Privacy Policy

1. Who this policy covers

This policy applies when you visit our public pages, create an account, use one of our application surfaces, buy products or bookings, join a community or referral programme, submit forms, contact support, interact with AI-powered features, or otherwise use services operated through Company Four, a platform operated by Company IV Ltd.

Some areas of the platform may be presented under a specific application or brand. In those cases, Company Four may act as the platform operator while the relevant brand, merchant, community, or organiser may also act as a controller or business for the data collected in that experience.

2. Information we collect

• Identity and contact data such as your name, email address, mobile number, country, and account profile details.
• Authentication and security data such as hashed credentials, login and session state, invitation status, verification state, and token-based access records.
• Application and account data such as team memberships, brand or application context, saved preferences, navigation state, and settings connected to your account.
• Commerce data such as basket contents, orders, subscriptions, discounts, invoices, payment status, refunds, and fulfilment history.
• Booking and experience data such as reservations, attendees, tickets, time slots, availability selections, and order-linked booking information.
• Community and growth data such as memberships, rewards, redemptions, referral participation, share codes, attribution events, and terms acceptance where a programme requires it.
• Support and communication data such as tickets, messages, uploaded details, notification delivery metadata, and template-driven support form responses.
• Content and feedback data such as reviews, survey responses, form submissions, uploaded assets, and data you choose to include in free-text fields.
• Device and usage data such as IP address, browser type, pages viewed, interaction timing, and consent preferences, including analytics or marketing choices where enabled.
• Wallet, ticketing, or access-pass data where we issue digital passes or access credentials tied to your account or purchase.

3. How we collect information

• Directly from you when you register, check out, submit a form, request support, join a programme, or contact us.
• Automatically when you browse the platform, subject to the cookie and tracking choices you make.
• From connected brands, organisers, merchants, payment providers, or identity providers when they need to complete a transaction or authenticate you.
• From referrals, invitations, or programme flows when you join via a share link, invite, or campaign attribution path.

4. Why we use personal data

• To create and maintain your account, authenticate you, and keep services secure.
• To process purchases, bookings, subscriptions, payments, refunds, access issuance, and fulfilment.
• To operate communities, rewards, referrals, promotions, and programme-specific participation rules.
• To provide support, respond to legal or data requests, and communicate about your account or activity.
• To improve the platform, understand feature usage, diagnose issues, and plan future releases.
• To send service communications and, where allowed, marketing or campaign messages through channels such as email, SMS, WhatsApp, or Telegram.
• To power AI-assisted or automated workflows that help generate, route, summarise, or organise content and operational tasks.
• To comply with law, enforce our terms, prevent misuse, and protect Company Four, our users, and our partners.

5. Payments and financial information

Payments are processed through third-party providers, including Stripe. We generally store payment status, transaction references, order records, and limited billing context needed for operations, support, and accounting. We do not intend to store full card numbers or full card security details on our own servers.

6. AI, automation, and generated content

Some parts of the platform include AI, agent, or automation features. Depending on the feature, prompts, outputs, task instructions, structured inputs, or operational metadata may be processed to deliver the requested workflow. We aim to limit unnecessary personal data in these systems, but users should avoid entering highly sensitive information into AI features unless the relevant workflow clearly requires it.

7. Cookies and similar technologies

We use essential cookies and may use optional analytics and marketing cookies or similar technologies. The current consent controls in the platform distinguish between essential functionality, analytics, and marketing preferences. More detail is set out in our Cookie Policy.

8. When we share data

• With brands, merchants, organisers, or communities when needed to provide the service you are using.
• With payment, hosting, messaging, authentication, analytics, customer support, or infrastructure providers acting on our behalf.
• With delivery and notification partners when sending operational or opted-in communications.
• With legal or regulatory authorities when required by law or to protect rights, safety, or platform integrity.
• As part of a merger, financing, acquisition, restructuring, or asset sale, subject to appropriate confidentiality steps.

9. Data retention

We keep personal data only for as long as reasonably necessary for the purpose it was collected, including to maintain accounts, complete transactions, resolve disputes, investigate misuse, honour legal obligations under laws including UK data protection, tax, accounting, and consumer protection requirements, and keep required business records. Different data categories may be kept for different periods depending on operational, accounting, fraud-prevention, and compliance needs.

10. Security

We use practical technical and organisational measures intended to protect personal data, such as access controls, authentication safeguards, service-level permissions, and provider-based security tooling. No system is completely risk free, so we cannot promise absolute security.

11. International use

Company Four may use providers, infrastructure, or team members in more than one country. By using the platform, you understand that data may be processed in jurisdictions other than your own, subject to reasonable safeguards we put in place.

12. Your choices and requests

• You can manage optional cookie preferences through the cookie banner or later consent controls where available.
• You can request access to or deletion of certain personal data through the Request My Data form.
• You may also contact support for account, privacy, or misuse concerns.
• We may need to verify your identity before actioning a request. If you are in the UK, you may also have rights under the UK GDPR and the Data Protection Act 2018, including rights to access, correct, erase, restrict, object to certain processing, and where applicable request portability.

13. Complaints

If you have concerns about how we handle personal data, please contact us first so we can try to resolve the issue. If you are in the United Kingdom, you may also have the right to complain to the Information Commissioner's Office (ICO).

14. Children

The platform is not intentionally directed at children unless a specific service states otherwise. If you believe a child has provided personal data to us without appropriate authority, contact us so we can review and take suitable action.

15. Changes to this policy

We may update this policy as the platform develops, especially as data flows, processors, jurisdictions, and brand relationships become more formalised. We will post the updated version on this page and update the page when material changes are made.