Privacy Policy

Circuit (meetcircuit.com) is operated from London, UK. We provide attendance tracking infrastructure for recurring cultural events.

All production data is stored in London, UK (AWS eu-west-2) via Neon PostgreSQL.

Circuit and event organisers act as joint controllers under GDPR Article 26 for attendance data collected via check-in. Circuit provides the infrastructure (hardware and software). The organiser determines the purpose (attendance tracking for their events). Both parties’ decisions are necessary for the processing to occur. A joint controller agreement governs the allocation of responsibilities between Circuit and each organiser.

Circuit acts as Data Controller for guest profile data — the optional profile that guests may create to view their attendance history.

Cross-venue recognition (where your attendance is visible to multiple organisers) requires your separate, explicit consent. This consent is independent of your RSVP consent and can be withdrawn at any time.

Legal basis for processing: contract performance (organiser service), legitimate interest (service operation, security), and consent (marketing, profile features, cross-venue recognition, Who’s Here).

Guest data

Collected by the organiser via Circuit:

• Name, email address
• Phone number (optional)
• Social media link (optional)
• Attendance records: which events you attended, when, and the check-in source
• RSVP responses
• Check-in method (door, self, walk-in, NFC tap, webhook)

Organiser data

• Name, email address
• Password (stored as a bcrypt hash — we cannot read your password)
• Billing information (processed by Stripe — we do not store card numbers)
• API credentials (for enterprise tier)

Automatic data

• IP address and User-Agent string (logged in audit records for security)
• Cookies (see Cookies section below)

Derived data

Visit counts, streak calculations, core member status, and retention metrics — all computed from attendance records.

• Event management: Check-in, RSVP processing, attendance recording.
• Recognition: Factual attendance emails sent to guests after events (via Resend).
• Analytics: Retention metrics, return rates, core member identification — shown to the organiser.
• AI features: Natural language insight queries and recognition email composition processed by Anthropic (Claude). Data is scoped to the organiser’s tenant only. Queries and responses are logged.
• Billing: Subscription and credit purchases processed by Stripe.
• Marketing sync: If the organiser enables Klaviyo integration, guest attendance properties (visit count, last event, guest status) are synced to Klaviyo for the organiser’s marketing purposes.
• Security: Rate limiting (via Upstash Redis), audit logging, abuse prevention.

• Neon (EU — London)
  PostgreSQL database hosting. All Circuit data is stored here.
• Vercel (US)
  Application hosting and edge functions. Processes HTTP requests.
• Stripe (US)
  Payment processing. Receives organiser billing data. PCI-DSS compliant.
• Resend (US)
  Transactional email delivery. Receives guest email addresses and event details for recognition and reminder emails.
• Anthropic (US)
  AI processing. Receives organiser-scoped guest data for insight queries and recognition email composition.
• Klaviyo (US)
  Marketing automation. Receives guest attendance properties only when the organiser explicitly enables Klaviyo integration.
• Upstash (EU)
  Redis-based rate limiting. Stores hashed request identifiers only — no personal data.

Production data is stored in the EU (London, UK).

US-based processors (Vercel, Stripe, Resend, Anthropic, Klaviyo) operate under Standard Contractual Clauses (SCCs) or equivalent safeguards.

We do not transfer data outside the EU/US corridor.

• circuit_guest
  Stores your guest profile identifier. Persistent, approximately 60 days. Used to recognise you across events without requiring a password.
• Session cookie
  Used for organiser login (Auth.js). Expires when you log out or after the session period.

We do not use third-party tracking cookies. We do not use analytics cookies. We do not run advertising scripts.

Under the UK GDPR and EU GDPR, you have the right to:

• Access: View your data at meetcircuit.com/me or request a full export (JSON format) via your profile page.
• Portability: Download all your attendance records and profile data.
• Rectification: Update your name, email, or profile details at any time.
• Erasure: Request deletion of your profile. This anonymises your attendance records. Your name is replaced with “Anonymised Guest” and your email is permanently removed. Attendance timestamps are retained for the organiser’s aggregate metrics but are no longer linked to your identity.
• Withdraw consent: Unsubscribe from emails via the link in any Circuit email. Opt out of profile features or Who’s Here at any time.
• Object: Contact privacy@meetcircuit.com to object to any processing.
• Complain: You may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint/

• Guest records: Retained while the organiser’s account is active. Guests with no attendance in the past 12 months are automatically anonymised.
• Organiser accounts: Retained until the organiser deletes their account. On deletion, all events, guests, attendance records, and associated data are permanently removed.
• Audit logs: Retained indefinitely for security and compliance purposes.
• Email records: Delivery records retained as an audit trail. Pending emails are deleted if a guest unsubscribes or requests erasure.
• Attendance records: Retained for as long as the associated event exists.

This feature allows guests to make themselves visible to other attendees at a specific event.

Visibility is opt-in and lasts for 24 hours from the time of check-in. You can withdraw your visibility at any time.

Only your name and avatar (if set) are shown. Your email and attendance history are never visible to other guests.

Enterprise API responses can be configured to return hashed email addresses (SHA-256) instead of plaintext, providing an additional privacy layer.

Outbound webhooks are signed with a customer-provided secret for integrity verification.

All API access is logged in audit records, including the requesting IP address and API key identifier.

Circuit uses Anthropic (Claude) to provide natural language insight queries, recognition email composition, and report narration.

AI processing is scoped to the organiser’s own data. Guest information from other organisers is never included.

All queries, generated SQL, and AI responses are logged in Circuit’s database for audit and debugging purposes.

Anthropic processes data under their data processing terms. Data sent to Anthropic is not used to train their models.

• Encryption at rest: AES-256
• Encryption in transit: TLS 1.3
• Password storage: bcrypt hashing
• Database access: Row-level security (RLS) enforced per organiser on all core tables
• Rate limiting: Upstash Redis with in-memory fallback
• Audit logging: All data access, exports, and administrative actions are recorded with IP address, timestamp, and actor identity

Organisers are Data Controllers for the guest data they collect through Circuit.

Organisers must ensure they have a lawful basis for collecting guest email addresses and attendance data (typically: contract performance or legitimate interest).

Organisers should inform their guests that attendance is recorded via Circuit and direct them to this privacy policy.

If an organiser receives a data subject access request from a guest, Circuit will assist in fulfilling it.

Circuit is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.

We may update this policy. Material changes will be communicated via email to organisers and posted on this page at least 30 days before they take effect.

The “Last updated” date at the top of this page indicates when the policy was last revised.