Privacy Policy

Last updated: April 2026

The plain-English version

East Village Hub is independent and non-commercial. We don't sell your data and we don't track you around the web. We keep the smallest amount of information we can - email hashes for offer codes, anonymised analytics - and delete it when it stops being useful. The legal detail below spells out exactly how.

Who we are

East Village Hub is an independent community resource for residents of East Village, London (E20). It is operated under the trading name East Village Hub.

For data protection purposes, East Village Hub is the data controller. You can contact us at hello@eastvillagehub.co.uk.

What data we collect and why

Email addresses - resident offer claims

When you claim a unique resident offer code, we ask for your email address. We use it solely to:

  • Prevent the same person from claiming multiple codes for the same offer
  • Allow you to retrieve your code if you return to the page

We do not store your email address in plain text. We store a one-way cryptographic hash (SHA-256) of your email, which cannot be reversed to recover the original address. Legal basis: legitimate interest (preventing fraudulent or duplicate use of offers).

Claim and redemption records

We record the date and time a code was claimed and, if applicable, redeemed. This helps offer providers understand uptake and prevents fraudulent redemptions. Legal basis: legitimate interest.

Name, email, and message - contact form

When you use our contact form, we collect your name, email address, and message. This is forwarded to the EVH team via email. We do not retain contact form submissions beyond the email thread. Legal basis: legitimate interest (responding to your enquiry).

Name, email - community submissions

When you submit community content (events, recommendations, dog profiles, group listings, etc.), we collect your name and email address as part of the submission. This is stored in our content management system as a draft, accessible only to EVH administrators, and used to contact you if we have questions about your submission. Legal basis: legitimate interest.

My E20 resident accounts

If you create a My E20 resident account, we store the following in our database (Neon, hosted in the UK):

  • Your Netlify Identity user ID - the stable identifier used to look up your account when you sign in.
  • A one-way hash (SHA-256) of your email address - used to link your account to any previous anonymous submissions (for example, offer codes you've claimed or tracker reports you've filed) and to detect duplicate signups. The raw email is never stored alongside the hash.
  • An encrypted copy of your email address (AES-256-GCM) - used only to send you verification and digest emails. We decrypt it at the moment of sending and never store it in plaintext.
  • Your display name, building, flat number, postcode, interests, bio, and avatar URL, if you choose to provide them during onboarding or on the profile page.
  • A hash of your postcode for aggregate analytics (e.g. how many residents per sub-postcode) - the plaintext postcode is also stored for matching you to building-level content.
  • Your opt-in choices for the neighbour directory, community posting, and email digests.
  • A one-time verification token (stored as a SHA-256 hash) when you request a magic-link email - expires after 24 hours and is cleared once you verify.
  • Timestamps: account creation, last seen, verification time.

Your flat number is never exposed publicly - it stays on your profile only and is used (if at all) internally for building-level matching. Your postcode is only used to confirm E20 residency during verification. Legal basis: contract (providing the My E20 service you signed up for) and consent (for the directory opt-in and digest emails).

Patreon OAuth data (My East Village access tiers)

For My East Village membership tiers, we process Patreon OAuth identity data when you sign in. This includes your Patreon user ID, email address, full name, and current pledge tier. We use this only to resolve access level (non-patron, resident, villager, founder), apply feature permissions, and keep your account status up to date on sign-in. Legal basis: contract (providing tier-based My East Village access) and legitimate interest (preventing access mismatches).

We do not use Patreon OAuth data for advertising, profiling beyond EVH feature access, or sharing with third parties beyond our listed processors. If you request account deletion, this tier-mapping data is removed or anonymised in line with our My E20 deletion flow.

My E20 - saves, follows, and notification preferences

If you use the saves, follows, or notification features:

  • Saves (bookmarks): we store the doc type, slug, and title of each item you save.
  • Follows (subscriptions): we store the type (tracker, building, landlord, etc.) and key of each thing you follow.
  • Notification preferences: your email channel, digest frequency, and per-topic opt-ins for heating incidents, Sippi updates, parcel alerts, new offers/events, and digest topics.

This data is only ever visible to you and used to render your My E20 dashboard and build your digest emails. Legal basis: contract.

My E20 - community posting attribution

If you are a verified My E20 resident with community posting enabled, you may optionally tick a "Post this under my display name" box when submitting a Sippi parking report, parcel theft report, or similar community tracker. If you do, we store:

  • Your resident ID alongside the submission (so it appears in your "Your past submissions" dashboard).
  • Your display name alongside the submission (published wherever individual reports are shown).

This is entirely opt-in at the point of submission. Anonymous submissions remain fully supported. If you later delete your account, your display name is removed from past submissions and the resident link is cleared; the report itself stays in the public record with attribution stripped. Legal basis: consent.

My E20 - neighbour directory

If you opt in to the neighbour directory, other signed-in verified residents can see your display name, building, interests, a count of your submissions, and the month and year you joined. We never expose your email, postcode, flat number, Identity ID, or exact signup timestamp. The opt-in is off by default and can be turned off at any time from your profile page. Legal basis: consent.

My E20 - audit log

We log significant actions on your My E20 account (signup, verification, profile updates, data exports, deletion requests) to a private audit table. Entries include the action type, a short detail blob (field names only - never values), and a hashed IP for deletion requests. The audit log is retained for 24 months and is included in your data export. Legal basis: legitimate interest (account security and audit trail).

My E20 - digest emails

If you enable email digests, we send a weekly summary (Monday morning) with updates on things you follow and saved items. Digest emails are only sent if there is actual content to summarise - you will not receive empty digests. You can pause digests at any time by switching the email master toggle off in your settings. Emails are sent via Resend. Legal basis: consent.

Email - business claim requests

If you claim a business listing, we collect your name, email, and role at the business. If your claim is approved, your email is used to create a Business Portal account (via Netlify Identity). We retain this for as long as your account is active. Legal basis: contract (providing the Business Portal service you requested).

Phone snatch reports

If you submit a phone theft report, we record:

  • A one-way hash (SHA-256) of your IP address - used only to prevent the same device submitting more than one report per 24-hour period. The raw IP address is never stored.
  • The timestamp of your submission.
  • The incident date and time of day you provide.
  • The approximate location you pin on the map, rounded to approximately 11-metre precision to reduce identifiability.
  • The street or area name you optionally enter.
  • Whether you reported the incident to police (yes/no).
  • The device type you optionally select.

Reports are aggregated and displayed publicly as a heatmap of incident locations and a monthly count. No individual report is attributed to any person. All data is automatically deleted after 12 months. Legal basis: legitimate interest (providing community safety information to residents).

Heating outage reports

If you use the district heating outage report feature, we record:

  • A one-way hash (SHA-256) of your IP address - used only to prevent the same device submitting multiple reports within 30 minutes. The raw IP address is never stored.
  • The timestamp of your report.
  • The building name you optionally select or enter - this is community-sourced location context and contains no personal data.
  • Outside temperature, apparent temperature, and wind speed at the time of your report - fetched automatically from a public weather API (Open-Meteo) based on the fixed E20 location. This is environmental data only and contains no information about you.

Reports are aggregated and displayed publicly as counts, building-level performance rankings, and weather-correlated analysis. No individual report is attributed to any person. Reports are retained permanently as part of an independent performance dataset for East Village's district heating network. Legal basis: legitimate interest (providing community-sourced outage information and an independent infrastructure performance record to residents).

Sippi parking reports

If you submit a report via the Sippi Parking Tracker, we record:

  • A one-way hash (SHA-256) of your IP address - used only to prevent the same device submitting more than one report per 24-hour period. The raw IP address is never stored.
  • Your landlord, issue type, outcome, and whether a PCN was issued (and its amount, if provided).
  • An optional brief description of your experience (200 characters maximum).
  • Your explicit consent to the data being shared in aggregated, anonymised form with EVML, Sippi, Newham ward councillors, and Uma Kumaran MP.

If you optionally provide your name, email address, or postcode, these are stored separately from your report in a linked table and are never published or included in any aggregated output. They may be referenced in formal correspondence with your MP or councillor to demonstrate local impact - only with your consent as indicated at the point of submission.

Report data (excluding contact details) is aggregated and may be published on the Sippi Tracker page and formally submitted to the named recipients once threshold response counts are reached (25 and 75 responses respectively). No individual report is attributed to any person. All data is automatically deleted after 12 months. Legal basis: consent (you explicitly tick a consent checkbox before submitting).

IP address - rate limiting

We temporarily store a one-way hash of your IP address to prevent automated abuse across several features:

  • Offer claims - max 5 requests per IP per minute; record expires after 60 seconds.
  • Heating reports - one report per IP per 30 minutes; record expires after 30 minutes.
  • Phone snatch reports - one report per IP per 24 hours; record expires after 24 hours.
  • Sippi parking reports - one report per IP per 24 hours; record expires after 24 hours.
  • Parcel theft reports - max 10 reports per IP per 24 hours; record expires after 24 hours.
  • My E20 verification emails - one resend per 10 minutes per account; no IP storage beyond the audit log entry on deletion requests.

