Privacy Policy

1. Introduction

Pocket Guides is a trading name of RISENORTHDIGITAL LTD ("we", "us", "our"). We publish the Pocket Guides: Settle mobile app (the "App") and operate the website at pocket-guide.co.uk (the "Website"). This Privacy Policy explains what information we collect through the App and the Website, how we use it, and the rights you have over your information under UK data protection law (the UK General Data Protection Regulation and the Data Protection Act 2018).

The App is a free local guide to Settle and the surrounding Yorkshire Dales. You can browse the App without creating an account. You may optionally create an account to save places, walks and events to your own list, to submit new listings or events, or to claim ownership of an existing listing. You can delete your account at any time from inside the App.

By using the App or the Website, you agree to the collection and use of information in accordance with this policy.

2. Who we are

RISENORTHDIGITAL LTD, trading as Pocket Guides, is the data controller for the personal information collected through the App and the Website.

Company: RISENORTHDIGITAL LTD
Trading as: Pocket Guides
Company number: 16485759 (registered in England and Wales)
Registered office: 24 Kings Mill Lane, Settle, United Kingdom, BD24 9FD
Email: hello@pocket-guide.co.uk
Website: pocket-guide.co.uk

3. Information we collect

We have designed the App and the Website to collect as little personal information as possible. The information falls into the categories below. The exact set depends on which features you use.

3a. Information you provide

You can browse the App and the Website without giving us any personal information. You provide information to us only when you choose to do one of the following:

Create an account. You can sign up with an email address and password, or use Sign in with Apple or Sign in with Google. We store your email address, a display name (your own choice, or one taken from Apple or Google if you sign in with them), and the date your account was created. If you sign in with Apple, you may choose to share a private relay email address (@privaterelay.appleid.com) instead of your real one — we treat that the same as any other email. If you sign in with Apple for the first time, Apple gives us your full name; you can later change or remove this from inside the App.

Save items to your personal list. When you tap the heart on a place, walk or event, we store that against your account so it appears on your Saved tab on any device you sign in to.

Submit a new listing. The in-app "Add a place" form captures the business name, address, category and town (required), plus phone, website, public email address, a description and your reason for submitting (all optional). We also auto-attach your account email and display name so we can follow up if we need to.

Claim an existing listing. If you are the owner or manager of a business already listed in the App, you can claim it. The claim form captures your name and your role (owner, manager, staff, agency or other) as required fields, plus an optional phone number and an optional free-text justification (for example, "owned since 2019, happy to verify by phone"). We use this information solely to decide whether to grant the claim.

Edit your own listing. Once a listing is yours, you can edit its public details (description, opening hours, phone, website, public email, social links) and upload up to ten photos. Every edit you submit goes into a moderation queue and is reviewed before going live. We auto-attach your account email, display name and account ID to every submission so we can audit changes if needed.

Submit an event. The event submission form captures the event title and description, dates and times, venue name and address, event type and your role as the submitter (organiser, host, venue, performer, other) as required fields. Optional fields cover ticket price, ticket link, an external website link, recurrence, and up to ten photos. We also auto-attach your account email and display name, and you can edit the public-facing contact email and name shown against the event.

Photos you upload. Photos you upload through the listing or event forms are stored in Google Firebase Storage (London, UK), keyed by your account ID or by the listing or event ID. Photos are reviewed by us before being shown publicly. We do not strip metadata from your photos — if your camera saves location information into the photo file (EXIF), that data may be uploaded with it. If you would prefer not to share photo location data, turn off location for photos in your phone's camera settings before taking the picture.

Contact us via the Website. If you fill in the contact form on the Website or email us directly, we receive whatever information you send.

3b. Information collected automatically (in the App)

When you use the App, we automatically collect the following:

• A Firebase install ID and standard analytics events — the Firebase SDK that ships with the App collects a randomly generated install ID and a small set of standard usage events (such as first open, session start, and app updates). The App does not request App Tracking Transparency permission and does not collect IDFA, IDFV or any device advertising identifier. The Firebase install ID is not your name, email or account.
• Engagement events to our own database — when you view a place or an event, tap a phone/website/directions/tickets link, or save or unsave an item, we write a short record to our own analytics_events collection in Firestore. Each record contains the action (such as view or save), the target ID, the owner of the listing, your account ID if you are signed in (null if not), and a timestamp. We use these counts to give business owners simple performance stats for their listings and to inform our own product decisions. The records do not contain your name, email, location or device information.
• Device push token — see section 3d below.
• Approximate location derived from your IP address — Google's services (Firebase, Maps) may infer an approximate location from your IP address, typically accurate only to country or region. This is not the same as the precise device location described in section 3e.
• Crash and error information — basic error messages may be sent to Google as part of normal Firebase operation. We do not run a separate crash-reporting tool (such as Crashlytics, Sentry or Bugsnag) in the App.

