Privacy Policy

• Account information: name, email address, date of birth, phone number, university/student status.
• Payment data: handled by Stripe (and where relevant, PayPal). We do not store full card numbers.
• Usage data: in-app actions (e.g. opening the app, viewing an offer, redeeming a discount) used to improve the service and surface relevant offers.
• Location data:precise location only when you grant permission and only to power features like “venues near me” and the venue map. We do not track your location in the background.
• Communications: support emails and messages you send us.

• To provide and operate the Wild Card service.
• To verify student eligibility.
• To process payments for membership.
• To improve the app, the offer mix and the user experience.
• To send you transactional messages (e.g. receipts, account notices).
• With your consent, to send marketing about new offers, partners and city launches.

We will never sell your personal data. We share limited data only with the following categories of service providers, under contract and only as necessary:

• Payment processors (Stripe; PayPal where applicable).
• Cloud hosting and infrastructure providers.
• Crash- and error-reporting services to keep the app stable (these receive technical diagnostics, not your personal identifiers, where possible).
• Email delivery providers for transactional and marketing email.
• Partner venues only see information they need to validate a redemption (e.g. that you hold a valid membership).

We use cookies and similar technologies for three purposes:

• Strictly necessary: to log you in, remember your preferences, and keep the service running.
• Performance: to understand aggregate usage and improve the product.
• Marketing: only with your consent — to measure the success of campaigns and target relevant offers.

We keep personal data only as long as we need it to provide the service, comply with our legal obligations, resolve disputes and enforce our agreements. When you close your account we delete or anonymise data within 90 days, except where law requires us to retain it longer (e.g. for tax records).

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Ask us to correct anything that is wrong.
• Ask us to delete your data (subject to legal exceptions).
• Withdraw consent for marketing communications at any time.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email info@thewildcard.uk.

All payments are processed over encrypted connections via Stripe or PayPal. We use industry-standard transport encryption (TLS 1.2+) for all traffic between the app, the website and our servers, and we encrypt personal data at rest where practical.

Some of our service providers (e.g. hosting and email) may process your data outside the UK. Where they do, we use legally recognised safeguards such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

We may update this policy. When we do, the “last updated” date at the top of this page will change. If the changes are material we will also notify you by email or in-app.

For any privacy question or to exercise your rights, contact our Data Protection Officer at info@thewildcard.uk.