Keep you signed in (authentication cookies)
- Remember your preferences (e.g. neighbourhood, language)
- Understand how you use the Service so we can improve it
- Detect and prevent fraud and abuse
You can control cookies through your browser settings. Note that disabling certain cookies may prevent parts of the Service from functioning properly.
10. Security
We take reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data at rest
- Hashed and salted password storage
- Role-based access controls on internal systems
- Regular security reviews and updates
- Logging and monitoring of access to personal information
- Vendor security assessments
No system is perfectly secure, however. We cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in significant risk to your rights and freedoms, we will notify the NDPC within 72 hours and, where required, notify affected users.
11. Children
Freevent is not directed at or intended for use by children under 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at legal@freevent.app and we will delete the information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal obligations. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Policy
- Notify you by email or in-app notification at least 14 days before the changes take effect, where the changes are material
Continued use of the Service after the effective date of the updated Policy constitutes your acceptance of it.
13. Contact
For any questions, concerns, or requests relating to your personal information or this Privacy Policy:
- Email: legal@freevent.app
- Postal: [ENTITY NAME], [REGISTERED ADDRESS], Lagos State, Nigeria
- Data Protection Officer (DPO): [DPO NAME, if appointed], dpo@freevent.app
If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC):
- Website: ndpc.gov.ng
- Email: info@ndpc.gov.ng
This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from it will be resolved in the courts of Lagos State, Nigeria.