Pyngo logoPyngo

Last updated: 10 June 2026

Privacy Notice

PYNGO LTD

1. Who We Are

PYNGO LTD ("Pyngo", "we", "us", or "our") is a company registered in England and Wales (company number 14412776), with its registered office at 5th Floor, City Reach, 5 Greenwich View Place, London, England, E14 9NN.

Pyngo is a fan-powered information and community service. We provide notifications regarding the public availability of tickets, reservations, and access to events, and we host community spaces where fans exchange tips and advice. We do not sell, resell, or distribute tickets.

For any data protection queries, you can contact us at: contact@pyngo.co

2. What This Notice Covers

This Privacy Notice explains how we collect, use, store, share, and protect your personal data when you visit our website at https://pyngo.co (the "Website"), use our mobile application (the "App"), interact with our community on Discord, or otherwise engage with our services (collectively, the "Service").

This Notice applies to all visitors, subscribers, and community members. By using the Service, you acknowledge that you have read and understood this Notice. For further information, you can refer to our Pyngo Terms of Service.

3. Personal Data We Collect

We collect personal data in the following ways:

3.1 Information You Provide Directly

When you register for the Service, interact with our community, or contact us, you may provide:

  • Your name and email address
  • Account credentials (username and password, stored in hashed form)
  • Your event tracking preferences (which events or categories you wish to follow)
  • Payment information (processed and stored securely by our payment processor Stripe; we do not store your full card details)
  • Communications you send to us (support queries, feedback)
  • Content you post in community channels on Discord

3.2 Information We Collect Automatically

When you use the Website or App, we automatically collect certain technical data:

  • Device type, operating system, and browser type
  • IP address (anonymised for analytics purposes)
  • Pages viewed, time spent, and interaction patterns on the Website
  • Push notification token issued by your device operating system (an APNs token on Apple devices, an FCM token on Android devices). This is a technical identifier used solely to route alerts to your device and does not by itself identify you personally.
  • Referral source (how you arrived at our Website)
  • Approximate geographic region (derived from IP address, not precise location)

Website analytics configuration. On the Website we configure PostHog (EU region) so that we do not use session replay in our default setup, and we do not rely on automatic capture of all page views or all clicks to build a general browsing history in the way some analytics tools do. Instead, we send explicit events defined in our code. For signed-in users we may use a pseudonymous account identifier within PostHog. We do not send your email address to PostHog for identification.

The detail of what is collected under "essential service cookies" compared to "accept all" is explained in our Cookie Policy. You can change your preferences using the Cookie Preferences controls described there.

3.3 Information from Third Parties

Stripe: Our payment processor may share limited transaction data with us (such as payment status and the last four digits of your payment method) to manage your subscription.

Discord: If you join our community channels, your Discord username and any content you post in those channels is visible to other community members and to us.

Discord account linking: If you choose to link your Discord account to your Pyngo account via your account dashboard, we collect your Discord user ID and Discord username through the Discord OAuth 2.0 protocol. This information is used solely to verify your Discord identity and to assign the appropriate access role in our community server. You may unlink your Discord account at any time through your account settings.

Sign in with Apple: if you choose to sign in to the mobile application using Sign in with Apple, Apple Inc. provides us with a stable user identifier and, where you elect to share it, your name and email address. If you elect Hide My Email, Apple provides us with a relay email address managed by Apple. We treat that relay address as your account email for the purposes of this Notice; messages we send to it are forwarded by Apple to your real address. You may withdraw Sign in with Apple at any time from your Apple ID settings.

Sign in with Google: if you choose to sign in to the mobile application using Sign in with Google, Google LLC provides us with your Google profile identifier, your name, and your email address as held in your Google account. You may withdraw this access at any time from your Google account permissions page.

