1. Introduction
This Privacy Policy is provided by IN POCKET PROTECT LTD, trading as InPocketProtect® ("we", "our" or "us"), a company registered in England and Wales under company number 16744115 with registered office at 128 City Road, London, Greater London, England, EC1V 2NX.
This Privacy Policy applies to the InPocketProtect® website, mobile application, platform, account areas, support services, communications, operational tools and related services (together, the "Services").
We take your privacy seriously. This Privacy Policy explains how and why we collect, store, use and share information relating to you (your "personal data"). It also explains your rights in relation to your personal data and how to contact us or the relevant regulator if you have a complaint.
Our collection, storage, use and sharing of your personal data is regulated by law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are the controller of personal data obtained through the Services, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
2. What this policy applies to
This Privacy Policy relates to your use of the Services only.
The Services may link to, integrate with or rely on other apps, websites, APIs, software development kits, payment systems, mapping tools, cloud services or other services owned and operated by us or by trusted third parties. This currently includes certain platforms, mapping and location services used to support app functionality. Those third parties may collect and process personal data in accordance with their own privacy policies.
For privacy information relating to those third-party services, please review their privacy policies. For more information, see the section "Who we share your personal data with" below.
3. Personal data we collect about you
The personal data we collect about you depends on how you use the Services. We may collect and use the following categories of personal data:
| Category of data | In more detail |
|---|---|
| Identity and account data you input into the Services | Your name, email address, phone number, username, password or login details, company name, job title, role, team, workspace, account settings, contact preferences and any professional information you choose to provide, such as licence or role-related information where relevant. |
| Billing and subscription data | Plan type, subscription status, transaction references, renewal/cancellation information and related account administration data. At present, subscriptions and in-app purchases are processed through Apple App Store payment systems and Google Play Billing. Apple and Google process payment details under their own terms and privacy policies. We do not collect, receive or store full payment card details for app-store subscriptions or in-app purchases. We may introduce direct card payments or alternative payment methods in the future. If this happens, any additional payment information would be processed in accordance with this Privacy Policy as updated, applicable law and relevant payment-security requirements. |
| Operational data and user content | Content, files, reports, route information, recce notes, venue or residential assessments, comments, images, messages, shared materials, operational notes, support requests, feedback and any other materials you upload, create, submit or share through the Services. |
| Device, technical and usage data | Device type, operating system, browser type, app version, IP address, diagnostic data, crash logs, access times, pages viewed, actions taken, feature usage, notification preferences and similar technical information. |
| Location data | Precise or approximate location data where location-based features are used and permission is enabled. This may support features such as mapping, routing, team coordination, localised intelligence, saved locations, live operational visibility, emergency location tools and other location-based functions. |
| Device permission data | Where relevant, the mobile application may request access to device functions such as location services, camera, photo library or file storage, microphone and push notifications. You can control these permissions through your device settings. |
| Team, workspace and administrator data | Information provided by team leaders, workspace owners or account administrators, including team membership, operational role, workspace access level and information necessary to manage authorised users. |
| Enquiry, support and marketing data | Your name, email address, phone number, company details, enquiry details, feedback, support communications, marketing preferences and related communications with us. |
If you do not provide the personal data we ask for when required, it may prevent us from providing some or all of the Services to you. For example, if location permission is disabled, location-based mapping, routing, live coordination, or emergency location features may not work correctly.
We collect and use this personal data for the purposes described in the section "How and why we use your personal data" below.
4. Sensitive data
Sensitive personal data, also known as special category data, includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, data concerning health, data concerning a person’s sex life, and data concerning a person’s sexual orientation.
Criminal offence data includes information relating to criminal convictions, offences, allegations, proceedings and related security measures.
We do not intentionally request sensitive personal data or criminal offence data unless it is strictly necessary for a lawful and authorised use of the Services. Given the operational nature of the Services, users must not upload, submit or share sensitive personal data, criminal offence data or other highly sensitive information unless they have a lawful basis, appropriate authority and a genuine operational need to do so.
If you choose to submit sensitive personal data, criminal offence data or highly sensitive operational information through the Services, you are responsible for ensuring that you have the right to provide it and that doing so is lawful. Where we process such information, we will only do so where permitted by applicable law and where appropriate safeguards are in place.
5. Location services/data
The Services may request your consent or device permission to use location services in order to provide location-based features. These features may include mapping, routing, team coordination, localised intelligence updates, saved locations, live operational visibility, emergency location tools and similar functions.
Depending on your device settings, app settings and the feature being used, location data may be processed while the app is open and, where enabled and required by a feature, in the background. Your device settings allow you to control whether location access is enabled, disabled or limited.
Where team or workspace features are enabled, your location may be visible to authorised users such as team members, team leaders, workspace owners or administrators, depending on the feature settings and your account permissions.
If you do not provide consent or enable location permission, you may still be able to use parts of the Services, but location-based features may not be available or may not function correctly. You can withdraw or change location permission at any time through your device settings.
