Data & Compliance
This document summarises how The Local handles data governance, security controls, and compliance practices.
1. Scope
Applies to:
- User account data
- Social content (posts, comments, friend requests)
- Media uploads
- Operational logs and diagnostics
2. Data Classification
- Public data: content intentionally shared publicly in-app.
- Account data: identifiable user data (email, username, profile).
- Sensitive operational data: auth/session/security metadata.
3. Access Controls
- Role-based access control via backend policies.
- Row-level security controls for user-owned records.
- Principle of least privilege for app and admin operations.
4. Security Controls
- Authentication and session controls managed by backend provider.
- HTTPS/TLS in transit.
- Managed storage/database protections.
- Audit and diagnostics for incident response.
5. Retention and Deletion
- User data retained only as needed for service delivery, security, and legal obligations.
- Account deletion requests trigger deletion/anonymisation workflows.
- Backups/log retention follow provider and legal constraints.
6. Data Subject Rights
Supported request categories:
- Access
- Correction
- Deletion
- Export/portability (where applicable)
- Restriction or objection (where applicable)
Contact: thelocallondon@gmail.com
7. Incident Response
If a security incident affects personal data:
- Triage and contain quickly.
- Investigate scope and impact.
- Notify affected users/regulators where required by law.
- Apply remediation and preventive actions.
8. Compliance Baseline
The Local aims to align with:
- UK GDPR / EU GDPR principles
- Age-gating obligations for 18+ experience
- Platform requirements (Apple App Store, Google Play)
9. Vendor Management
Core infrastructure vendors are assessed for:
- Security posture
- Data processing terms
- Regional hosting/transfers
- Incident handling commitments
10. Ongoing Review
This document is reviewed periodically and updated when architecture, legal requirements, or processing activities change.