The Social Experiment
Effective Date: 10 September 2025
This Privacy Policy explains how Social Platforms Inc. ("we", "us", "our") collects, uses, and protects your personal data when you use The Social Experiment platform and services ("Services"). This policy complies with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
Data Controller: Social Platforms Inc.
Contact: boris@socialexperiment.app
Data Protection Officer: boris@socialexperiment.app
Account Information:
Full name, email address, date of birth, university affiliation, student verification documents, profile photo, bio, and contact preferences.
Payment Information:
Payment data is processed by Stripe Connect Express. We do not store your payment card details. We receive transaction confirmations and may store billing addresses for invoicing purposes.
Event Data:
Events you create or attend, ticket purchases, event check-ins, reviews, and communications related to events.
Platform Activity:
Posts, comments, messages, connections with other users, and interactions with content.
Technical Information:
IP address, device type, operating system, browser type, app version, unique device identifiers, and usage analytics.
Location Data:
Approximate location from IP address and precise location only if you grant explicit permission for location-based features.
Communications:
Messages you send through our platform, support inquiries, and emails we exchange.
Contract Performance: Processing necessary to provide our Services, including account management, event ticketing, payment processing, and platform functionality.
Legitimate Interest: Improving our Services, security and fraud prevention, analytics, customer support, and marketing to existing users (with opt-out options).
Consent: Location data, optional marketing communications, contact imports, and certain analytics cookies.
Legal Obligation: Compliance with financial regulations, tax requirements, and law enforcement requests where legally required.
• Provide and operate our platform and Services
• Process ticket sales and payments through Stripe Connect Express
• Verify student status and university affiliation
• Enable communication between users and event organizers
• Personalize your experience and recommend relevant events
• Ensure platform security and prevent fraud
• Provide customer support and respond to inquiries
• Comply with legal obligations and protect our rights
• Analyze usage patterns to improve our Services
• Send important service updates and, with your consent, promotional communications
Stripe Connect Express:
Payment processing, identity verification, and fraud prevention. Stripe handles payment data according to their privacy policy and PCI DSS standards.
Other Platform Users:
Your profile information, event attendance, and public content are visible to other users as part of the platform's social features.
Service Providers:
Cloud hosting, analytics, email services, and customer support tools. All providers are bound by data processing agreements.
Legal Requirements:
We may disclose data when required by law, court order, or to protect our rights and safety.
Business Transfers:
In the event of a merger, acquisition, or sale, your data may be transferred to the new entity, subject to the same privacy protections.
We do not sell your personal data to third parties.
Transfer Safeguards: Your personal data may be processed outside the UK in countries that may not have equivalent data protection laws. We ensure appropriate safeguards through:
• Standard Contractual Clauses approved by the UK Information Commissioner's Office
• Data processing agreements with all third-party providers
• Regular reviews of data protection measures
Primary Locations: Our data is primarily processed in the UK and EU, with some services provided by processors in the United States under appropriate transfer mechanisms.
Account Data: Retained while your account is active and for 3 months after deletion to allow account recovery.
Transaction Records: Retained for 7 years to comply with UK financial record-keeping requirements.
Event Data: Retained for 2 years after event completion for operational and safety purposes.
Communications: Customer support communications retained for 3 years; platform messages retained while accounts are active.
Technical Logs: Server logs and analytics data retained for 13 months for security and platform improvement.
Deletion Process: When retention periods expire, data is securely deleted using industry-standard methods.
Right of Access: Request a copy of your personal data and information about how we process it.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure: Request deletion of your personal data in certain circumstances.
Right to Restrict Processing: Request limitation of how we process your data in specific situations.
Right to Data Portability: Request your data in a machine-readable format for transfer to another service.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Withdraw consent at any time for processing based on consent.
Right to Complain: Lodge a complaint with the Information Commissioner's Office (ICO) if you believe we've mishandled your data.
How to Exercise Your Rights: Contact us at boris@socialexperiment.app. We will respond within one month and may require identity verification.
Technical Measures: We use encryption in transit (TLS 1.3) and at rest (AES-256), secure servers, and regular security assessments.
Access Controls: Strict access controls, multi-factor authentication, and regular access reviews for our team members.
Payment Security: Payment data is handled by Stripe, which maintains PCI DSS Level 1 compliance, the highest level of payment security certification.
Monitoring: Continuous monitoring for security threats and regular penetration testing.
Incident Response: We have procedures for detecting, investigating, and responding to data breaches, including notification to authorities and affected individuals as required by law.
Your Role: Please use a strong, unique password and report any suspicious activity on your account immediately.
Essential Cookies: Required for platform functionality, security, and your preferences. These cannot be disabled.
Analytics Cookies: Help us understand how you use our platform to improve performance and user experience. You can opt out in your account settings.
Marketing Cookies: Used to deliver relevant content and measure campaign effectiveness. Requires your explicit consent.
Third-Party Cookies: Some features may use cookies from Stripe or other service providers as outlined in their privacy policies.
Cookie Management: You can manage cookie preferences through your browser settings or our cookie preference center in the app.
Our Services are not intended for anyone under 18 years of age. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it promptly.
Service Communications: We may send important updates about our Services, security notices, and transactional emails related to your account and bookings.
Marketing Communications: With your consent, we may send promotional content about new features, events, and relevant opportunities. You can opt out at any time.
Event Communications: Event organizers may communicate with attendees through our platform regarding their events.
Unsubscribe: You can update your communication preferences in your account settings or use the unsubscribe link in any marketing email.
Updates: We may update this Privacy Policy to reflect changes in our practices, Services, or applicable law.
Notification: We will notify you of material changes via email or prominent notice in our app at least 30 days before changes take effect.
Version History: Previous versions of this policy are available upon request.
Continued Use: Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.
Data Controller:
Social Platforms Inc.
Privacy Inquiries:
Data Protection Officer:
UK Supervisory Authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113