Privacy & Cookies Policy

That's Canny (“we”, “us”) is an editorial what's-on platform for the North East of England, available at thatscanny.co.uk. The site is operated by Cameron Clark, a sole trader registered in the UK. For data protection questions, contact hello@thatscanny.co.uk.

We are a controller of any personal data we collect directly (e.g. through the newsletter signup or event submission form). For data collected via tracking technology deployed by our affiliate partners, we and the partner are joint controllers for the purposes set out in this policy.

• Newsletter signups - email address, signup date, the source page that captured you, and (when our newsletter platform is active) engagement metrics like opens and clicks. Stored by Supabase; forwarded to Beehiiv when their integration is enabled.
• Event submissions - name, email, plus the event details you provide via the form at /submit. Stored by Supabase.
• Saved-event reminders - email address only, kept until the event happens plus a short grace window.
• Site analytics & session replay (Microsoft Clarity)- we use Microsoft Clarity to capture aggregated behavioural metrics, heatmaps and session replays so we can see how the site is used and improve it. Clarity masks all sensitive content (form fields, anything in inputs) by default. See “Tracking technologies” below.
• Outbound click tracking- when you click an outbound “Get Tickets”, “Book a Table”, “Find Out More” or similar button, we record the click in our own database (a hashed IP address, user-agent string and a short anonymous tc_uid cookie) so we can report on traffic to partners.
• Affiliate tracking- the same outbound click also redirects through our partner's tracking link so they can attribute the visit. This may set a cookie on the partner's domain to record the referral.

• Legitimate interest - to operate, secure and improve the site, prevent spam on submissions, and measure performance via aggregated analytics.
• Consent - to send you the Weekender newsletter, to fire affiliate / advertising tracking, and to send notify-me alerts. You can withdraw consent at any time.
• Contract - to honour your event submission and respond to enquiries.

Microsoft Clarity.We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps and session replay - so we can understand which parts of the site work and which don't. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products / services and online activity. We also use this information for site optimisation, fraud / security purposes and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Clarity masks form inputs and sensitive content by default; it never records what you type into the search box, email fields or the event-submission form.

When you click an outbound “Get Tickets” / “Book a Table” / “Book a Stay” / “Find Out More” button on a listing, we route you via an affiliate network so the partner can record the referral and pay us a commission if you book or buy. The networks and partners we use:

• Skiddle - UK gigs, comedy, club nights. Skiddle privacy policy
• Ticketmaster (via Impact.com) - arena and major-venue ticketing. Impact.com privacy policy
• Commission Junction (CJ Affiliate) - Booking.com hotels and other advertisers. CJ may set tracking cookies on their domain to attribute the click. CJ privacy policy
• AWIN - UK retail partners (Trainline, Premier Inn, Go Ape, Virgin Experience Days, etc.). AWIN privacy policy
• TripAdvisor - restaurants, attractions, hotels. TripAdvisor privacy
• Booking.com Affiliate - hotels. Booking.com privacy
• GetYourGuide - day trips and experiences. GetYourGuide privacy

Affiliate cookies only get set when you actively click an outbound “Get Tickets” / “Book” / similar button. Browsing the site doesn't fire them. You can prevent them entirely by not clicking outbound, blocking third-party cookies in your browser, or using a privacy-focused browser extension.

We use cookies and similar storage in the following categories:

• Strictly necessary - keep your saved-events list and login session working. Stored as localStorage on your device, plus a session cookie if you are signed in. No consent required.
• Click attribution - a small anonymous identifier (tc_uid) is set when you click outbound to a partner so we can report aggregated click counts.
• Analytics & session replay - Microsoft Clarity sets first and third-party cookies (notably _clck and _clsk) for behavioural analytics, heatmaps and session replay. Clarity masks form inputs by default.
• Affiliate / advertising - set by partners (Skiddle, Impact.com, AWIN, CJ, TripAdvisor, Booking.com, GetYourGuide) on outbound clicks so the partner can attribute the referral.

You can block or delete cookies in your browser settings, or use the browser's private / incognito mode. Disabling cookies may stop saved events from persisting across sessions.

Personal data is stored on or processed by infrastructure operated by Supabase (EU / UK), Vercel (US / EU), Microsoft Clarity (US), Beehiiv (US), and Resend (US). Where data is transferred outside the UK / EEA, transfers are protected by the Standard Contractual Clauses or an equivalent UK adequacy mechanism.

• Newsletter subscribers - until you unsubscribe
• Event submissions - 24 months from submission, then anonymised
• Notify-me alert emails - until the event happens, plus 7 days
• Server access logs - 30 days

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Have your data erased (“right to be forgotten”)
• Restrict or object to processing
• Receive your data in a portable format
• Withdraw consent at any time
• Lodge a complaint with the UK Information Commissioner's Office at ico.org.uk

To exercise any of these rights, email hello@thatscanny.co.uk.

We may update this policy from time to time. The most recent version is always at this page, with the “Last reviewed” date at the top.