CouldWe
Sign InSign UpSign InSign Up
CouldWe
Sign In

Privacy Policy

Last Updated: January 14, 2026

1. Who We Are

  • Platform: CouldWe (couldwe.com)

  • Contact for Privacy Inquiries: support@couldwe.com

2. Age Requirement

You must be at least 16 years old to create an account and use CouldWe. We do not knowingly collect or process personal data from individuals under 16.

3. Data We Collect and How We Use It

Account Creation:

  • Data Collected: First name, last name (optional), email, password and country (inferred from IP).

  • Password Handling: Passwords are securely hashed by our authentication provider and are never stored in plain text.

  • Purpose: To create and maintain your account, enable authentication, and personalize your experience.

  • Legal Basis: Provision of service (contractual necessity).

Profile Information:

  • Data Collected: Profile picture (optional), location (optional), timezone, country (provided by user and/or inferred from IP).

  • Purpose: To personalize your profile, improve user experience, display relevant content, and facilitate connections with other users.

Places people often look in London. Open a site, find an event you like, then come back here to save the link.

Adam Smith Institute logo

Adam Smith Institute

Alexandra Palace logo

Alexandra Palace

Almeida Theatre logo

Almeida Theatre

Barbican logo

Barbican

Battersea Arts Centre (BAC) logo

Battersea Arts Centre (BAC)

BFI Imax logo

BFI Imax

British Academy logo

British Academy

British Museum logo

British Museum

Brixton Academy logo

Brixton Academy

Comedy Store logo

Comedy Store

Conway Hall logo

Conway Hall

Curzon logo

Curzon

Dice logo

Dice

Donmar Warehouse logo

Donmar Warehouse

Electric Ballroom logo

Electric Ballroom

Eventbrite logo

Eventbrite

Eventim Apollo logo

Eventim Apollo

Events For London logo

Events For London

Everyman logo

Everyman

Fabric logo

Fabric

Fane logo

Fane

Fever logo

Fever

Gresham College logo

Gresham College

Hampstead Theatre logo

Hampstead Theatre

How To Academy logo

How To Academy

Intelligence Squared logo

Intelligence Squared

Jazz Cafe logo

Jazz Cafe

Kiln Theatre logo

Kiln Theatre

Koko logo

Koko

Little Angel Theatre logo

Little Angel Theatre

London Coliseum logo

London Coliseum

LSE - London School of Economics logo

LSE - London School of Economics

Meetup logo

Meetup

Menier Chocolate Factory logo

Menier Chocolate Factory

Ministry of Sound logo

Ministry of Sound

Natural History Museum logo

Natural History Museum

Old Vic Theatre logo

Old Vic Theatre

OVO Arena Wembley logo

OVO Arena Wembley

Resident Advisor logo

Resident Advisor

Ronnie Scott's logo

Ronnie Scott's

RoundHouse logo

RoundHouse

Royal Academy logo

Royal Academy

Royal Ballet & Opera logo

Royal Ballet & Opera

RSA logo

RSA

Saatchi Gallery logo

Saatchi Gallery

Science Museum logo

Science Museum

Shakespeare’s Globe logo

Shakespeare’s Globe

Skiddle logo

Skiddle

Soho Theatre logo

Soho Theatre

Somerset House logo

Somerset House

SongKick logo

SongKick

Southbank logo

Southbank

Spectator logo

Spectator

Tate Museum logo

Tate Museum

The O2 logo

The O2

The Place logo

The Place

The Royal Court logo

The Royal Court

The Royal Institution logo

The Royal Institution

The Top Secret Comedy Club logo

The Top Secret Comedy Club

The Yard Theatre logo

The Yard Theatre

Timeout logo

Timeout

UnHerd logo

UnHerd

Unicorn Theatre logo

Unicorn Theatre

Union Chapel logo

Union Chapel

Up The Creek Comedy Club logo

Up The Creek Comedy Club

V&A logo

V&A

Visit London logo

Visit London

Wembley Stadium logo

Wembley Stadium

  • Location Autocomplete: If you use location search or autocomplete, we send your input to Google Places to return relevant suggestions and, in some cases, structured location details (such as place IDs and coordinates).