Raw IP addresses are never stored. Hashed records expire automatically and are never linked to your identity. Legal basis: legitimate interest (protecting the integrity of community reporting features).

reCAPTCHA

We use Google reCAPTCHA v3 on the offer claim form to detect automated abuse. This service may collect information about your browser and usage patterns and sends it to Google. See Google's Privacy Policy for details. Legal basis: legitimate interest.

Analytics - Google Analytics 4

If you accept cookies, we use Google Analytics 4 to collect anonymised data about how people use the site (pages visited, time on page, outbound link clicks). We do not use cross-site tracking and IP addresses are anonymised. Analytics are disabled by default and only enabled with your explicit consent. Legal basis: consent.

Analytics - Microsoft Clarity

If you accept cookies, we use Microsoft Clarity to understand how people use the site. Clarity records session replays and generates heatmaps showing where people click, scroll, and navigate. This helps us improve the site experience. Data is processed by Microsoft and may be stored outside the UK. Clarity is disabled by default and only enabled with your explicit consent. Legal basis: consent.

Cookies and browser storage

We use browser storage (cookies and localStorage) for functional purposes and, with your consent, for analytics. See our Cookie Policy for a full list.

Third parties who process data on our behalf

  • Netlify - site hosting, serverless functions, and user authentication for the Business Portal and My E20 (Netlify Identity / GoTrue). Your Identity account stores your email and a password hash managed by Netlify. Privacy policy.
  • Neon - serverless PostgreSQL database where My E20 profiles, saves, follows, notification preferences, audit logs, phone theft reports, district heating outage reports, parcel theft reports, Sippi parking reports, and offer claim records are stored. Data is hosted in the United Kingdom (AWS London). Privacy policy.
  • Sanity - content management system where community submissions and business listings are stored. Privacy policy.
  • Resend - used to forward form submissions, send admin notifications, and send My E20 verification and weekly digest emails. Privacy policy.
  • Google - reCAPTCHA (bot protection), Analytics (with consent), Maps (business location display), Fonts (typography). Privacy policy.
  • Microsoft - Clarity session recording and heatmaps (with consent). Privacy policy.

We do not sell your data to any third party, use it for advertising, or share it beyond what is described above.

How long we keep your data

  • Offer claim records - retained for the duration of the relevant offer plus 30 days, then deleted.
  • IP rate-limit records - expire automatically (60 seconds for offers, 30 minutes for heating, 24 hours for snatch reports).
  • Heating outage reports - hashed IP expires automatically after 30 minutes (rate limiting only). Timestamp, building name, and weather data (outside temperature, apparent temperature, wind speed) are retained permanently as part of an independent district heating performance dataset.
  • Phone snatch reports - all submitted data (hashed IP, incident date, time of day, location, area, device type, police flag) deleted automatically after 12 months.
  • Sippi parking reports - all submitted data (hashed IP, landlord, issue type, PCN details, outcome, description) deleted automatically after 12 months. Contact details (name, email, postcode) stored separately and also deleted after 12 months, or sooner on request.
  • Contact form submissions - retained only within the email thread; no separate database record.
  • Community submissions - retained in our CMS for as long as the content is live, or until you request deletion.
  • Business portal accounts - retained for as long as the account is active.
  • Parcel theft reports - retained for 24 months, then deleted.
  • My E20 accounts, saves, follows, and notification preferences - retained for as long as your account is active. When you delete your account, your profile is scrubbed immediately and all saves, follows, preferences, and submission links are removed.
  • Patreon OAuth identifiers used for My East Village tier mapping - retained for as long as your account is active and removed or anonymised on account deletion, unless a shorter retention period is required by law.
  • My E20 audit log - retained for 24 months. Included in your data export.
  • My E20 submission attribution - when you delete your account, any display name attached to a tracker report is stripped and the link to your account is cleared. The underlying report stays in the public record anonymously.

Your rights

Under UK GDPR you have the right to:

  • Access - request a copy of the data we hold about you
  • Erasure - request deletion of your data
  • Rectification - request correction of inaccurate data
  • Restriction - request we limit how we use your data
  • Object - object to our processing based on legitimate interest
  • Portability - request your data in a portable format (where applicable)

If you have a My E20 account you can exercise access and erasure directly from your account: use Download export in notification settings to download everything we hold about you as a JSON file, and Delete account to scrub your profile, saves, follows, preferences, and submission links. Past tracker reports you attributed to yourself stay in the public record with your name and account link removed.

To exercise any of these rights otherwise, or if you don't have a My E20 account, contact us at hello@eastvillagehub.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised.

Helpful?