Privacy Policy

1. Data controller

Vortex Innovations Limited is the data controller for personal information processed through the Tape Members App. Our registered office is at 3rd Floor, 45 Albemarle Street, London, England, W1S 4JL, and our company number is 14435337. We have not appointed a Data Protection Officer; data protection enquiries are handled by the team contactable at members@tapemembers.com.

2. Information we collect

A. Information you provide to us

• Personal information: Full name, gender, WhatsApp number, Instagram username, email, nationality, birthdate, and occupation.
• Profile information: Profile photo and membership details.
• Transaction & payment data: Payment history, billing details, and purchases made through the app (processed via Stripe; we do not store card details).
• Membership & booking information: Details related to event bookings, guest lists, tickets, reservations, table bookings, and in-app drink orders.
• Support communications: Messages you send via the in-app support chat, and any AI-generated draft replies you choose to send to us in return.

B. Information we automatically collect

• Usage data: Login times, in-app actions, and session duration.
• Device information: Device model, operating system, and app version.
• Approximate location from IP address: Used for security, fraud prevention, and diagnostics.
• Location data (optional): If enabled, we may collect your precise location for personalised services such as event recommendations.

C. Information from third parties

• Payment processor (Stripe): Transaction confirmations and fraud prevention reports.
• Identity verification (Sumsub): See Section 3.
• Firebase Analytics: User engagement data to improve app performance and features.
• Branch (attribution): When you tap a referral or share link, we receive attribution data so we can credit the referrer.

3. Identity verification (Sumsub)

We use a third-party service, Sumsub, to verify user identity when required (e.g. for high-value transactions or regulatory compliance). This may include the collection of government-issued ID documents, facial biometrics, and other identifying information.

We do not store ID documents or biometric (face) data ourselves. This data is securely stored and processed by Sumsub in accordance with their own privacy and security protocols.

Facial data disclosure (App Store Guideline 5.1.1 compliance)

• We do not retain face data ourselves.
• Facial data is collected solely for the purpose of identity verification when required by law or for high-value transaction validation.
• Face data is stored exclusively by Sumsub for the minimum time necessary to complete the verification process and for compliance with legal and financial regulations. It is not stored indefinitely.
• Face data is shared only with Sumsub. We do not share facial data with any other third parties.
• Sumsub stores face data in accordance with their retention policies and privacy practices, which comply with applicable laws and require deletion after it is no longer needed for verification purposes. For more information, please refer to Sumsub’s Privacy Policy.
• Access to verification data on our side is strictly limited to trained staff members who require it for legitimate business purposes, on a need-to-know basis under controlled and restricted access permissions.

4. How we store your information

All Tape Members App data is securely stored in Google Firebase, primarily in the europe-west2 (London) region. Firebase provides encrypted cloud storage, ensuring your personal data is protected from unauthorised access, loss, or misuse.

• Authentication & user data: Firebase Authentication and Firestore.
• Payment information: We do not store full payment card details; transactions are securely processed and tokenised via Stripe.
• Analytics & performance data: Collected via Firebase Analytics to enhance user experience.

For more details on Firebase security, see Firebase Privacy & Security.

5. International data transfers

While we store data primarily in the UK / EEA (europe-west2), some of our service providers are based outside the UK or EEA. Where personal data is transferred internationally, we rely on the following safeguards:

• Google (Firebase):Standard Contractual Clauses (SCCs) and additional safeguards covered by Google’s Data Processing Addendum.
• Stripe: Stripe Payments UK Ltd processes UK transactions. Where data is transferred to Stripe entities outside the UK / EEA, transfers are protected under SCCs and, where applicable, the EU-US Data Privacy Framework.
• Sumsub: Operates within the EEA / UK for European customers; SCCs in place for any onward transfer.
• Twilio (SMS), Resend (email), Algolia (search), Branch (attribution): SCCs and equivalent safeguards in place.

You may request a copy of these safeguards by emailing members@tapemembers.com.

6. How we use your information

• Manage membership & app features: Authenticate users, process payments, and manage bookings.
• Improve user experience: Track app performance and fix technical issues.
• Process payments: Secure transactions via Stripe, including VAT compliance.
• Marketing & notifications: Send event invites, membership updates, and exclusive offers (with your consent).
• Security & fraud prevention: Detect suspicious activity, prevent unauthorised use, and prevent the creation of duplicate accounts.
• Legal compliance: Meet UK financial, tax, and GDPR regulations.

7. Legal basis for processing

Under UK GDPR, we process your data based on:

• Contractual necessity: To manage memberships, process bookings, and complete transactions.
• Legitimate interests: To provide secure services, improve app functionality, prevent fraud, detect duplicate accounts, and personalise user experiences.
• Consent: When you enable location sharing, receive notifications, opt into marketing, or share content via referral links.
• Legal obligation: When required for fraud prevention, tax reporting, anti-money-laundering compliance, or other regulatory obligations.

You can withdraw consent at any time via app settings or by emailing members@tapemembers.com.

8. Payment information & processing

How payments are processed

All in-app transactions are securely processed via Stripe Payments UK Ltd. We collect and process:

• Billing information (name, email, transaction details).
• Payment method details (card type, last 4 digits — stored by Stripe, not us).
• Purchase history (entry fees, token purchases, table booking deposits, in-app drink orders, VAT, and receipts).

We do not store or process full payment card details. Stripe encrypts all financial transactions and complies with PCI DSS security standards. For Stripe’s full privacy policy, visit stripe.com/privacy.

Refunds & chargebacks

Refunds, where applicable, will be processed in line with our Refund Policy. If you dispute a payment (chargeback), Stripe may collect additional data to verify the claim.

