1. Who We Are
This Privacy Policy explains how Ventir Ltd (“Ventir”, “we”, “us” or “our”) collects, uses, shares and protects personal information when you visit ventir.app, join our waitlist, communicate with us, or use any current or future Ventir services.
Company name: Ventir Ltd. Company number: 13423472. Registered office: 3rd Floor, 86-90 Paul Street, London EC2A 4NE, United Kingdom. Contact email: contact@ventir.app. ICO registration number: ZC134905.
Ventir Ltd is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, unless we explain otherwise. We are not currently required to appoint a Data Protection Officer. If this changes, we will update this policy.
2. Scope and Pre-Launch Status
Ventir is currently in pre-launch phase. The current Service may only collect limited information for a landing page and waitlist. Future marketplace features may involve additional personal data, including account, booking, payment, messaging, Host, Venue, review, dispute and fraud prevention data.
We will update this policy before collecting materially different categories of personal data or using personal data for materially different purposes.
3. Personal Data We Collect
Information you give us may include email address, name if provided, business or Venue details if provided, messages, enquiries, feedback, support requests, complaints, marketing preferences and consent records.
When Marketplace Features launch, we may collect account registration details, authentication information, Guest booking details, event details, attendee numbers, Venue preferences, booking history, Host details, business names, Venue listing data, availability, pricing, payout details, verification data, messages, reviews, ratings, complaints, support requests, dispute evidence and moderation records.
Payment-related information may include payment status, transaction IDs, refunds, chargebacks and Stripe customer or connected-account identifiers. Card details should be handled by our payment provider and not stored directly by Ventir unless expressly stated.
Identity, business, right-to-list, fraud prevention, sanctions or safety verification data may be collected where required for trust, safety, legal or payment compliance.
4. Data Collected Automatically
When you visit ventir.app or use the Service, we and our providers may process technical information including IP address, device and browser type, operating system, pages visited, timestamps, referring website, approximate location inferred from IP address, and security, error and diagnostic logs.
We use this information for security, abuse prevention, troubleshooting, service operation and, where enabled with appropriate controls, analytics and product improvement.
5. Information From Third Parties
When Marketplace Features launch, we may receive information from payment processors, identity verification providers, fraud prevention providers, hosting providers, email delivery services, analytics providers, maps providers, business verification services, professional advisers, law enforcement or regulators where legally permitted.
6. Special Category Data and Children
We do not intentionally collect special category data, such as health, race, religion, biometric data, political opinions or trade union membership, unless a user voluntarily includes it and it is necessary for a specific request. Users should avoid submitting unnecessary sensitive data.
Ventir is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data, contact us and we will take appropriate steps to delete it.
7. Why We Use Personal Data
We use personal data to operate the landing page and waitlist; send waitlist confirmations, launch updates and product updates where permitted; respond to enquiries; create and manage accounts; enable listings, enquiries, bookings, payments, refunds, payouts, reviews and messaging; verify users, Hosts, businesses, Venues, payment activity and booking activity; prevent, detect and investigate fraud, misuse, security incidents, unlawful activity, disputes and breaches; comply with legal obligations; and improve, secure, test and develop the Service.
8. Lawful Bases for Processing
Under UK GDPR, we rely on the following lawful bases. More than one lawful basis may apply depending on context.
| Lawful basis | When we use it | Examples |
|---|---|---|
| Consent | Where you have given clear permission. | Waitlist emails, launch updates, optional marketing and non-essential cookies where used. |
| Contract | Where needed to provide services you request or take steps before entering a contract. | Account creation, booking management, Host listings, support and marketplace transactions. |
| Legitimate interests | Where we have a legitimate business reason and your rights do not override it. | Security logs, fraud prevention, service improvement, platform integrity and basic analytics where lawful. |
| Legal obligation | Where we must comply with the law. | Tax/accounting records, regulator requests, legal claims and data rights responses. |
| Legal claims / substantial public interest where applicable | Where necessary and permitted by law. | Disputes, fraud investigations, safety incidents and enforcement of terms. |
9. Email Marketing and Waitlist Communications
We will only send marketing emails, launch updates or product updates where you have consented or where we are otherwise permitted by law. We will not disguise our identity in marketing emails and will provide a valid contact method or unsubscribe mechanism.
You can opt out at any time by using the unsubscribe link in our emails or by contacting contact@ventir.app. If you opt out, we will stop using your information for the direct marketing covered by that opt-out. We may still send non-marketing service or administrative messages where necessary, such as security notices, account notices, booking confirmations or legal updates.
10. Cookies and Similar Technologies
We do not currently use non-essential cookies for advertising or third-party tracking on the pre-launch landing page. The Service may use essential cookies or similar technologies where strictly necessary for website delivery, security, preferences, authentication, load balancing or similar core functionality.
If we introduce analytics, advertising, personalisation, heatmap, social media pixel or other non-essential cookies or similar technologies, we will update this policy and our Cookie Policy and, where required, request consent before placing those technologies on your device. Users must be able to reject non-essential cookies as easily as accepting them and must be able to change preferences.