  • Legal Basis: Provision of service (contractual necessity).

  • Note: Profile images are stored without signed URLs, which means they may be accessible via direct link. Users should avoid uploading sensitive personal images.

    • Third-Party Sign-In (Google):

    • Data Collected: First name, last name, and email from Google, plus inferred country.

    • Purpose: To streamline the sign-up and sign-in process.

    • Legal Basis: Provision of service (contractual necessity).

    • Note: Google's OAuth is used for sign-in, and Google reCAPTCHA may be used to verify that account creation and login attempts are made by real users, helping protect against spam and abuse.

    Event creation and data processing:

    • Data collected: When you add an event, we collect the information you provide, which may include: Event title, dates, times, and recurrence, location, description and image, source URL (if added from a website)

    • Purpose: Create and display events in your lists, allow you to organise, edit, and share events, generate shared links that update as you add or change events

    • Note: If you add an event from a URL, we fetch that page (including via third-party services) and may use AI to extract titles, times, locations, and descriptions to prefill your event.

    Admin Actions and Moderation:

    • Data Collected: Minimal logs including admin user ID and action taken, flagged content snapshots, a hash of logged-in user IDs, and their timezone.

    • Purpose: To maintain platform security, monitor system performance, and ensure compliance with community guidelines.

    • Legal Basis: Legitimate interests (ensuring community integrity and compliance).

    Support Inquiries:

    • Data Collected: Name, email, and message content sent to support@couldwe.com

    • Purpose: To assist with your questions or concerns.

    • Legal Basis: Provision of service (responding to your inquiries).

    Analytics:

    • Data Collected: Limited usage data such as page views and high-level interaction metrics.

    • Purpose: To understand how the platform is used and improve performance and usability.

    • Legal Basis: Legitimate interests (improving the service).

    • Note: We use Plausible Analytics, which is designed to be privacy focused and does not use advertising cookies.

    4. Cookies and Similar Technologies

    We use cookies primarily for authentication, session management, and basic functionality. These may include cookies from Supabase and Google (if you sign in with Google).

    We also use a small number of functional cookies to remember UI preferences (such as whether certain panels are expanded).

    We may also use browser storage (such as sessionStorage) for short lived, on-device state (for example, remembering a shared URL briefly during navigation).

    4.1 Authentication & Session Cookies:

    Purpose: To keep you logged in, maintain session state, and provide secure access.
    Legal Basis: Provision of service (contractual necessity).

    5. Data Storage and Location

    We use a combination of hosting, storage, and caching services, primarily located in the UK and EU:

    • Hosting & Caching (Vercel): The Platform is hosted on Vercel, which may use a global infrastructure. We aim to deploy in regions (such as the EU) that align with our privacy commitments. Some caching may occur globally for performance.

    • Supabase (Authentication & Database): EU-West-2

    • PlanetScale (Database): EU-West-2

    • Microlink: Fetching links

    • OpenAI: Event detail extraction, description rewrite, content moderation, and screenshot-based extraction where needed

    • AWS (Storage & CloudFront CDN): UK (London) for storage where possible, global CDN for content delivery

    • AWS Rekognition (Image Safety Checks): Used to detect unsafe or prohibited content in uploaded images

    • Upstash (Redis for Caching & QStash for Email Queue): EU-West-1

    • Resend (Email Sending): Europe (Ireland)

    • Google Cloud Platform (Sign-In & reCAPTCHA): Primarily EU or US, depending on Google's infrastructure and policies.

    • Google Maps / Places (Location Services): Used for location search and enrichment.

    • Axiom (Logging): Axiom is used for dashboards and logs; data processed by Axiom may be stored within regions that Axiom operates in, and we aim to choose EU/UK where possible.

    • Sentry (Error Tracking): Sentry is used for error monitoring and debugging. It collects technical information about errors including stack traces, browser information, and user context when errors occur. Data is processed according to Sentry's data processing policies.

    • Plausible Analytics: A privacy-focused analytics service used to understand usage of the platform.

