OninFive Logo

Last updated: 1 March 2026

OninFive Privacy Policy (UK)

This Privacy Policy explains how OninFive ("we", "our", "us") collects, uses, and protects personal data when you use the OninFive mobile app and related services.

We are a UK-based service and process personal data in line with the UK GDPR and the Data Protection Act 2018.

1. Who this policy applies to

This policy applies to all users of the app, including:

  • music fans ("users")
  • artists
  • promoters

2. Data we collect

2.1 Data you provide directly

  • Account data: email address and authentication details via Firebase Authentication (including sign-in with Apple/Google where chosen).
  • Profile data:
  • Users: basic account profile.
  • Artists: artist name, bio, profile image URL, genres, verification application data (for example social links and optional contact phone number).
  • Promoters: promoter name (required), and optional phone, email, default venue.
  • Event and content data:
  • Event title, description, date/time, venue details, genres, entry-fee flag.
  • Saved events (bookmarks).
  • Promoter invite and relationship actions (send, accept/reject, revoke).
  • Support or contact data when you email us.

2.2 Data collected automatically

  • Device/app data such as app version, platform, and technical diagnostics.
  • Authentication and security logs.
  • App usage events (for example share actions).
  • Local app storage/caching data (for example saved-event IDs, sync queue state, tutorial seen/completed flags).

2.3 Location and directions data

  • If you grant location permission, we process your location to show nearby events and support event directions/navigation flows.
  • We also process destination venue coordinates/address for map and directions features.
  • Location permission is optional, but some discovery/directions features will be limited if denied.

2.4 Data from third parties

  • Sign-in and identity data from Apple/Google/Firebase authentication services.
  • Map/place data from mapping providers (for example Google Maps/Places integrations).

3. How we use personal data

We use personal data to:

  • provide account authentication and role-based onboarding;
  • operate fan, artist, and promoter features;
  • create and display event details, maps, and directions;
  • sync saved events and offline queue actions across sessions/devices;
  • process artist verification and promoter relationship workflows;
  • maintain security, prevent abuse, and troubleshoot issues;
  • improve product quality, reliability, and performance;
  • comply with legal obligations.

We do not sell your personal data.

4. Legal bases for processing (UK GDPR)

Depending on context, we rely on:

  • Contract: to provide core app functionality you request.
  • Legitimate interests: service security, abuse prevention, analytics, and product improvement.
  • Consent: where required (for example device location permission and certain notifications/tracking settings).
  • Legal obligation: where processing is required by law.

5. Data sharing

We share data with service providers and infrastructure partners only as needed to run the service, including:

  • Firebase (authentication and related services)
  • Supabase/PostgreSQL (database and storage infrastructure)
  • Hosting/infrastructure providers (for example Vercel and caching services)
  • Map/location providers (for example Google Maps/Places)
  • Apple and Google where needed for platform authentication and app delivery

Some providers act as processors on our behalf; others may act as independent controllers for their own services.

We may also disclose data if required for legal reasons (for example lawful requests, fraud prevention, or rights protection).

6. International transfers

Your data may be processed outside the UK. Where we transfer personal data internationally, we use appropriate safeguards (such as adequacy regulations or approved transfer mechanisms).

7. Data retention

We keep personal data only as long as needed for the purposes in this policy, including legal, security, and operational requirements.

Retention is typically based on:

  • account lifecycle (active account vs deleted account),
  • operational need (for example saved events, event history, promoter relationships),
  • legal obligations (for example dispute handling or compliance records).

When data is no longer needed, we delete it or de-identify it.

8. Your rights

Under UK data protection law, you may have rights to:

  • access your personal data,
  • correct inaccurate data,
  • erase data,
  • restrict processing,
  • object to processing,
  • data portability,
  • withdraw consent where processing relies on consent.

You can request account/data deletion by contacting us at the email below.

You also have the right to complain to the UK Information Commissioner's Office (ICO): https://ico.org.uk

9. Security

We use technical and organisational safeguards designed to protect personal data, including access controls and encryption in transit where appropriate. No system can be guaranteed 100% secure.

10. Children's privacy

OninFive is not intended for children under 13. We do not knowingly collect personal data from children under 13.

11. Changes to this policy

We may update this policy from time to time. We will post the updated version in-app and/or on our website with a revised "Last updated" date.

12. Contact

Email: support@oninfive.app