Privacy Policy

Privacy Policy

UK GDPR | DPA 2018 | CCPA / CPRA

Jurisdictions: United Kingdom | United States of America

Effective Date: 1 July 2025

Privacy Policy

UK GDPR | DPA 2018 | CCPA / CPRA

Jurisdictions: United Kingdom | United States of America

1. Introduction

1.1 GodsOwnApp Limited (\"we\", \"us\", \"our\") is committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and, for California residents, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

1.2 This Privacy Policy explains what personal data we collect, why we collect it, how we use it, your rights over it, and the limits of our liability in connection with data processing.

1.3 By using GodsOwnApp, you confirm you have read and understood this Privacy Policy.

2. Data Controller

GodsOwnApp Limited

Registered in England and Wales

London, United Kingdom

Email: cs@godsownapp.com

Website: www.godsownapp.com

GodsOwnApp Limited is the data controller for personal data processed through GodsOwnApp, as defined under the UK GDPR and the DPA 2018.

3. Data We Collect

3.1 Account and Identity Data

  • Full name, email address, phone number
  • Date of birth (for age verification)
  • Profile photograph
  • Password (stored in irreversibly hashed form --- we do not store plaintext passwords)

3.2 Business Profile Data (B2B Networking users)

  • Company or trading name, job title, industry sector
  • Business contact information (if voluntarily shared)

3.3 Location Data

  • Precise GPS coordinates (collected only when the Emergency Feature is activated or when proximity features are actively enabled by the user)
  • Approximate location (for venue geo-fencing at authorised venues)
  • Last known location (retained during emergency events)

3.4 Emergency Event Data

  • Alert activation time and date
  • GPS location at time of alert
  • Device information
  • Nominated contact details (if provided)

3.5 Social and Networking Data

  • Profile preferences and interests (for Social Discovery, where enabled)
  • Connection history
  • In-app messages (stored on our servers, subject to retention policy)

3.6 Usage and Technical Data

  • Device type, operating system, App version
  • IP address, log data, crash reports
  • Anonymised usage analytics

3.7 Payment and Subscription Data

  • Subscription tier, payment history (dates and amounts)
  • Payment card details are processed by our authorised payment processor only --- we do not store card data

3.8 Ambassador and Driver Reseller Data

  • Sign-up referral data and commission records
  • Performance metrics

4. Legal Bases for Processing --- UK GDPR

Data Type Purpose UK GDPR Legal Basis
Account data Account creation and management Contract (Art. 6(1)(b))
Location data Emergency Feature; proximity features Consent (Art. 6(1)(a)); Vital Interests (Art. 6(1)(d)) for emergency use
Emergency event data Safety; legal obligations; law enforcement Vital Interests (Art. 6(1)(d)); Legal Obligation (Art. 6(1)(c))
Usage and technical data App performance and improvement Legitimate Interests (Art. 6(1)(f))
Payment data Billing and subscription management Contract (Art. 6(1)(b))
Marketing communications Service and feature updates Consent (Art. 6(1)(a))
Ambassador/Driver data Commission and programme management Contract (Art. 6(1)(b))

5. Location Data --- Special Provisions

5.1 We collect precise GPS location data only when:

  • You activate the Emergency Feature (to support your safety and assist emergency services); or
  • You actively enable B2B Networking Mode or Social Discovery Mode at an authorised venue.

5.2 We do not track your location continuously or in the background without your knowledge and consent.

5.3 Location data collected during emergency events is retained for a minimum of 24 months to support any legal, regulatory, or law enforcement processes.

5.4 You may withdraw location permission at any time via your device settings. Withdrawing location permission will disable the Emergency Feature and all proximity-based features.

Category Data

6.1 We do not intentionally collect special category data (health, biometric, racial, religious, or similar data) as defined under Article 9 UK GDPR, except where:

  • Emergency event location data is incidentally linked to a health or safety situation, in which case processing is justified under Article 9(2)(c) (vital interests) and Article 9(2)(f) (legal claims).

6.2 All such data is subject to enhanced security controls and restricted access.

7. Data Sharing

7.1 We share your personal data with:

  • Nominated emergency contacts - location and alert data on emergency activation only
  • Emergency services (999/911) - where a connection is established through the App
  • Payment processors - for subscription billing (they process card data; we do not store it)
  • Cloud infrastructure and hosting providers - under appropriate Data Processing Agreements (DPAs) compliant with UK GDPR Article 28
  • Anonymised analytics providers --- anonymised or pseudonymised data only
  • Law enforcement and regulatory authorities --- where required by law, court order, or to protect vital interests

7.2 We do NOT:

  • Sell your personal data to any third party
  • Share your Social Profile or Business Profile data outside GodsOwnApp without your consent
  • Share your location data with advertisers or commercial third parties

8. International Data Transfers

8.1 Where personal data is transferred outside the UK or EEA (for example, to cloud providers with servers in the USA), we ensure appropriate safeguards are in place under UK GDPR Article 46, including:

  • UK International Data Transfer Agreements (IDTAs); and/or
  • Adequacy decisions where applicable.