3c. Information collected automatically (on the Website)

The Website uses Google Analytics 4 to understand how visitors find and use the site. Google Analytics sets cookies in your browser and collects standard analytics information including a randomly generated client ID, the pages you view, referrer, approximate location derived from your IP address, browser and device type, and how long you spend on the site. We do not use Google Analytics to build advertising audiences or to enable remarketing.

The App itself is a native mobile application and does not use browser cookies.

3d. Push notification token

If your device is capable of receiving push notifications and you choose to allow them, the App registers a device-specific push token with Google Firebase Cloud Messaging (Android) or Apple Push Notification service (iOS). We store this token in a devices collection in Firestore alongside your platform (iOS or Android), your notification preferences (whether you have opted in to alerts about paid listings and/or promoted events), and — once you sign in — your account ID. Before you sign in, the device record is anonymous; after sign-in we link it to your account so we can deliver notifications only to your own devices.

You can turn notifications off at any time in your phone's settings. You can also clear notification preferences from inside the App. You can withdraw consent for any notification category without losing access to the App.

3e. Precise device location (only when you ask for it)

The in-app map includes a "locate me" button. If you tap it, the App asks your device for your current location and centres the map on you. This uses your phone's foreground precise location. We do not track your location in the background, we do not store your location after the map is closed, and we do not send your location to our servers. We only ask for location permission when you first use the "locate me" button — you can decline and continue to use the App normally.

3f. Cookies and similar technologies

The App is a native mobile application and does not use browser cookies. The Firebase SDKs we use store small amounts of data on your device for technical purposes such as caching, error reporting and identifying repeat opens.

The Website uses a small number of cookies, including those set by Google Analytics 4 (see section 3c). The Website does not show advertising and does not place advertising cookies.

4. How we use your information

We use the information we collect for the following purposes:

• To provide and operate the App and the Website
• To authenticate you when you sign in, and to show you the places, walks and events you have saved
• To review and publish listings, listing claims and events that users submit, and to follow up with submitters where needed
• To verify that a listing claim is genuine before transferring ownership
• To deliver push notifications you have opted in to receive
• To moderate user-submitted content
• To produce simple performance counts (views, tap-throughs) for the owners of listings and events
• To understand how the App and the Website are used through aggregated analytics
• To diagnose and fix technical problems
• To comply with legal obligations

5. Lawful bases for processing

Under UK GDPR, we rely on the following lawful bases for processing your personal information:

• Consent — when you submit an event or listing and provide your name and contact details; when you opt in to push notifications; when you allow precise device location for the map; and for Google Analytics cookies on the Website where required.
• Contract — when you create an account, we process your account information in order to deliver the account features you have asked for (signing you in, showing your saved items, accepting your submissions).
• Legitimate interests — for our own internal analytics that help us improve the App and the Website, for the engagement counts we share with listing owners, and for the security and integrity of our service. We weigh these interests against your privacy and only collect what we need.

You can withdraw consent at any time by contacting us at hello@pocket-guide.co.uk, by turning off the relevant permission on your device, or by deleting your account inside the App.

6. Who we share your information with

We share information only with the following service providers, each of which acts as a processor on our behalf:

• Google Firebase (provided by Google LLC and Google Cloud EMEA Limited) — hosts our database (Firestore), file storage (Firebase Storage), authentication, analytics, push messaging and the underlying infrastructure. Firebase Authentication handles account sign-in and password management on our behalf, including for Sign in with Google. Firebase data is stored in Google data centres in London, United Kingdom (europe-west2).
• Sign in with Apple (Apple Inc. / Apple Distribution International Limited) — handles Apple authentication. Apple shares your name (only on first sign-in, only if you allow it) and your email address (which may be a private relay address) with us.
• Sign in with Google (Google LLC / Google Ireland Limited) — handles Google authentication. Google shares your name, email address and profile photo URL with us.
• Google Analytics 4 / Google Analytics for Firebase — provides aggregated usage analytics for the App and the Website. See Google's privacy practices at policies.google.com/privacy.
• Apple Push Notification service (Apple Inc.) and Google Firebase Cloud Messaging — used to deliver push notifications to your iOS or Android device respectively.
• Google Maps Platform — when you view the in-app map, your device makes requests to Google's mapping service. This service may collect technical information (IP address, device, usage of the map) per Google's own policies.
• Resend (Resend, Inc.) — used to send transactional emails (such as listing claim approvals or moderation notifications) on our behalf.
• Stripe (Stripe Payments Europe Limited) — used to process payments from business customers who buy paid features such as paid placement or promoted events. Stripe is the controller for payment card data; we never see your card details.

