Privacy Policy - CountUsIn

Summary: CountUsIn takes your privacy seriously. We only collect essential information needed to provide our event management service. We use session cookies and IP addresses for security purposes, and we never sell your data to third parties.

1. Introduction

Welcome to CountUsIn. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our event RSVP management platform. By using CountUsIn, you agree to the practices described in this policy.

CountUsIn is operated from the United Kingdom and complies with UK GDPR and Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

When you create an account or use our services, we collect:

Account Information: Name, email address, and password (stored securely using industry-standard encryption)
Event Information: Event names, dates, locations, descriptions, and custom event details you create
Guest Information: Names and email addresses of guests you add or who RSVP to your events
Payment Information: When you upgrade your event, we process payments through Stripe. We do not store your full credit card details on our servers—Stripe securely handles all payment information
Communications: Messages you send through our contact forms or support ticket system

2.2 Information Automatically Collected

When you use our service, we automatically collect certain information for security and functionality purposes:

IP Address: We collect and temporarily store your IP address for security purposes, to prevent abuse and protect against brute force attacks
Device Information: To ensure compatibility and prevent session hijacking
Usage Data: Pages visited, features used, and timestamps to maintain service functionality
Session Data: Authentication tokens stored in secure session cookies

3. Cookies and Similar Technologies

3.1 Essential Cookies

We use only strictly necessary cookies to make our service work. These cookies are essential for:

Authentication: Keeping you logged in to your account
Security: Protecting against common web attacks
Session Management: Maintaining your session state as you navigate the platform

These cookies are exempt from consent requirements under UK and EU law because they are strictly necessary for the service to function.

3.2 No Tracking or Analytics Cookies

We do not currently use:

Google Analytics or similar analytics services
Advertising cookies
Social media tracking pixels
Third-party tracking technologies

If we decide to add analytics in the future, we will update this policy and implement a proper cookie consent mechanism before doing so.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

Creating and managing your account
Allowing you to create and manage events
Processing RSVPs and managing guest lists
Sending invitation emails on your behalf
Processing payments for event upgrades
Providing customer support

4.2 Security and Fraud Prevention

Rate Limiting: To maintain the security and reliability of the service, we apply rate‑limiting controls that restrict unusually high volumes of requests.
- Brute force login attempts
- Spam submissions
- Denial of service attacks
- Automated bot activity
Session Security: We apply security measures to keep your session secure and protected from unauthorized activity
Account Protection: Monitoring for suspicious activity

4.3 Communications

Sending transactional emails (account verification, password resets, RSVP notifications)
Responding to support inquiries
Sending important service updates or security alerts

We do not send marketing emails unless you explicitly opt in.

5. Data Retention

5.1 Account and Event Data

We retain your account and event data for as long as your account is active. When you delete your account, we permanently remove all associated data within 30 days.

5.2 Security Logs

Used to view users journeys through the platform

Server logs: Retained for 30 days for security monitoring, then permanently deleted

5.3 Payment Records

For compliance with financial regulations and fraud prevention, payment records are retained for 7 years as required by UK law.

6. Data Sharing and Third Parties

6.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Service Providers

We share data only with trusted service providers who help us operate our platform:

Stripe: Payment processing (see Stripe's privacy policy at stripe.com/privacy)
Email Service: Transactional email delivery (SMTP providers)
Hosting Provider: Secure server infrastructure

All service providers are contractually required to protect your data and use it only for the purposes we specify.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our legal rights.

7. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your information against unauthorised access, loss, alteration, or misuse.

All data is transmitted over encrypted connections, passwords are never stored in plain text, and payment processing is handled entirely by our trusted payment provider — we never store your card details on our servers.

We continuously review and improve our security practices to stay ahead of emerging threats. While we follow industry best practices, no system can be guaranteed to be 100% secure. In the unlikely event of a data breach that affects your rights, we will notify you as required by law.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restriction: Request that we limit how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to our processing of your data
Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at contact@countusin.online

9. Data Protection for Event Guests

If you're an event organizer using CountUsIn:

You are responsible for ensuring you have the right to collect and share guest information with us
You should inform your guests that their data will be processed by CountUsIn
You must comply with applicable data protection laws when collecting guest data

10. International Data Transfers

Your data is stored on servers located in the United Kingdom. If you are accessing our service from outside the UK, your data may be transferred to and processed in the UK, which has been recognized by the European Commission as providing adequate data protection.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email if you have an account
Display a prominent notice on our website

We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: contact@countusin.online
Website: countusin.online

We aim to respond to all privacy inquiries within 30 days.

13. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

← Back to Home