8.2 For US users, data may be stored on servers in the USA and UK. By using GodsOwnApp, you consent to this processing.

9. Data Retention

Data Type Retention Period
Account data Duration of account + 3 years after closure
Emergency event data Minimum 24 months from event date
Location data (proximity features) Session only --- deleted within 24 hours of session end
Payment records 7 years (UK statutory financial record-keeping)
Marketing preferences Until consent is withdrawn
Ambassador/Driver commission records 7 years (tax record-keeping)
In-app messages 12 months from last activity between the relevant parties

10. Your Rights --- UK Users (UK GDPR and DPA 2018)

Under the UK GDPR and DPA 2018, you have the following rights:

Right Description How to Exercise
Right of Access (Art. 15) Request a copy of personal data we hold about you Email privacy@godsownapp.com
Right to Rectification (Art. 16) Correct inaccurate or incomplete data Email privacy@godsownapp.com
Right to Erasure (Art. 17) Request deletion of your data, subject to legal retention obligations Email privacy@godsownapp.com
Right to Restriction (Art. 18) Restrict processing in defined circumstances Email privacy@godsownapp.com
Right to Data Portability (Art. 20) Receive your data in a portable, machine-readable format Email privacy@godsownapp.com
Right to Object (Art. 21) Object to processing based on legitimate interests or for direct marketing Email privacy@godsownapp.com
Right to Withdraw Consent (Art. 7(3)) Withdraw consent at any time where processing is consent-based Via App settings or email

Response time: We will respond to all valid requests within one calendar month, as required by UK GDPR Article 12. We may extend this by a further two months where requests are complex or numerous, with notice to you.

Complaints: You have the right to lodge a complaint with the Information Commissioner\'s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

11. Your Rights --- California Residents (CCPA / CPRA)

California residents have the following rights under the CCPA and CPRA:

Right Description
Right to Know Know what personal information we collect, use, disclose, or share
Right to Delete Request deletion of personal information we have collected
Right to Correct Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing Opt out of the sale or sharing of personal information --- we do not sell personal data
Right to Limit Use of Sensitive PI Limit our use and disclosure of sensitive personal information
Right to Non-Discrimination Not be discriminated against for exercising your CCPA/CPRA rights

To submit a California Privacy Request: email privacy@godsownapp.com or visit www.godsownapp.com/privacy.

We will respond to verifiable consumer requests within 45 days. We may extend by a further 45 days where necessary, with notice.

12. Liability in Connection with Data Processing

12.1 GodsOwnApp Limited processes personal data with reasonable care and in compliance with UK GDPR and DPA 2018 obligations.

12.2 To the fullest extent permitted by law, GodsOwnApp Limited\'s aggregate liability for any data breach, unlawful processing, or failure to meet data subject rights obligations shall not exceed £1.00 (UK) / \\1.00 (USA), except where liability cannot be excluded under applicable mandatory law.

12.3 This limitation does not affect your rights under UK GDPR to lodge a complaint with the ICO or to seek compensation through the courts under Article 82 UK GDPR where you have suffered material or non-material damage as a result of a breach of UK GDPR. Such rights are statutory and are not affected by the contractual cap in Clause 12.2.

12.4 No director, officer, or employee of GodsOwnApp Limited shall be personally liable for any data protection breach or failure.

13. Children\'s Privacy

13.1 GodsOwnApp is not directed at children under 13.

13.2 The Social Discovery and dating features are restricted to users aged 18 and over.

13.3 We do not knowingly collect personal data from children under 13. If we become aware of such data, we will delete it immediately.

13.4 Contact privacy@godsownapp.com if you believe a child under 13 has provided us with personal data.

14. Security

14.1 We implement appropriate technical and organisational measures under UK GDPR Article 32, including:

  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments and penetration testing
  • Incident response procedures in compliance with the 72-hour breach notification requirement to the ICO (UK GDPR Article 33)

14.2 If you believe your account has been compromised, contact security@godsownapp.com immediately.

14.3 No data transmission over the internet is guaranteed to be 100% secure. You provide personal data and use the App at your own risk.

15. Cookies and Tracking

15.1 The GodsOwnApp mobile application uses essential cookies and analytics tracking only.

15.2 We do not use advertising cookies or third-party commercial tracking.

15.3 Cookie preferences can be managed through your device settings or within the App.

16. Changes to This Privacy Policy

16.1 We may update this Privacy Policy at any time. Material changes will be communicated at least 14 days before they take effect via email or in-app notification.

16.2 The current version is always available at www.godsownapp.com/privacy.

17. Contact --- Privacy and Data Protection

Privacy and Data Protection Enquiries:

GodsOwnApp Limited, 3 Grover Court, Loampit Hill,

London SE13 7ST, United Kingdom

Email: privacy@godsownapp.com

Supervisory Authority (UK):

Information Commissioner\'s Office

www.ico.org.uk | 0303 123 1113

California Privacy Requests:

Email: cs@godsownapp.com

Web: https://godsownapp.com/privacy

This Privacy Policy forms part of the GodsOwnApp Terms and Conditions. Read alongside all applicable Terms documents in this folder.