Location services may also involve third-party mapping, geolocation, routing and location-reference providers. For the iOS app, this may include Mapbox, what3words and Apple Maps as part of the mapping or front-end interface layer. For the Android app, this may include Mapbox, what3words and Google Maps as part of the mapping or front-end interface layer. Those providers may process data in accordance with their own terms and privacy policies.
6. How your personal data is collected
We collect personal data from and about you in the following ways:
- directly from you when you create an account, use the Services, contact us, submit enquiries, upload content, complete forms, provide feedback or communicate with us;
- automatically when you use the Services, including through device data, usage data, log data, diagnostics and similar technologies;
- through permissions you choose to enable on your device, such as location, camera, photo library or file storage, microphone and push notifications;
- from team leaders, workspace owners, administrators or authorised users who add you to a team, workspace or operational environment;
- from service providers that support the operation, hosting, security, billing, authentication, communications, mapping, analytics or functionality of the Services;
- through cookies and similar technologies where used on our website or related Services.
7. How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason. This may include where you have given consent, where use is necessary for a contract with you, where we must comply with a legal obligation, where use is necessary for our legitimate interests or those of a third party, or where use is necessary to protect someone’s vital interests.
A legitimate interest is when we have a business, operational, security or commercial reason to use your personal data, so long as this is not overridden by your rights and interests. Where we rely on legitimate interests, we will consider and balance our interests against your rights and interests.
The table below explains what we use your personal data for and our usual lawful basis for doing so.
| What we use your personal data for | Our reasons |
|---|---|
| Create and manage your account with us | To perform our contract with you or to take steps at your request before entering into a contract. |
| Provide, operate and maintain the Services | To perform our contract with you, including providing access to the app, website, platform, account areas and related services. |
| Enable app and platform features | Depending on the feature, to perform our contract with you, for our legitimate interests in providing and improving the Services, or based on your consent where required. This includes mapping, routing, team coordination, operational reporting, shared workspaces, localised intelligence, emergency location tools and similar features. |
| Process subscriptions, payments and account administration | To perform our contract with you, comply with legal and accounting obligations, and for our legitimate interests in managing our business and Services. |
| Provide customer support and respond to enquiries | To perform our contract with you, take steps at your request before entering into a contract, comply with legal obligations where relevant, or for our legitimate interests in providing support and responding to enquiries. |
| Send service messages and important notices | To perform our contract with you, comply with legal obligations, or for our legitimate interests in keeping users informed about security, technical, account or Service-related matters. |
| Protect the security of systems, accounts and data | To comply with legal obligations and for our legitimate interests in protecting our Services, users, business, systems and data, and preventing or detecting misuse, fraud, abuse or unlawful activity. |
| Improve, test, monitor and develop the Services | For our legitimate interests in improving performance, reliability, functionality, user experience and security, provided those interests are not overridden by your rights and interests. Where required by law, we will rely on consent for non-essential analytics or similar technologies. |
| Statistical analysis and business management | For our legitimate interests in understanding Service performance, customer base, feature usage, reliability, operational demand and business efficiency. |
| Marketing communications | Where permitted by law, based on your consent or our legitimate interests. You can opt out of marketing communications at any time. |
| Enforce legal rights or defend legal claims | Depending on the circumstances, to comply with legal obligations or for our legitimate interests in protecting our business, users, rights and interests or those of others. |
| Comply with legal and regulatory obligations | To comply with our legal and regulatory obligations. |
| Share personal data in connection with a significant corporate transaction or restructuring | Depending on the circumstances, to comply with legal obligations or for our legitimate interests in protecting, realising or growing the value of our business and assets. Information will be anonymised where possible and only shared where necessary. |
See "Who we share your personal data with" for further information on the steps we take to protect your personal data where we need to share it with others.
9. App stores, payments and platform providers
At present, subscriptions and in-app purchases for the app are processed through Apple App Store payment systems and Google Play Billing. These providers process payment and subscription data in accordance with their own terms and privacy policies. We do not currently offer direct card payments through the Services.
Refunds, cancellations, billing changes and subscription management are handled through the relevant app store or platform where the subscription was purchased.
We may receive limited subscription, entitlement, account status, renewal/cancellation or transaction reference information from Apple, Google or related app-store systems so that we can provide access to the correct Services. We do not collect, receive or store full payment card details for app-store subscriptions or in-app purchases.
We may introduce direct card payments, web-based checkout or alternative payment methods in the future. If we do this, we may need to collect, receive or process additional payment information directly or through a third-party payment processor. Before such processing applies, we will update this Privacy Policy where required, explain what payment information is collected and why, and apply appropriate security and payment-processing safeguards. Users who choose to use any future direct-card payment option may be asked to provide payment details separately and/or accept updated payment terms, notices or consents where required.