If you tap a link in the App that opens a third-party website (such as a business's own website, a TripAdvisor listing or a ticket booking page), the App is no longer responsible for what happens once you leave. Those websites have their own privacy policies.

We do not sell your information. We do not share it with advertisers — the App and the Website do not show third-party advertisements. We do not share it with anyone else for marketing purposes.

7. International data transfers

Most of our data is stored in Google data centres in London, UK (europe-west2). Some service providers (Google, Apple, Stripe, Resend) may transfer technical or analytics data to data centres outside the UK or the European Economic Area, including in the United States. Each of those providers relies on appropriate transfer safeguards, including UK International Data Transfer Agreements and EU Standard Contractual Clauses, to protect the information.

8. Data retention and what happens when you delete your account

We retain information for the following periods:

• Account information (email, display name, saved lists, account ID) — for as long as your account exists.
• Push notification token — for as long as the App remains installed on the device. If you uninstall the App or revoke notification permission, the token becomes invalid and is removed by us on the next clean-up pass.
• User-submitted listings, listing claims and events — kept while the listing or event remains in the App. If you withdraw a submission or it is rejected, we keep a record for a reasonable period (typically up to 12 months) for moderation and abuse-prevention purposes, then delete it.
• Photos you upload — kept while the listing or event they are attached to remains in the App. Photos that fail moderation are deleted within a few days.
• Engagement events (analytics_events) — kept indefinitely as aggregated counts. Your account ID is stored against each event while you have an account; see deletion behaviour below.
• Google Analytics — Google Analytics retains user-level event data for 14 months by default. Aggregated reports may be retained longer.
• Stripe billing records — Stripe retains payment records for as long as required by accounting and tax law (typically 6 years in the UK).

When you delete your account using the "Delete account" button in the App, we run a single irreversible process that does the following within a few minutes:

• Deletes your account record and saved lists from Firestore.
• Deletes your Firebase Authentication record (so you can no longer sign in).
• Deletes the push tokens for every device linked to your account.
• Removes your name, email, account ID and any other identifying information from every listing submission, claim and event submission you made. The underlying content (the listing or event itself) remains in the App if it has been published, but no longer references you.
• Replaces your account ID on engagement records (analytics_events) with a null value, so the aggregated counts continue to work but cannot be linked back to you.
• Removes you as the owner of any listing you had claimed. The listing remains in the App but becomes unclaimed.
• Deletes any pending-moderation photos you uploaded that have not been attached to a published listing or event.

Published photos that are already part of a live listing or event remain part of that listing or event. We do not keep backups of deleted accounts.

You can also ask us to delete information about you at any time using the contact details below.

9. Your rights under UK GDPR

You have the following rights over your personal information:

• Right of access — to know what information we hold about you and receive a copy
• Right to rectification — to correct inaccurate information
• Right to erasure ("right to be forgotten") — to ask us to delete information about you
• Right to restrict processing — to limit how we use your information
• Right to data portability — to receive your information in a portable format
• Right to object — to object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at hello@pocket-guide.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your information properly.

10. Children's privacy

The App and the Website are intended for general audiences and are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Security

We use industry-standard technical and organisational measures to protect the information we hold, including encryption in transit, restricted access to administrative tools, and reliance on Google Firebase's enterprise-grade infrastructure. However, no system is completely secure, and we cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent change. If we make material changes, we will indicate this prominently in the App and on the Website.

13. Contact us

If you have questions about this Privacy Policy or about how we handle your information, please contact:

RISENORTHDIGITAL LTD (trading as Pocket Guides)
24 Kings Mill Lane, Settle, United Kingdom, BD24 9FD
Email: hello@pocket-guide.co.uk
Website: pocket-guide.co.uk