11. Who We Share Personal Data With
We do not sell personal information. We share personal data only where needed to operate, secure, improve or provide the Service, comply with law, enforce our terms or protect rights and safety.
Service providers may include Supabase or other database providers; Vercel or other hosting providers; GoDaddy, Cloudflare or other domain/DNS providers; Stripe or other payment providers; email delivery and customer communication providers; identity, business, fraud, sanctions or safety verification providers; analytics, monitoring, error logging and security providers; and professional advisers including lawyers, accountants, insurers and auditors.
When Marketplace Features launch, certain information may be shared between Hosts and Guests where necessary for enquiries, bookings, Venue access, cancellations, refunds, disputes, reviews and support. For example, a Host may receive booking details and a Guest may receive Host contact, Venue and access information.
We may disclose personal data where necessary to comply with law, respond to lawful requests, enforce terms, prevent fraud, protect users or third parties, obtain advice, defend claims or support a merger, acquisition, restructuring, financing or sale of business assets.
12. Processor Register and Launch Confirmation
Before publication and launch, Ventir maintains an internal processor register confirming each provider, purpose, data categories, location, role, data processing terms, security measures, sub-processors and transfer mechanism. This policy will be updated if public-facing provider details materially change.
13. International Transfers
We aim to store and process personal data in the UK or EEA where practical. Some providers may process personal data in other countries.
Where personal data is transferred outside the UK to a country not recognised as providing adequate protection, we will use appropriate safeguards where required, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism.
Before launch, Ventir will confirm configured hosting regions and transfer mechanisms for each processor, including Supabase, Vercel, Stripe, email providers, analytics providers, identity verification tools and customer support tools.
14. How Long We Keep Personal Data
We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to provide the Service, comply with law, resolve disputes, enforce agreements, prevent fraud and maintain business records.
| Data type | Indicative retention period |
|---|---|
| Waitlist email and consent record | Until you unsubscribe, request deletion, or 12 months after launch if you do not become an active user, unless longer retention is needed for legal or dispute reasons. |
| Marketing suppression records | As long as necessary to respect your opt-out. |
| Server, security and diagnostic logs | Usually up to 30 days, unless needed longer for security, fraud, legal or investigation purposes. |
| Account and booking records | For the life of the account and then for a reasonable period needed for legal, tax, accounting, fraud prevention and dispute purposes. |
| Payment, refund, payout and invoice records | Usually up to 7 years where required for tax, accounting or legal purposes. |
| Support, complaints and dispute records | For as long as needed to resolve the matter and protect legal rights. |
| Verification and fraud prevention records | For as long as needed to protect platform integrity, meet legal/payment requirements, resolve disputes and prevent repeat misuse. |
15. Your Rights Under UK GDPR
Depending on the circumstances, you may have the right to be informed, access your data, rectify inaccurate data, erase data, restrict processing, data portability, object to processing including direct marketing, withdraw consent, and not be subject to certain solely automated decisions with legal or similarly significant effects.
To exercise rights, contact contact@ventir.app. We may need to verify your identity before responding. We will usually respond within one month unless the law allows longer for complex requests.
You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk, 0303 123 1113, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
16. Automated Decision-Making and Profiling
We do not currently make decisions based solely on automated processing that produce legal or similarly significant effects for waitlist users.
When Marketplace Features launch, we may use automated or semi-automated tools to help detect fraud, suspicious bookings, payment risk, sanctions risk, abusive behaviour or security threats. Where such processing has a significant effect and the law requires it, we will provide appropriate information and rights of review.
17. How We Protect Personal Data
We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These may include HTTPS encryption in transit, access controls, role-based restrictions, database security controls such as row-level security where configured, restricted service credentials, password hashing or encryption where used, logging, monitoring, abuse prevention and periodic review of security practices.
No system is completely secure. If a personal data breach occurs and it is likely to result in a risk to individuals’ rights and freedoms, we will notify the ICO where required within 72 hours of becoming aware of it and will inform affected individuals where required without undue delay.
18. Your Responsibilities
You are responsible for providing accurate information, keeping account credentials secure, using the Service lawfully and not submitting unnecessary sensitive personal data. If you provide personal data about another person, you must have a lawful basis or proper permission to do so.
19. Third-Party Websites and Services
The Service may contain links to third-party websites, payment pages, maps, social platforms or tools. We are not responsible for their privacy practices. You should review third-party privacy notices before providing personal data to them.
20. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date will show when it was last changed. Significant changes may be notified by email, website notice, in-app notice or another reasonable method. You should review this policy periodically, especially before using new Marketplace Features.
21. Contact Us
- Email: contact@ventir.app
- Postal address: Ventir Ltd, 3rd Floor, 86-90 Paul Street, London EC2A 4NE, United Kingdom
- Company number: 13423472
- ICO registration number: ZC134905