11. How long your personal data will be kept
We will keep your personal data only for as long as reasonably necessary for the purposes set out in this Privacy Policy and in line with applicable data protection requirements, including the UK GDPR storage limitation principle. This means we will not keep personal data for longer than we need it for the relevant purpose.
Our retention periods may vary depending on the type of personal data, the feature used, the reason we collected it, whether your account remains active, whether deletion has been requested, and whether we need to keep records for legal, tax, accounting, security, regulatory, dispute-resolution or business administration purposes.
Account records, operational records, reports, shared workspace content, support records, security logs, diagnostics, location-related records and technical data may therefore be kept for different periods. Where a specific legal, tax, accounting or dispute-related retention period applies, we may retain relevant records for that period.
When personal data is no longer required, we will delete it, anonymise it, or securely isolate it until deletion is possible. We will review retention periods as the Services develop and where required by law.
12. Transferring your personal data out of the UK
Some of our service providers may process personal data outside the United Kingdom. This may include providers involved in hosting, infrastructure, security, app stores, subscriptions, in-app purchases, communications, mapping, analytics, diagnostics, support or other Service functionality.
Where personal data is transferred internationally, we will take appropriate steps to ensure it remains protected in accordance with applicable data protection law. This may include relying on adequacy regulations, contractual safeguards, the International Data Transfer Agreement or Addendum, standard contractual clauses, or another lawful transfer mechanism.
If you would like more information about international transfers and the safeguards used, please contact us using the details in the section "How to contact us" below.
13. Your rights
You generally have the following rights in relation to your personal data, although these rights do not apply in every situation. You can usually exercise these rights free of charge.
| Right | What this means |
|---|---|
| Access to a copy of your personal data | The right to be provided with a copy of personal data we hold about you. |
| Correction, also known as rectification | The right to require us to correct inaccurate or incomplete personal data. |
| Erasure, also known as the right to be forgotten | The right to require us to delete your personal data in certain situations. |
| Restriction of use | The right to require us to restrict use of your personal data in certain circumstances, for example if you contest the accuracy of the data. |
| Data portability | The right to receive personal data you provided to us in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations. |
| Object to use | The right to object to direct marketing at any time and, in certain situations, to our continued use of your personal data where we rely on legitimate interests. |
| Withdraw consent | The right to withdraw consent at any time where we rely on your consent. This will not affect processing carried out before consent was withdrawn. |
| Not to be subject to decisions without human involvement | The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. |
| Complain to the regulator | The right to complain to the Information Commissioner’s Office if you are unhappy with how we use your personal data. |
For further information on each of these rights, including the circumstances in which they do and do not apply, please contact us. You may also find it helpful to refer to guidance from the UK Information Commissioner’s Office.
If you would like to exercise any of your rights, please contact us using the details in the section "How to contact us" below. When contacting us, please provide enough information to identify yourself, such as your full name, username or account email address, and let us know which right you want to exercise and the personal data to which your request relates. We may need to verify your identity before acting on your request.
14. Automated decision-making
We do not use personal data collected through the Services to make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.
15. Keeping your personal data secure
We have appropriate technical and organisational measures designed to prevent personal data from being accidentally lost, used, accessed, altered or disclosed unlawfully. We limit access to personal data to those who have a genuine business need to access it.
We also have procedures in place to deal with suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
However, no system, service, device, app, website or method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
16. Cookies and similar technologies
We may use cookies and similar technologies to operate, secure, monitor and improve our website and Services. These may include strictly necessary technologies, functional technologies, analytics technologies and other non-essential technologies where enabled.
Where required by law, we will ask for your consent before using non-essential cookies or similar technologies. You can manage cookie preferences through our cookie tools and your browser settings where available.
17. Children
The Services are not directed to children and are not intended for use by anyone under the age of 18. We do not knowingly collect personal data from anyone under 18.
If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps.
18. Third-party links and services
The Services may contain links to third-party websites, services, tools or content. We are not responsible for the privacy practices, security or content of third parties. You should review their privacy policies before providing personal data to them or using their services.
19. How to complain
Please contact us if you have any questions or concerns about our use of your personal data. We would appreciate the opportunity to address your concern first.
You also have the right to lodge a complaint with the Information Commissioner’s Office, the UK regulator for data protection matters. The Information Commissioner’s Office can be contacted via its website at ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.
20. Changes to this Privacy Policy
We may change this Privacy Policy from time to time. When we make significant changes, we will take steps to inform you, for example through the Services, by email or by another appropriate method.
The latest version of this Privacy Policy will apply from the date stated at the top of the policy.
21. How to contact us
You can contact us if you have any questions about this Privacy Policy or the personal data we hold about you, to exercise a right under data protection law, or to make a complaint.
Our contact details are shown below:
- IN POCKET PROTECT LTD, trading as InPocketProtect®
- Registered office: 128 City Road, London, Greater London, England, EC1V 2NX
- Email: contact-us@inpocketprotect.com