Introduction
Always There For You ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("the App").
We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the App.
Data Controller
For the purposes of data protection law, the data controller is:
Always There For You
Email: support@alwaysthereforyou.app
This means we are responsible for deciding how we hold and use your personal data.
Information We Collect
Personal Information You Provide
When you use Always There For You, you may provide us with:
- Account Information: Name, email address, and profile photo
- Profile Details: Display name, pronouns, and contact preferences
- Communication Data: Messages, voice notes, and care request details shared within your Family Circle
- Calendar Information: Events, appointments, and scheduling preferences
- Contact Information: Emergency contacts and family member details you choose to add
Information We Do NOT Collect
We are committed to minimal data collection. We do not collect:
- Medical diagnoses or health conditions
- Insurance information
- National Insurance numbers or government-issued identification numbers
- Financial or banking details
- Location data (unless explicitly enabled for features)
- Browsing history outside our App
Automatically Collected Information
When you use the App, we may automatically collect:
- Device information (device type, operating system version)
- App usage analytics (screens viewed, features used)
- Crash reports and error logs
- Push notification tokens (for delivering notifications)
Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
- Contract: Processing is necessary to provide you with the App and its features, as set out in our Terms of Service. This includes account creation, messaging, care request management, and calendar functionality.
- Legitimate Interests: Processing is necessary for our legitimate interests, provided these are not overridden by your rights. This includes improving the App, ensuring security, and preventing abuse.
- Consent: Where we rely on your consent (for example, for push notifications or optional iOS Calendar integration), you can withdraw consent at any time through your device settings or the App's Settings screen.
- Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.
How We Use Your Information
We use the information we collect to:
- Provide Services: Enable messaging, care coordination, and calendar features within your Family Circle
- Improve the App: Analyse usage patterns to enhance user experience
- Send Notifications: Deliver push notifications for messages, care requests, and calendar reminders
- Provide Support: Respond to your enquiries and support requests
- Ensure Security: Protect against unauthorised access and abuse
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.
Data Storage and Security
Where Your Data Is Stored
Your data is stored securely using Supabase, a trusted cloud infrastructure provider. All data is:
- Encrypted at rest using AES-256 encryption
- Encrypted in transit using TLS 1.3
- Protected by row-level security policies ensuring users can only access data within their authorised Family Circles
- Stored in secure data centres with SOC 2 compliance
International Data Transfers
Your data may be processed and stored on servers located outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK data protection law. These safeguards may include:
- Transfers to countries that the UK government has deemed to provide an adequate level of data protection
- Standard contractual clauses approved by the Information Commissioner's Office (ICO)
- Other lawful transfer mechanisms under the UK GDPR
Data Retention
We retain your personal information for as long as your account is active and as is necessary to fulfil the purposes for which it was collected. When you delete your account:
- All personal data is permanently deleted within 30 days
- Anonymised analytics data may be retained for service improvement
We periodically review the data we hold and delete any data that is no longer necessary for the purposes for which it was collected.
Data Sharing
We Do NOT Sell Your Data
We never sell, rent, or trade your personal information to third parties for marketing or advertising purposes.
Limited Sharing
We may share information only in these circumstances:
- Within Your Family Circle: Messages, events, and care requests are shared with members of your Family Circle. This is the core function of the App and is necessary for coordinating care.
- Service Providers: We use trusted providers (Supabase for database and infrastructure, Apple for push notifications) who process data on our behalf and are bound by data processing agreements.
- Legal Requirements: If required by UK law, court order, or a request from a regulatory authority (such as the ICO).
- Safety: To protect the safety of our users or the public, where we reasonably believe disclosure is necessary and proportionate.
Third-Party Services
Our App integrates with the following third-party services:
- Supabase: Database, authentication, file storage, and real-time communication infrastructure
- Apple Push Notification Service (APNs): For delivering push notifications to your iOS device
- iOS Calendar (EventKit): Optional integration for syncing events with your device's local calendar. Calendar data remains on your device unless you explicitly choose to sync it.
These services have their own privacy policies, and we encourage you to review them. We have data processing agreements in place with our key service providers to ensure your data is handled in accordance with UK data protection law.
Your Rights Under UK Data Protection Law
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
Right of Access
You have the right to request a copy of the personal data we hold about you. You can do this by contacting us at support@alwaysthereforyou.app. We will respond to your request within one month.
Right to Rectification
You can access and update your profile information at any time through the App's Settings. If you believe any other data we hold about you is inaccurate or incomplete, please contact us and we will correct it.
Right to Erasure (Right to Be Forgotten)
You can delete your account at any time through Settings > Delete Account. This will permanently remove:
- Your profile and personal information
- All messages you've sent
- Care requests you've created
- Your membership in all Family Circles
You may also request erasure of specific data by contacting us. We will comply unless we have a lawful reason to retain the data.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, for example if you contest the accuracy of the data or object to our processing of it.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may request a copy of your data by contacting us at support@alwaysthereforyou.app. We will provide your data in a standard format (such as JSON or CSV) within one month.
Right to Object
You have the right to object to processing of your personal data where we are relying on a legitimate interest, if you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes (though we do not currently carry out any direct marketing).
Rights Related to Automated Decision-Making
We do not carry out any automated decision-making or profiling that has a legal or similarly significant effect on you.
Withdrawing Consent
Where we rely on your consent to process your data (for example, push notifications or iOS Calendar sync), you can withdraw consent at any time by:
- Adjusting notification preferences in the App's Settings
- Revoking calendar access in your device's Settings
- Contacting us at support@alwaysthereforyou.app
Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.
Notification Preferences
You can customise notification preferences in the App's Settings, including:
- Message notifications
- Care request alerts
- Calendar reminders
- Quiet hours settings
How to Exercise Your Rights
To exercise any of the above rights, please contact us at support@alwaysthereforyou.app. We will respond to your request within one month. In certain circumstances, we may extend this period by a further two months, but we will inform you if this is necessary and explain why.
You will not normally have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Children's Privacy
Always There For You is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete that information.
For users aged 13 to 17, parental or guardian consent is required to use the App, in accordance with our Terms of Service.
Cookies and Tracking
The App does not use cookies. If we introduce analytics or tracking tools in the future, we will update this Privacy Policy accordingly and seek your consent where required.
Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
- Notify you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms
- Document the breach and the steps taken in response
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the "Last Updated" date at the top of this policy
- Sending a notification through the App for significant changes, at least 30 days before the changes take effect
Your continued use of the App after changes take effect constitutes acceptance of the updated policy. If you do not agree with the revised policy, you should stop using the App and delete your account.
Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO, so please do get in touch with us first at support@alwaysthereforyou.app.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: