Privacy Policy

Circuit Technologies Ltd ("we", "us", "our") is the data controller for personal information collected through the CIRCUIT application. We take your privacy seriously and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, how we use it, and your rights regarding that data.

We collect the following categories of personal data: • Identity data — name, username, profile photo • Contact data — email address • Authentication data — if you sign in with Apple or Google, we receive a unique account identifier and your email address. Where you use Apple's "Hide My Email", this will be a private-relay address rather than your personal email. We do not receive your social-account password • Account data — account type (Artist / Venue / Promoter), biography, genre preferences, fee ranges, location • Usage data — screens visited, features used, booking and enquiry history • Device data — device type, operating system, push notification token • Payment data — ticket transaction records (card details are processed and stored by Stripe; we do not store them directly) • Payout & verification data (sellers only) — if you receive money through CIRCUIT (e.g. ticket revenue or fees), Stripe collects identity-verification (KYC) and bank-account details on our behalf to enable payouts. We store only the resulting account status, not your bank or identity documents • Referral data — if you join through an invite link or invite others, we record the connection between the referrer and the referee to apply rewards • Waitlist / early-access data — if you join our early-access waitlist, we collect your email address, the role you select (Artist / Venue / Promoter), any referral connection, and a record of your consent to be contacted, so we can update you about launch and onboard you We collect data you provide directly (when registering, updating your profile, or joining the waitlist) and automatically (through standard app analytics).

We use your personal data to: • Provide and operate the Service (contractual necessity) • Authenticate you, including via Sign in with Apple or Google • Personalise your experience, such as discovery recommendations • Send booking-related notifications, subscription-trial reminders, and system messages • Send early-access and launch updates if you joined our waitlist and opted in — you can unsubscribe at any time • Process ticket payments via Stripe, and route payouts to sellers via Stripe Connect • Operate the referral programme and apply earned rewards • Respond to support requests • Monitor and improve Service performance • Comply with legal obligations We will not use your data for automated decision-making that produces significant legal effects without your explicit consent.

We process your personal data under the following legal bases: • Performance of a contract — to create your account and provide the Service you signed up for • Legitimate interests — to improve the Service, prevent fraud, and send relevant communications • Legal obligation — to comply with applicable laws and regulatory requirements • Consent — for optional analytics, and for early-access / launch marketing emails where you opt in when joining the waitlist; you can withdraw consent at any time via the unsubscribe link in any email or by emailing privacy@circuitapp.io

We do not sell your personal data. We share data only in the following circumstances: • Service providers — Stripe (payments and seller payouts via Stripe Connect), cloud infrastructure providers, and analytics tools acting as data processors under appropriate agreements • Identity providers — when you choose Sign in with Apple or Google, those providers process the sign-in and share a unique identifier and email with us; their handling of your data is governed by their own privacy policies • Other users — your public profile information (name, bio, genres, location) is visible to other registered users in line with your privacy settings • Legal requirements — if required by law, court order, or to protect the rights and safety of Circuit Technologies Ltd and others All third-party processors are contractually required to handle your data securely and only for the purposes we specify.

You can create an account or sign in using Sign in with Apple or Google. When you do: • We receive a stable unique identifier and your email address from the provider, and your name on first sign-in only. We use these to create and secure your account • We never receive or store your Apple or Google password • If you use Apple's "Hide My Email", we only ever see the private-relay address Apple provides • For Sign in with Apple, we store a token that allows us to revoke your Apple sign-in when you delete your account — this is required by Apple • You can link or unlink Apple, Google, and a password from your account at any time in Settings → Privacy & Security, provided at least one sign-in method remains We match returning users by the provider's stable identifier, not by email alone.

We retain your personal data for as long as your account is active, plus a reasonable period thereafter in line with legal obligations. You can delete your account at any time directly in the app, under Settings → Privacy & Security → Delete account (or by emailing privacy@circuitapp.io). When you delete your account: • Your personal data is erased immediately — profile details, contact information, sign-in identities, and device tokens • Any Sign in with Apple connection is revoked with Apple • Records that other people or the law rely on — such as bookings, tickets and invoices involving other parties — are anonymised rather than deleted, so they no longer identify you while remaining valid for the counterparty and for tax records Retention specifics: • Account & profile data — erased on deletion (and in any case within 30 days) • Transaction records — retained in anonymised form for 7 years for tax and regulatory compliance • Analytics data — anonymised after 26 months

Under UK GDPR you have the following rights: • Right of access — request a copy of the personal data we hold about you • Right to rectification — ask us to correct inaccurate data • Right to erasure — request deletion of your data ("right to be forgotten") • Right to restriction — ask us to limit how we process your data • Right to data portability — receive your data in a structured, machine-readable format • Right to object — object to processing based on legitimate interests • Rights related to automated decisions — not to be subject to solely automated significant decisions To exercise any of these rights, email privacy@circuitapp.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We implement technical and organisational measures to protect your personal data, including: • Encrypted data transmission (HTTPS/TLS) • Hashed and salted password storage • Encryption at rest of sensitive provider tokens (such as the Apple token used for sign-in revocation) • Access controls and authentication for internal systems • Regular security reviews No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact support@circuitapp.io immediately.

The CIRCUIT mobile app does not use browser cookies. The CIRCUIT website uses strictly necessary cookies only (e.g. session management). We use anonymised in-app analytics to understand how users interact with features. This data cannot be used to identify you personally. You can opt out of analytics data collection at any time in Settings → Privacy & Security → Analytics opt-out.

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at legal@circuitapp.io and we will remove the account promptly.

Your data is stored on servers located in the United Kingdom and the European Economic Area. If any data is transferred outside these regions (for example, by a sub-processor), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, in line with UK GDPR requirements.

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by email. The date at the top of this page reflects when the policy was last updated.

For any privacy-related queries or to exercise your rights, contact our Data Protection team: privacy@circuitapp.io Circuit Technologies Ltd London, United Kingdom For general support: support@circuitapp.io