Privacy Policy - InPocketProtect®

Website-ready privacy document. This version is formatted for WordPress and keeps the uploaded policy wording intact as far as possible while applying InPocketProtect branding.

1. Introduction

This Privacy Policy is provided by IN POCKET PROTECT LTD, trading as InPocketProtect® ("we", "our" or "us"), a company registered in England and Wales under company number 16744115 with registered office at 128 City Road, London, Greater London, England, EC1V 2NX.

This Privacy Policy applies to the InPocketProtect® website, mobile application, platform, account areas, support services, communications, operational tools and related services (together, the "Services").

We take your privacy seriously. This Privacy Policy explains how and why we collect, store, use and share information relating to you (your "personal data"). It also explains your rights in relation to your personal data and how to contact us or the relevant regulator if you have a complaint.

Our collection, storage, use and sharing of your personal data is regulated by law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the controller of personal data obtained through the Services, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

2. What this policy applies to

This Privacy Policy relates to your use of the Services only.

The Services may link to, integrate with or rely on other apps, websites, APIs, software development kits, payment systems, mapping tools, cloud services or other services owned and operated by us or by trusted third parties. This currently includes certain platforms, mapping and location services used to support app functionality. Those third parties may collect and process personal data in accordance with their own privacy policies.

For privacy information relating to those third-party services, please review their privacy policies. For more information, see the section "Who we share your personal data with" below.

3. Personal data we collect about you

The personal data we collect about you depends on how you use the Services. We may collect and use the following categories of personal data:

Category of data	In more detail
Identity and account data you input into the Services	Your name, email address, phone number, username, password or login details, company name, job title, role, team, workspace, account settings, contact preferences and any professional information you choose to provide, such as licence or role-related information where relevant.
Billing and subscription data	Plan type, subscription status, transaction references, renewal/cancellation information and related account administration data. At present, subscriptions and in-app purchases are processed through Apple App Store payment systems and Google Play Billing. Apple and Google process payment details under their own terms and privacy policies. We do not collect, receive or store full payment card details for app-store subscriptions or in-app purchases. We may introduce direct card payments or alternative payment methods in the future. If this happens, any additional payment information would be processed in accordance with this Privacy Policy as updated, applicable law and relevant payment-security requirements.
Operational data and user content	Content, files, reports, route information, recce notes, venue or residential assessments, comments, images, messages, shared materials, operational notes, support requests, feedback and any other materials you upload, create, submit or share through the Services.
Device, technical and usage data	Device type, operating system, browser type, app version, IP address, diagnostic data, crash logs, access times, pages viewed, actions taken, feature usage, notification preferences and similar technical information.
Location data	Precise or approximate location data where location-based features are used and permission is enabled. This may support features such as mapping, routing, team coordination, localised intelligence, saved locations, live operational visibility, emergency location tools and other location-based functions.
Device permission data	Where relevant, the mobile application may request access to device functions such as location services, camera, photo library or file storage, microphone and push notifications. You can control these permissions through your device settings.
Team, workspace and administrator data	Information provided by team leaders, workspace owners or account administrators, including team membership, operational role, workspace access level and information necessary to manage authorised users.
Enquiry, support and marketing data	Your name, email address, phone number, company details, enquiry details, feedback, support communications, marketing preferences and related communications with us.

If you do not provide the personal data we ask for when required, it may prevent us from providing some or all of the Services to you. For example, if location permission is disabled, location-based mapping, routing, live coordination, or emergency location features may not work correctly.

We collect and use this personal data for the purposes described in the section "How and why we use your personal data" below.

4. Sensitive data

Sensitive personal data, also known as special category data, includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, data concerning health, data concerning a person’s sex life, and data concerning a person’s sexual orientation.

Criminal offence data includes information relating to criminal convictions, offences, allegations, proceedings and related security measures.

We do not intentionally request sensitive personal data or criminal offence data unless it is strictly necessary for a lawful and authorised use of the Services. Given the operational nature of the Services, users must not upload, submit or share sensitive personal data, criminal offence data or other highly sensitive information unless they have a lawful basis, appropriate authority and a genuine operational need to do so.

