Privacy Policy

1. Who we are

1.1 Lewis James Harvey and Callum James Hull, trading as The Local ("we", "us", "our"), are the joint data controllers responsible for your personal data.

1.2 Contact address: privacy@thelocalpubs.com. Upon incorporation as a limited company, this policy will be updated to include our registered company name, number, and address.

1.3 ICO registration number: [to be added once registration is complete].

1.4 If you have any questions about how we handle your data, you can contact us at privacy@thelocalpubs.com.

2. What data we collect

We collect the following categories of personal data:

Account data

2.1 When you create an account, we collect your email address, username, date of birth, and any profile biography you choose to add. Your date of birth is collected solely to verify that you meet the minimum age requirement of 18.

Location data

2.2 With your explicit consent, we collect your precise GPS location when you actively check in to a pub. We do not track your location in the background or store location history beyond the duration of your check-in. Your location is used to confirm your presence at a venue, to show nearby pubs, and to display your check-in to friends.

User-generated content

2.3 When you use the app, you may create content including BeerReel posts, photos, reviews, comments, and interactions (such as "cheers"). This content is visible to other users in accordance with your privacy settings.

Technical data

2.4 We automatically collect your IP address, device type, operating system, app version, and crash logs. This data is used to maintain service stability, diagnose issues, and improve the app.

Communications data

2.5 If you contact us (for example, via email or in-app support), we retain the content of your communications to resolve your query and improve our service.

3. Lawful basis for processing

Under UK GDPR, we must have a lawful basis for each type of processing. The bases we rely on are:

3.1 Contractual necessity (Article 6(1)(b)): Processing your account data and user-generated content is necessary to provide you with the service you have signed up for.

3.2 Consent (Article 6(1)(a)): We process your precise location data and send you marketing communications (push notifications, emails, and in-app messages) only with your explicit consent. You may withdraw consent at any time through your device settings (for location) or the app settings (for communications). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

3.3 Legitimate interests (Article 6(1)(f)): We process technical data for service stability, security monitoring, and product improvement. We have assessed that these interests do not override your rights and freedoms, given the non-sensitive nature of the data and the measures we take to protect it.

3.4 Legal obligation (Article 6(1)(c)): We may process data where required to comply with a legal obligation, such as responding to a lawful court order or regulatory requirement.

4. Age verification

4.1 The Local is strictly for individuals aged 18 or over. During registration, you are required to provide your date of birth. If the date of birth entered indicates you are under 18, your registration will be refused.

4.2 We store your date of birth for the purpose of age verification only. It is not displayed to other users or used for any other purpose.

4.3 We reserve the right to request additional proof of age at any time. If we have reasonable grounds to believe a user is under 18, we will suspend the account and request verification. If verification is not provided within 14 days, the account will be permanently terminated and all associated data deleted.

4.4 If we discover that a user under 18 has created an account, we will terminate the account immediately and delete all personal data associated with it.

5. How we use your data

We use your data for the following purposes:

• Providing the core service: account management, check-ins, social features, pub discovery
• Personalisation: recommending pubs based on your ratings and location during active use
• Safety and moderation: detecting and removing content that violates our Acceptable Use Policy, using a combination of automated (AI-based) and manual review
• Communications: sending push notifications, email updates, and in-app messages about your account, friends' activity, and (with your consent) promotional content
• Service improvement: analysing technical data and aggregated usage patterns to improve app performance and features
• Legal compliance: responding to legal requests and protecting our rights

6. Data sharing and third parties

6.1 We do not sell your personal data to any third party.

6.2 We share data only with the following categories of service providers, who act as data processors on our behalf:

• Infrastructure and database: Supabase (authentication, database management, file storage)
• Map services: map providers receive obfuscated location data to render venue markers
• Content moderation: AI moderation services process user-generated content to detect policy violations
• Communications: email and push notification delivery services

6.3 Each processor is bound by a data processing agreement and may only process your data on our instructions and for the purposes described in this policy.

6.4 We may also disclose your data where required by law, regulation, or court order, or where necessary to protect the safety of our users or the public.

7. International data transfers

7.1 Your data is primarily stored on servers located in the European Union, operated by Supabase.

7.2 The EU has been granted a data adequacy decision by the UK government, meaning data can flow freely between the UK and EU without additional safeguards.

7.3 If any of our sub-processors transfer data outside the UK and EU (for example, to the United States), we ensure appropriate safeguards are in place, such as the International Data Transfer Agreement (IDTA) or binding corporate rules, in accordance with UK GDPR.

8. Data retention

We retain your data for only as long as necessary. Our specific retention periods are:

• Account data: retained while your account is active. Deleted within 30 days of an account deletion request.
• Date of birth: retained while your account is active for age verification purposes. Deleted upon account deletion.
• Location data: collected only during active check-ins. Your precise location is not stored after you check out or after 24 hours, whichever is sooner.
• User-generated content: retained while your account is active. Upon account deletion, your content is anonymised (attributed to "Former User") rather than deleted, to preserve community context. You may request full deletion of your content.
• Technical data (logs, crash reports): retained for 90 days, then automatically deleted.
• Communications data: retained for 12 months after resolution of your query.
• Backup data: purged within 60 days of deletion from the live database.

You can also request account deletion via our Delete Account Request page.

9. Your rights

Under UK GDPR, you have the following rights:

9.1 Right of access: You can request a copy of the personal data we hold about you.

9.2 Right to rectification: You can ask us to correct inaccurate or incomplete data.

9.3 Right to erasure: You can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.

9.4 Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.

9.5 Right to data portability: You can request a machine-readable copy of the data you provided to us.

9.6 Right to object: You can object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue.

9.7 Right to withdraw consent: Where processing is based on consent (location data, marketing communications), you can withdraw consent at any time through your device or app settings.

9.8 To exercise any of these rights, contact us at privacy@thelocalpubs.com. We will respond within one calendar month. If your request is complex or we receive a high volume of requests, we may extend this by a further two months, and we will let you know.

9.9 If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113

10. Security

10.1 We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

10.2 No system is completely secure. We encourage you to use a strong, unique password for your account and to keep your device software up to date.

10.3 In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected users without undue delay.

11. Children's data

11.1 The Local is not intended for anyone under 18. We do not knowingly collect data from children.

11.2 If we become aware that we have collected personal data from a person under 18, we will delete that data and terminate the associated account immediately.

11.3 If you believe a child under 18 is using the app, please contact us at privacy@thelocalpubs.com.

12. Marketing communications

12.1 With your consent, we may send you marketing communications via push notifications, email, or in-app messages. These may include new feature announcements, pub recommendations, and promotional content.

12.2 You can opt out of marketing communications at any time by adjusting your notification preferences in the app settings, clicking the unsubscribe link in any email, or contacting us at privacy@thelocalpubs.com.

12.3 Opting out of marketing does not affect service-related communications (such as account security alerts or changes to these terms), which we may continue to send as necessary.

13. Changes to this policy

13.1 We may update this policy to reflect changes in law, regulation, or our data practices. Where changes are significant, we will notify you via an in-app banner and/or email before the changes take effect.

13.2 The date at the top of this policy indicates when it was last updated.

14. Contact us

Lewis James Harvey and Callum James Hull, trading as The Local
Email: privacy@thelocalpubs.com
ICO registration: [to be added once registration is complete]