WhatNightOut
EventsVenuesFor YouFavourites
Sign In

Privacy Policy

Last updated: March 2026

1. Who we are

WhatNightOut is operated by whatnightout Ltd, a company registered in England and Wales. We operate the website at whatnightout.uk and the WhatNightOut mobile application (together, the “Service”). The Service is a nightlife and music event discovery platform covering cities across the United Kingdom.

In this policy, “we”, “us”, and “our” refer to whatnightout Ltd. “You” and “your” refer to you as a user of the Service.

2. What data we collect

We collect the following categories of personal data:

Account data

When you create an account, we collect your email address, display name, and authentication provider details. You may sign in using Google, Apple, or an email and password. Authentication is handled by Google Firebase, which stores your credentials securely. We receive your email address, display name, and a unique user identifier from Firebase. We do not receive or store your password.

Preferences and activity

When you use the Service, we store your preferences and activity to personalise your experience. This includes your selected city, genre preferences (up to 10), favourited events, followed venues, and recently viewed events. This data is associated with your account and stored on our servers.

User-submitted content

If you submit an event for inclusion on the platform, we collect the event details you provide (name, date, venue, description, genres, ticket link, and price). If you upload an event image, it is stored by Cloudinary, a third-party image hosting service.

Usage and analytics data

With your explicit consent, we collect anonymised analytics data about how you use the Service. This includes pages visited, features used, search queries, filter interactions, and general engagement patterns. Analytics are collected via PostHog, which is hosted on EU servers in Frankfurt, Germany. Analytics tracking is disabled by default and only activated when you give consent via our cookie banner (website) or settings (mobile app).

Technical data

When you access the Service, our servers automatically collect standard technical data including your IP address, browser type and version, operating system, device type, referring URL, and pages visited. This data is used for security, abuse prevention, and to ensure the Service functions correctly.

Cookies and local storage

The website uses cookies and browser local storage. See Section 6 below for a detailed breakdown of the cookies we use.

3. Legal basis for processing

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following lawful bases:

  • Contract: Processing your account data, preferences, and activity is necessary to provide you with the features of the Service you have signed up for (favourites, follows, personalised recommendations, event submissions).
  • Consent: Analytics tracking via PostHog is only activated with your explicit consent. You may withdraw consent at any time.
  • Legitimate interest: We process technical data (IP address, browser type) for security, abuse prevention, and to maintain the performance and reliability of the Service. We also use aggregated, non-personal data to understand usage patterns and improve the platform.

4. How we use your data

We use your data for the following purposes:

  • To provide and operate the Service, including displaying events, venues, and search results
  • To personalise your experience, showing relevant weekend picks based on your genre preferences, city selection, and activity
  • To maintain your favourites, followed venues, and other saved preferences
  • To process and display event submissions you make
  • To send push notifications about new events at venues you follow (mobile app only, with your permission)
  • To understand how the Service is used and to improve it (with your analytics consent)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data sharing and third parties

We never sell your personal data. We share data with the following third-party services solely to operate the Service:

  • Google Firebase (Google LLC, USA): provides user authentication. Firebase receives your email address, display name, and authentication credentials. Google’s privacy policy applies to data processed by Firebase.
  • PostHog (EU, Frankfurt, Germany): provides analytics. Only activated with your consent. PostHog processes anonymised usage data on EU servers. No personal identifiers are sent without consent.
  • Cloudinary (Cloudinary Ltd): hosts images uploaded with event submissions. Image files are stored on Cloudinary’s servers.
  • Render (Render Services Inc., USA): hosts our website and backend infrastructure. All data processed by the Service passes through Render’s servers.
  • Apple & Google: distribute the mobile app via the App Store and Google Play. Push notifications on the mobile app are delivered via Apple Push Notification Service and Google Firebase Cloud Messaging.

We may also disclose your data if required by law, regulation, or legal process, or to protect the rights, safety, or property of whatnightout Ltd, our users, or the public.

6. Cookies and local storage

Our website uses cookies and browser local storage. The mobile app does not use cookies.

Essential (no consent required)

  • Authentication cookies: Set by Firebase to maintain your signed-in session. Without these, you would need to log in on every page visit.
  • Cookie consent preference: Stores whether you have accepted or rejected analytics cookies, so we don’t ask you again.
  • Local storage: Stores your city preference, view mode (map/list), and other UI preferences for a consistent experience. This data stays in your browser and is not sent to our servers.

Analytics (consent required)

  • PostHog cookies: Set only if you accept analytics cookies via our cookie banner. These cookies help us understand how the site is used. PostHog data is processed on EU servers (Frankfurt). You can withdraw consent at any time via the cookie banner or your profile settings.

You can also manage cookies through your browser settings. Note that blocking essential cookies may prevent parts of the Service from functioning correctly.

7. Data retention

  • Account data: Retained for as long as your account is active. When you delete your account (via profile settings), all personal data (including your email, preferences, favourites, follows, and submissions) is permanently deleted from our servers.
  • Analytics data: Anonymised analytics data may be retained for up to 12 months after collection. This data cannot be linked back to you.
  • Technical logs: Server logs containing IP addresses and request data are retained for up to 30 days for security and debugging purposes, then automatically deleted.

8. Your rights under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct any inaccurate or incomplete personal data.
  • Right to erasure: You can ask us to delete your personal data. You can also delete your account directly from your profile settings at any time.
  • Right to restriction: You can ask us to restrict the processing of your data in certain circumstances.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to object: You can object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent (analytics), you can withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email privacy@whatnightout.uk. We will respond within one month as required by law. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Children’s privacy

The Service is a nightlife and event discovery platform intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will delete it promptly. If you believe a child under 18 has provided us with personal data, please contact us at privacy@whatnightout.uk.

10. International data transfers

Some of our third-party service providers process data outside the United Kingdom:

  • Google Firebase may process authentication data in the United States. Google provides appropriate safeguards through Standard Contractual Clauses (SCCs) and its data processing terms.
  • PostHog processes analytics data exclusively within the EU (Frankfurt, Germany), which is covered by the UK adequacy decision.
  • Render hosts infrastructure in the United States. Data transfers are covered by their data processing agreement and Standard Contractual Clauses.
  • Cloudinary may process uploaded images in various locations. Transfers are covered by Standard Contractual Clauses.

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place as required by UK data protection law.

11. Data security

We take reasonable technical and organisational measures to protect your personal data. All data transmitted between your device and our servers is encrypted using TLS (HTTPS). Authentication is handled by Google Firebase, which provides industry-standard security including secure credential storage and token-based authentication. Access to our backend systems and database is restricted to authorised personnel only.

While we take security seriously, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates when the policy was last revised. For material changes that significantly affect how we process your data, we will make reasonable efforts to notify you, for example via a notice on the website or mobile app. Continued use of the Service after changes constitutes your acknowledgement of the updated policy.

13. Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us:

  • Email: privacy@whatnightout.uk
  • General enquiries: hello@whatnightout.uk

You can also review our Terms of Use for the rules and conditions governing your use of the Service.

Events in SheffieldEvents in NewcastleEvents in LeedsEvents in LiverpoolEvents in ManchesterEvents in NottinghamVenues in SheffieldVenues in NewcastleVenues in LeedsVenues in LiverpoolVenues in ManchesterVenues in Nottingham

© 2026 WhatNightOut. All rights reserved.

AboutPrivacy PolicyTerms
EventsVenuesFor YouFavouritesProfile