If you choose to submit sensitive personal data, criminal offence data or highly sensitive operational information through the Services, you are responsible for ensuring that you have the right to provide it and that doing so is lawful. Where we process such information, we will only do so where permitted by applicable law and where appropriate safeguards are in place.

5. Location services/data

The Services may request your consent or device permission to use location services in order to provide location-based features. These features may include mapping, routing, team coordination, localised intelligence updates, saved locations, live operational visibility, emergency location tools and similar functions.

Depending on your device settings, app settings and the feature being used, location data may be processed while the app is open and, where enabled and required by a feature, in the background. Your device settings allow you to control whether location access is enabled, disabled or limited.

Where team or workspace features are enabled, your location may be visible to authorised users such as team members, team leaders, workspace owners or administrators, depending on the feature settings and your account permissions.

If you do not provide consent or enable location permission, you may still be able to use parts of the Services, but location-based features may not be available or may not function correctly. You can withdraw or change location permission at any time through your device settings.

Location services may also involve third-party mapping, geolocation, routing and location-reference providers. For the iOS app, this may include Mapbox, what3words and Apple Maps as part of the mapping or front-end interface layer. For the Android app, this may include Mapbox, what3words and Google Maps as part of the mapping or front-end interface layer. Those providers may process data in accordance with their own terms and privacy policies.

6. How your personal data is collected

We collect personal data from and about you in the following ways:

directly from you when you create an account, use the Services, contact us, submit enquiries, upload content, complete forms, provide feedback or communicate with us;
automatically when you use the Services, including through device data, usage data, log data, diagnostics and similar technologies;
through permissions you choose to enable on your device, such as location, camera, photo library or file storage, microphone and push notifications;
from team leaders, workspace owners, administrators or authorised users who add you to a team, workspace or operational environment;
from service providers that support the operation, hosting, security, billing, authentication, communications, mapping, analytics or functionality of the Services;
through cookies and similar technologies where used on our website or related Services.

7. How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason. This may include where you have given consent, where use is necessary for a contract with you, where we must comply with a legal obligation, where use is necessary for our legitimate interests or those of a third party, or where use is necessary to protect someone’s vital interests.

A legitimate interest is when we have a business, operational, security or commercial reason to use your personal data, so long as this is not overridden by your rights and interests. Where we rely on legitimate interests, we will consider and balance our interests against your rights and interests.

The table below explains what we use your personal data for and our usual lawful basis for doing so.

What we use your personal data for	Our reasons
Create and manage your account with us	To perform our contract with you or to take steps at your request before entering into a contract.
Provide, operate and maintain the Services	To perform our contract with you, including providing access to the app, website, platform, account areas and related services.
Enable app and platform features	Depending on the feature, to perform our contract with you, for our legitimate interests in providing and improving the Services, or based on your consent where required. This includes mapping, routing, team coordination, operational reporting, shared workspaces, localised intelligence, emergency location tools and similar features.
Process subscriptions, payments and account administration	To perform our contract with you, comply with legal and accounting obligations, and for our legitimate interests in managing our business and Services.
Provide customer support and respond to enquiries	To perform our contract with you, take steps at your request before entering into a contract, comply with legal obligations where relevant, or for our legitimate interests in providing support and responding to enquiries.
Send service messages and important notices	To perform our contract with you, comply with legal obligations, or for our legitimate interests in keeping users informed about security, technical, account or Service-related matters.
Protect the security of systems, accounts and data	To comply with legal obligations and for our legitimate interests in protecting our Services, users, business, systems and data, and preventing or detecting misuse, fraud, abuse or unlawful activity.
Improve, test, monitor and develop the Services	For our legitimate interests in improving performance, reliability, functionality, user experience and security, provided those interests are not overridden by your rights and interests. Where required by law, we will rely on consent for non-essential analytics or similar technologies.
Statistical analysis and business management	For our legitimate interests in understanding Service performance, customer base, feature usage, reliability, operational demand and business efficiency.
Marketing communications	Where permitted by law, based on your consent or our legitimate interests. You can opt out of marketing communications at any time.
Enforce legal rights or defend legal claims	Depending on the circumstances, to comply with legal obligations or for our legitimate interests in protecting our business, users, rights and interests or those of others.
Comply with legal and regulatory obligations	To comply with our legal and regulatory obligations.
Share personal data in connection with a significant corporate transaction or restructuring	Depending on the circumstances, to comply with legal obligations or for our legitimate interests in protecting, realising or growing the value of our business and assets. Information will be anonymised where possible and only shared where necessary.

See "Who we share your personal data with" for further information on the steps we take to protect your personal data where we need to share it with others.

8. Who we share your personal data with

We may share personal data where necessary with trusted service providers and other recipients who help us run our business or provide the Services. These may include:

Some of these third parties may act as processors, meaning they process personal data on our behalf and under our instructions. Others, such as app stores, platform providers or mapping providers, may process certain data under their own terms and privacy policies. We maintain appropriate records and contractual arrangements with service providers where required by applicable data protection law.

hosting, infrastructure and cloud storage providers;
authentication, account management and security providers;
app store, subscription and in-app purchase providers, including Apple App Store payment systems and Google Play Billing where applicable;
communications, email, customer support and notification providers;
mapping, geolocation, routing and location-reference providers, including Mapbox, what3words, Apple Maps where applicable for iOS, and Google Maps where applicable for Android;
analytics, monitoring, diagnostic and crash-reporting providers;
professional advisers, auditors, insurers, lawyers and other representatives;
regulators, courts, law enforcement agencies, government authorities or other bodies where required by law;
other users, team members, workspace owners, administrators or managers where this is part of the Services and your account or workspace permissions;
a purchaser, investor, successor or acquirer in connection with a merger, acquisition, restructuring, financing, asset sale, initial public offering or insolvency event.

We only allow service providers to handle your personal data if we are satisfied that they take appropriate measures to protect it. We also impose contractual obligations on service providers so that they can only use your personal data to provide services to us and, where relevant, to you.

We do not sell your personal data. We will not share your personal data with any other third party unless this is necessary for the Services, permitted by law, required by law, or explained in this Privacy Policy.

At present, the core app functionality outside the third-party platform, app-store, mapping, location-reference and front-end mapping interface services described in this Privacy Policy is developed by us. We may add, remove or change service providers as the Services develop, and we will update this Privacy Policy where required.

9. App stores, payments and platform providers

At present, subscriptions and in-app purchases for the app are processed through Apple App Store payment systems and Google Play Billing. These providers process payment and subscription data in accordance with their own terms and privacy policies. We do not currently offer direct card payments through the Services.

Refunds, cancellations, billing changes and subscription management are handled through the relevant app store or platform where the subscription was purchased.

We may receive limited subscription, entitlement, account status, renewal/cancellation or transaction reference information from Apple, Google or related app-store systems so that we can provide access to the correct Services. We do not collect, receive or store full payment card details for app-store subscriptions or in-app purchases.

We may introduce direct card payments, web-based checkout or alternative payment methods in the future. If we do this, we may need to collect, receive or process additional payment information directly or through a third-party payment processor. Before such processing applies, we will update this Privacy Policy where required, explain what payment information is collected and why, and apply appropriate security and payment-processing safeguards. Users who choose to use any future direct-card payment option may be asked to provide payment details separately and/or accept updated payment terms, notices or consents where required.

10. User content and shared areas

Some parts of the Services may allow you to create, upload, submit or share content with other users, team members, workspace owners, administrators or other authorised users.

If you post or share information in collaborative, operational, team, workspace or forum-based areas of the Services, that information may be visible to other authorised users in line with the relevant feature settings and account permissions.

You are responsible for ensuring that any content you upload, create, submit or share through the Services is lawful, accurate where necessary, operationally appropriate and that you have the right to provide it.

11. How long your personal data will be kept

We will keep your personal data only for as long as reasonably necessary for the purposes set out in this Privacy Policy and in line with applicable data protection requirements, including the UK GDPR storage limitation principle. This means we will not keep personal data for longer than we need it for the relevant purpose.

Our retention periods may vary depending on the type of personal data, the feature used, the reason we collected it, whether your account remains active, whether deletion has been requested, and whether we need to keep records for legal, tax, accounting, security, regulatory, dispute-resolution or business administration purposes.

Account records, operational records, reports, shared workspace content, support records, security logs, diagnostics, location-related records and technical data may therefore be kept for different periods. Where a specific legal, tax, accounting or dispute-related retention period applies, we may retain relevant records for that period.

When personal data is no longer required, we will delete it, anonymise it, or securely isolate it until deletion is possible. We will review retention periods as the Services develop and where required by law.

12. Transferring your personal data out of the UK

Some of our service providers may process personal data outside the United Kingdom. This may include providers involved in hosting, infrastructure, security, app stores, subscriptions, in-app purchases, communications, mapping, analytics, diagnostics, support or other Service functionality.

Where personal data is transferred internationally, we will take appropriate steps to ensure it remains protected in accordance with applicable data protection law. This may include relying on adequacy regulations, contractual safeguards, the International Data Transfer Agreement or Addendum, standard contractual clauses, or another lawful transfer mechanism.

If you would like more information about international transfers and the safeguards used, please contact us using the details in the section "How to contact us" below.

13. Your rights

You generally have the following rights in relation to your personal data, although these rights do not apply in every situation. You can usually exercise these rights free of charge.

Right	What this means
Access to a copy of your personal data	The right to be provided with a copy of personal data we hold about you.
Correction, also known as rectification	The right to require us to correct inaccurate or incomplete personal data.
Erasure, also known as the right to be forgotten	The right to require us to delete your personal data in certain situations.
Restriction of use	The right to require us to restrict use of your personal data in certain circumstances, for example if you contest the accuracy of the data.
Data portability	The right to receive personal data you provided to us in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations.
Object to use	The right to object to direct marketing at any time and, in certain situations, to our continued use of your personal data where we rely on legitimate interests.
Withdraw consent	The right to withdraw consent at any time where we rely on your consent. This will not affect processing carried out before consent was withdrawn.
Not to be subject to decisions without human involvement	The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you.
Complain to the regulator	The right to complain to the Information Commissioner’s Office if you are unhappy with how we use your personal data.

For further information on each of these rights, including the circumstances in which they do and do not apply, please contact us. You may also find it helpful to refer to guidance from the UK Information Commissioner’s Office.

If you would like to exercise any of your rights, please contact us using the details in the section "How to contact us" below. When contacting us, please provide enough information to identify yourself, such as your full name, username or account email address, and let us know which right you want to exercise and the personal data to which your request relates. We may need to verify your identity before acting on your request.

14. Automated decision-making

We do not use personal data collected through the Services to make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

15. Keeping your personal data secure

We have appropriate technical and organisational measures designed to prevent personal data from being accidentally lost, used, accessed, altered or disclosed unlawfully. We limit access to personal data to those who have a genuine business need to access it.

We also have procedures in place to deal with suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

However, no system, service, device, app, website or method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

16. Cookies and similar technologies

We may use cookies and similar technologies to operate, secure, monitor and improve our website and Services. These may include strictly necessary technologies, functional technologies, analytics technologies and other non-essential technologies where enabled.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies. You can manage cookie preferences through our cookie tools and your browser settings where available.

17. Children

The Services are not directed to children and are not intended for use by anyone under the age of 18. We do not knowingly collect personal data from anyone under 18.

If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps.

18. Third-party links and services

The Services may contain links to third-party websites, services, tools or content. We are not responsible for the privacy practices, security or content of third parties. You should review their privacy policies before providing personal data to them or using their services.

19. How to complain

Please contact us if you have any questions or concerns about our use of your personal data. We would appreciate the opportunity to address your concern first.

You also have the right to lodge a complaint with the Information Commissioner’s Office, the UK regulator for data protection matters. The Information Commissioner’s Office can be contacted via its website at ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.

20. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. When we make significant changes, we will take steps to inform you, for example through the Services, by email or by another appropriate method.

The latest version of this Privacy Policy will apply from the date stated at the top of the policy.

21. How to contact us

You can contact us if you have any questions about this Privacy Policy or the personal data we hold about you, to exercise a right under data protection law, or to make a complaint.

Our contact details are shown below:

IN POCKET PROTECT LTD, trading as InPocketProtect®
Registered office: 128 City Road, London, Greater London, England, EC1V 2NX
Email: contact-us@inpocketprotect.com