How long we retain payment data

We keep transaction records for a minimum of 6 years, as required by UK tax laws. After this period, data is securely deleted unless needed for ongoing legal compliance or active disputes.

9. Data retention

Different categories of data are retained for different periods:

• Account and membership records: Retained while your account is active. After account deletion, anonymised summary records may be retained for up to 6 years for fraud prevention and regulatory purposes.
• Transaction records: 6 years (UK tax law).
• Booking history (event entries, table bookings, guest lists): Retained while your account is active and for up to 6 years thereafter for legal claims and analytics.
• Support chat logs: Retained for up to 24 months for service quality and dispute resolution.
• Marketing consents: Until withdrawn, plus a record of the consent withdrawal itself for audit purposes.
• Identity verification data (held by Sumsub): Per Sumsub’s retention policy, typically the minimum necessary for the regulatory purpose.
• Device, usage, and analytics data (Firebase Analytics): Aggregated and anonymised after 14 months by default.

When data is no longer required for any of the above purposes, it is securely deleted or irreversibly anonymised.

10. Automated decision-making

We use limited automated decision-making in the following contexts:

• Identity verification (Sumsub): For high-value transactions or regulatory compliance, your identity may be verified through automated comparison of your submitted ID documents and biometrics. You have the right to request human review of any automated identity verification decision.
• Fraud detection (Stripe): Stripe uses automated systems to flag suspicious transactions for further review.
• Duplicate account detection: We use automated checks to identify potential duplicate or fraudulent accounts. If your account is flagged in error, you may request a human review.

To request human review of any automated decision affecting you, contact members@tapemembers.com.

11. Children’s data

The Tape Members App and Tape London venue are strictly for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you become aware that a minor has provided us with personal information, please contact us at members@tapemembers.com and we will take steps to delete the information.

12. Photographs and imagery

Photographs may be taken inside the Tape London venue during events. By attending an event, you acknowledge that your image may be captured and may be used by Tape London within the Tape Members App, on our social media channels, or for legitimate operational purposes (e.g. door identification, fraud prevention). If you do not wish to have your image used in marketing material, you may contact members@tapemembers.com to request removal from public-facing surfaces.

13. How we share your information

We do not sell or rent your personal data. We may share information with the following categories of recipient:

• Payment Processor (Stripe): To securely process transactions and handle disputes.
• Identity Verification (Sumsub): For verification when required by law or for high-value transactions.
• Cloud Infrastructure (Google Firebase): For secure cloud storage, authentication, push notifications, and analytics.
• Communications Providers (Twilio, Resend): To deliver SMS and email notifications.
• Search Provider (Algolia): For in-app search functionality.
• Attribution (Branch): For referral and share-link tracking.
• Marketing & analytics services: Facebook Ads, Google Ads, and Firebase Analytics for user-engagement tracking and advertising.
• Event Promoters: Where you have been invited to Tape London by a registered promoter, we may share confirmation of your attendance (entry and/or exit) at the venue with that promoter for the legitimate purpose of managing guest bookings, club operations, and promoter accountability.
• Regulatory & legal authorities: If required for tax compliance, fraud prevention, anti-money-laundering, or legal disputes.

Your data is never shared with third parties for their independent marketing without your explicit consent. All shared data is limited to the minimum necessary and is protected by access controls and contractual safeguards.

14. Cookies and similar technologies

The Tape Members App uses limited tracking technologies for functionality and analytics:

• Authentication tokens: Required to keep you logged in.
• Device identifiers: Used by Firebase Analytics and crash reporting.
• Push notification tokens: For sending you in-app notifications (with your consent).

We do not use third-party advertising cookies inside the App. The Tape London website may use cookies — see the website’s separate cookie banner for details.

15. Your rights under UK GDPR

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request corrections to inaccurate or incomplete data.
• Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal or regulatory retention requirements. You can submit a deletion request at tapemembers.com/delete-account.
• Restriction: Limit how we use your data while a query is being resolved.
• Data portability: Receive your data in a structured, machine-readable format.
• Object to processing: Object to processing based on legitimate interests, including direct marketing.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
• Not be subject to solely automated decisions: Request human review of significant automated decisions affecting you.

You can exercise these rights via the Tape Members App settings or by emailing members@tapemembers.com. We will respond within one month, as required by UK GDPR. If your request is complex or you have made multiple requests, we may extend this period by up to two further months and will explain why.

16. How we protect your data

We take security seriously and implement industry-standard protections, including:

• Data encryption: Firebase encrypts data at rest and in transit.
• Secure access controls: Only authorised personnel can access personal data, on a need-to-know basis.
• Fraud prevention:Stripe’s security measures and our internal duplicate-account detection help prevent unauthorised payments and account misuse.
• Regular security audits: We routinely monitor and improve our security practices.
• Data breach notification:In the unlikely event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours, and notify affected users without undue delay where required by law.

If you suspect unauthorised access to your account, contact members@tapemembers.com immediately.

17. Changes to our privacy policy

We may update this Privacy Policy from time to time.

• Material changes will be communicated via email or the Tape Members App.
• Minor updates will be posted in the app settings.

The “Last updated” date at the top of this Policy reflects the most recent revision. Please check the Privacy Policy section in the app periodically for updates.

18. How to make a complaint

If you have a concern about how we handle your personal data, please contact us first at members@tapemembers.com — we’ll do our best to resolve it.

If you remain unsatisfied, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

• Information Commissioner’s Office
• Wycliffe House, Water Lane
• Wilmslow, Cheshire SK9 5AF
• Helpline: 0303 123 1113
• ico.org.uk

19. Contact us

For any questions about this Privacy Policy, data protection, or your rights:

• Email: members@tapemembers.com
• WhatsApp: +44 7916 102611