4. How We Use Your Personal Data

We use your personal data for the purposes set out below, together with the lawful basis under UK GDPR:

  • To create and manage your account. Lawful basis: Performance of our contract with you (Article 6(1)(b)).
  • To deliver notifications about ticket availability based on your preferences. Lawful basis: Performance of our contract with you (Article 6(1)(b)).
  • To process your subscription payments. Lawful basis: Performance of our contract with you (Article 6(1)(b)).
  • To send you service-related communications (for example, changes to our terms, renewal reminders). Lawful basis: Performance of our contract with you (Article 6(1)(b)).
  • To provide and moderate our community channels. Lawful basis: Legitimate interests (Article 6(1)(f)), specifically maintaining a safe and helpful community.
  • To analyse how the Service is used and to improve the Service. Lawful basis: Legitimate interests (Article 6(1)(f)), specifically improving and developing our Service.
  • To detect and prevent fraud, abuse, or misuse of the Service. Lawful basis: Legitimate interests (Article 6(1)(f)), specifically protecting our business, our subscribers, and the integrity of the Service.
  • To comply with legal obligations. Lawful basis: Legal obligation (Article 6(1)(c)).
  • To send you optional marketing communications (only with your consent). Lawful basis: Consent (Article 6(1)(a)).
  • To operate analytics that is strictly limited to essential service delivery and troubleshooting (where you have chosen essential service cookies). Lawful basis: Consent (Article 6(1)(a)), obtained through our cookie preferences, and in some cases performance of our contract with you (Article 6(1)(b)) where processing is objectively necessary to provide the Service you request.
  • To provide additional product insights (where you have chosen accept all). Lawful basis: Consent (Article 6(1)(a)), obtained through our cookie preferences.

Where we rely on legitimate interests, we have conducted a balancing test and are satisfied that our interests do not override your rights and freedoms. You may request a copy of our Legitimate Interests Assessment by contacting us.

If any earlier reference to analysing how the Service is used overlaps with PostHog analytics that relies on your cookie consent, the lawful basis for that specific processing is consent as described above, unless another basis clearly applies to a separate activity.

5. Information About Events and Ticket Availability

Our Service involves gathering and presenting publicly available information about ticket availability for events. This information relates to events, venues, dates, prices, and availability status. This is not personal data. It is factual information about third-party products and services that is accessible to any member of the public.

We present this information to our subscribers promptly when it appears. The purpose of the Service is to keep fans informed so they can act when availability arises, without needing to monitor multiple sources themselves.

6. Who We Share Your Data With

We share your personal data only with the following categories of recipients, and only to the extent necessary:

6.1 Service Providers

Stripe (payment processing): Stripe acts as an independent controller for payment data. Stripe's privacy policy is available at https://stripe.com/privacy.

PostHog (analytics): PostHog processes anonymised and pseudonymised usage data on our behalf to help us understand how the Service is used. PostHog acts as a data processor. PostHog's privacy policy is available at https://posthog.com/privacy. We configure PostHog processing for EU data residency as described in our Cookie Policy.

OpenAI (AI-assisted support chat): When you use the AI-assisted support chat feature, the content of your messages is transmitted to OpenAI, LLC, which processes it on our behalf to generate a response. OpenAI acts as a data processor. OpenAI is based in the United States; transfers are covered by OpenAI's Data Processing Addendum and the UK International Data Transfer Agreement (UK IDTA) under section 119A of the Data Protection Act 2018. OpenAI's privacy policy is available at https://openai.com/privacy.

Push notification delivery providers: We use a third-party service to deliver push alerts to your mobile device. This provider processes your push notification token, a technical device identifier issued by your device operating system, to route alerts to your device. It acts as a data processor. Transfers outside the United Kingdom are covered by Standard Contractual Clauses.

Apple Push Notification service (APNs): Apple Inc. is the push delivery provider for our iOS application. APNs processes your APNs token to route alerts to your iOS device. Apple's privacy policy is available at https://www.apple.com/legal/privacy.

Firebase Cloud Messaging (FCM): Google LLC is the push delivery provider for our Android application. FCM processes your FCM token to route alerts to your Android device. Google's privacy policy is available at https://policies.google.com/privacy. Transfers outside the United Kingdom are covered by Google's Data Processing Addendum and Standard Contractual Clauses.

Cloud hosting and content delivery providers: Our website is served through a cloud hosting and content delivery network provider. This provider processes IP addresses and HTTP request metadata as an inherent part of serving web pages securely over the internet. It acts as a data processor. Transfers outside the United Kingdom are covered by Standard Contractual Clauses.

Supabase (infrastructure and database hosting): Supabase hosts our application data securely. Supabase acts as a data processor.

Render (hosting): Render provides the server infrastructure for the Service. Render acts as a data processor.

Discord (community platform): When you join our Discord community, your interactions are governed by Discord's own terms and privacy policy. Discord acts as an independent controller for data processed on its platform.

6.2 Legal and Regulatory

We may disclose your personal data if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

We do not sell your personal data. We do not share your personal data with advertisers.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, including the United States (where some of our service providers are based). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner, the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs, and transfers to countries recognised by the UK as providing adequate protection.

You may request a copy of the relevant safeguards by contacting us.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Notice:

Account data: Retained for the duration of your subscription and for up to 12 months after cancellation, unless you request earlier deletion.

Payment records: Retained for up to 7 years after the relevant transaction, as required by UK tax and accounting laws.

Analytics data: Anonymised analytics data is retained indefinitely as it does not constitute personal data.

Community content: Content posted on Discord is governed by Discord's retention policies. We do not separately store copies of your Discord messages.

Support communications: Retained for up to 24 months after the query is resolved.

AI chat session history: Conversation history from the AI-assisted support chat is retained on our servers for up to thirty days from the date of the conversation, after which it is automatically deleted. A copy of recent session history is also stored locally on your device by the mobile application to allow you to revisit recent exchanges offline. You can clear the local copy at any time from within the chat interface, and the local copy is removed automatically when you sign out or uninstall the application.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access. You can request a copy of the personal data we hold about you.
  • Right to rectification. You can request that we correct any inaccurate or incomplete data.
  • Right to erasure. You can request that we delete your personal data, subject to any legal obligations we must comply with. You may send a deletion request to contact@pyngo.co from the email address associated with your account. The mobile application directs you to the same Website route. Account deletion cancels any active subscription, removes your account record and tracked events, and triggers anonymisation or deletion of associated data in line with Section 8. We will action the request within thirty days. Records we are required to retain by law (for example payment records under tax legislation) are retained for the relevant statutory period and then deleted.
  • Right to restrict processing. You can request that we limit how we use your data in certain circumstances.
  • Right to data portability. You can request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object. You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent. Where we process data based on your consent, you can withdraw that consent at any time.
  • Right to lodge a complaint. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk if you believe your data protection rights have been infringed.

To exercise any of these rights, please contact us at contact@pyngo.co. We will respond within one month of receiving your request, as required by law.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), secure hashed storage of passwords, access controls limiting who within our organisation can access personal data, and regular review of our security practices.

No method of transmission or storage is completely secure. If you become aware of any security issues, please contact us immediately.

11. Children

The Service is not directed at individuals under the age of 18. The mobile application presents an age confirmation step at first sign-in. Where a user confirms they are aged under 18, the session is not established. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will suspend the account and delete the data within thirty days. If you believe a child has provided us with personal data, please contact us at contact@pyngo.co

12. Changes to This Notice

We may update this Privacy Notice from time to time. Where changes are material, we will notify you by email or through the Service before the changes take effect. The "Last updated" date at the top of this Notice indicates when it was most recently revised.

13. Contact Us

If you have any questions about this Privacy Notice or our data practices, please contact:

PYNGO LTD Data Protection Queries 5th Floor, City Reach, 5 Greenwich View Place London, England, E14 9NN Email: contact@pyngo.co