    By using the Platform, you acknowledge that your data may be transferred and stored in these regions. CDNs and global infrastructure components may temporarily handle data outside the UK/EU for performance, but core storage remains centered in EU/UK regions where possible.

    We perform regular database backups on PlanetScale to ensure data integrity and to enable recovery in case of technical issues or data loss. Backups are retained securely within the same region as the primary database (EU-West-2) and deleted in line with our standard retention policies.

    6. How Long We Keep Your Data

    We retain personal data only as long as necessary to provide our services or as required by law. Examples:

    • Event data and associated content: Until you delete it or your account is deleted

    • Admin logs: Typically stored for a limited time (e.g. ~95 days for logs)

    Once you delete your account, we remove all personal data unless retention is required for legal or moderation reasons.

    7. Your Rights

    Subject to UK GDPR, you have the right to:

    • Access your personal data

    • Request Correction of inaccurate or incomplete data

    • Request Deletion of your personal data, unless retention is required by law or legitimate interest

    • Object or Restrict certain processing

    • Data Portability, where applicable

    To exercise any of these rights, please contact support@couldwe.com. We aim to respond within 30 days. Verification may involve confirming your request via the email address associated with your account.

    8. Security Measures

    We use industry-standard security measures to protect your data, including secure hosting and access controls. While no method of transmission or storage is 100% secure, we continuously work to safeguard your information.

    9. Children's Privacy

    We do not allow users under 16 to create accounts. If you believe we have collected data from someone under 16, please contact us so we can delete it.

    10. Changes to This Privacy Policy

    As the platform evolves, we may update this Privacy Policy. The "Last Updated" date at the top reflects the latest changes. Initially, we will simply update the policy on our site. In the future, once the platform stabilizes, we may introduce more direct notifications for significant changes.

    11. Future Considerations

    If we introduce marketing or promotional communications in the future, we will seek your consent before sending such messages.

    12. Use of OpenAI for Event Content Checks

    We use OpenAI primarily to structure event details from links you submit (for example, mapping a webpage into event fields such as title, time, and location). We also use OpenAI for content moderation to help keep the platform safe. This means that event information you create may be sent to OpenAI for processing.

    Purpose:

    To extract structured event details from URLs and to detect and prevent potentially harmful or prohibited activity, such as spam, harassment, or other violations of our community guidelines.

    Legal Basis:

    Legitimate interests (keeping the platform safe and secure).

    Scope:

    Event names and descriptions, plus extracted page content from URLs you submit to help identify event details. In fallback cases, we may use a screenshot of the page for extraction.

    Data Handling:

    When you create events, we may send the content you provide and any extracted page content to OpenAI to structure it into event fields and run content checks. If your event details contain personal information (such as names, locations, or other identifiable details), this information will be transmitted to OpenAI as part of the content. This data is processed according to OpenAI's terms of service and privacy policy. We do not have control over how OpenAI may use this data internally after processing. For more information about OpenAI's moderation system, you can visit OpenAI's Moderation Guide.

    We may also use OpenAI to rewrite event details to make them clearer and more consistent. This processing follows the same privacy safeguards described above.

    By posting or creating content on CouldWe, you acknowledge that such content may be processed by OpenAI in accordance with their data processing practices. For more information on OpenAI's privacy practices, please visit OpenAI's Privacy Policy.

    13. Use of Web Risk API for Link Safety Checks

    We use a Web Risk API to check links posted in events for potential security threats such as phishing, malware, or other dangerous content. This means that when you or other users post links in events, these URLs may be sent to a third-party service for safety verification.

    Purpose:

    To protect users from potentially harmful websites and maintain platform security.

    Legal Basis:

    Legitimate interests (keeping the platform and users safe from online threats).

    Scope:

    Links added to events

    Data Handling:

    We only share the URL itself, with no additional personal data or context. The verification process is designed to minimise data processing while maintaining security.

    By posting links on CouldWe, you acknowledge that such content may be processed by our security services in accordance with their data processing practices. The Web Risk API is provided by Google, and its use is subject to Google's data processing terms. For more information about Google's Web Risk API, you can visit Google Web Risk.

    Get In Touch: For questions or concerns about this Privacy Policy or your personal data, please email us at support@couldwe.com.