Privacy Policy | Root38 Limited

1. About this Policy

This Privacy Policy explains how ROOT38 Limited ("ROOT38", "we", "us", "our") collects, uses, and protects your personal data when you use our apps and services.

This Policy applies to the following apps:

Event Countdown
Exam Countdown

Together, these are referred to as the "Apps" or the "Service". The Apps are available on both the Apple App Store (iOS) and the Google Play Store (Android).

2. Who We Are

ROOT38 Limited is a company registered in England and Wales (company number 10349589) with registered office at 10 Oak Road, Barton Under Needwood, Burton-On-Trent, DE13 8LR, United Kingdom.

For the purposes of UK data protection law and the UK General Data Protection Regulation (UK GDPR), ROOT38 Limited is the Data Controller of your personal data.

3. What Data We Collect

We collect data in three ways: data you give us directly, data automatically generated when you use the Apps, and data we receive from third parties (such as Apple, Google, or RevenueCat).

3.1 Account data

When you create an account, we collect:

Email address
Display name (you choose this)
Password — handled and securely hashed by Firebase Authentication. We cannot read your password
Account creation date

If you sign in with Apple's "Sign in with Apple" (iOS), we receive only the data Apple chooses to share with us — typically a unique ID and (if you allow it) an email address.

3.2 Content you create in the Apps

Different Apps have different content categories:

Event Countdown: event titles, dates, descriptions, notes, icons, colours, calendars
Exam Countdown: exam name, date and time, subject, optional results

This content is stored in Firebase Realtime Database to enable syncing across your devices.

3.3 Shared Calendar data (Event Countdown only)

When you use the Shared Calendars feature in Event Countdown:

Calendar metadata — calendar name, owner, settings, member list
Shared event content — event titles, dates, descriptions, notes, and any other content you add to a shared calendar
Membership records — which users are members of which calendars, in what role (owner, editor, viewer)
Invite links — share link tokens we generate when you invite others
Editor invite records — single-use invite metadata (creator, recipient if redeemed, timestamps)
Activity logs — basic events such as "person X joined calendar Y" so members can see calendar history

3.4 Create Video data (Event Countdown only)

The Create Video feature requires access to your device's camera, microphone, and photo library:

Camera and microphone — used only while you are actively recording a video within the Create Video feature. We do not access them at any other time. Recordings are stored only on your device.
Photo library — used to let you select an existing photo or video as the background for your countdown. We access only the items you select.

When you complete an export:

The video itself is generated on your device and is not transmitted to or stored on our servers. We do not have access to your videos.
We log lightweight export metadata: an export identifier, account identifier, event identifier, video duration, quality tier, and timestamp. We do not store the event's title or other content with this metadata. This information lets us identify which account exported a watermarked video if it is reported as misused externally.
If you share the video via the App's share sheet to a third-party service (such as Instagram, TikTok, or WhatsApp), that service receives the video. We are not involved in this transfer and the third-party service's privacy policy applies.

You may revoke camera, microphone, or photo library access at any time:

iOS: Settings → Privacy → [permission name]
Android: Settings → Apps → Event Countdown → Permissions

The Create Video feature will not function without these permissions, but other Event Countdown features will continue to work.

3.5 Subscription data

When you subscribe to a premium plan:

Payment is processed by Apple (on iOS) or Google Play (on Android). We do not receive your card details or bank information.
We receive — via RevenueCat (see Section 6) — a RevenueCat subscriber identifier, an app user ID or anonymous subscriber identifier, your active entitlement status, the product purchased, renewal status, and related subscription metadata.
We do not receive your full name, billing address, or other purchase-related personal data from Apple or Google.

3.6 Moderation data (Shared Calendars feature)

If you report content or another user, or if content or a user is reported in connection with you, we collect:

Reporter's user ID, target user ID, target content reference
Report category (Spam, Harassment, Inappropriate, Child safety, Other)
Any free-text notes you submit
Timestamp
Our review decision and any action taken

3.7 Banned-user records

If we suspend or ban an account for violating our Community Guidelines or Terms of Service, we retain an enforcement record. This may include the user ID, a hashed email address, the date, the reason, and limited abuse-prevention metadata where necessary to prevent ban evasion. We retain this indefinitely to maintain an enforcement history and to prevent reinstatement of the same account (see Retention, Section 8).

3.8 Insider Access participation

If you are invited to the Event Countdown Insider Access programme, we collect:

Your email address (for beta-related communications)
Your participation status (active, opted-out)
Feedback you submit via the dedicated channel

Beta builds are distributed via Apple TestFlight (iOS) or Google Play Internal Testing (Android). Apple's and Google's respective privacy practices apply to these channels.

3.9 Usage and analytics data

We automatically collect pseudonymous usage information through Firebase Analytics, including:

App opens, screens viewed, features used
Session duration and frequency
Device type (e.g. "iPhone 15 Pro" or "Pixel 8"), operating system version, app version
Approximate geographic region (derived from IP address, not precise location)
Pseudonymous device installation identifier — IDFV on iOS (scoped to apps from the same developer on a device) and Firebase Installation ID on Android (scoped to an app installation). Neither identifier can be used to track you across unrelated companies' apps or websites
Language and locale settings

Where you are signed in, your analytics events can be associated with your account. We do not link this analytics data with AdMob, and we do not use it to build advertising or behavioural profiles.

3.10 Crash and diagnostic data

When the App crashes or experiences a technical problem, Firebase Crashlytics collects:

Crash stack trace
Device model, OS version, app version
The screen or feature in use when the crash occurred
Non-personal diagnostic context

3.11 Advertising data (free users only)

If you do not have a Premium subscription, we display advertisements through Google AdMob.

We configure AdMob to request non-personalised advertising for all users. Non-personalised ads are not based on your behaviour across apps or websites. We do not use AdMob to build behavioural advertising profiles.

However, AdMob and related technologies may still use device information, approximate location (derived from IP), local storage, frequency capping data, and advertising identifiers where available for purposes such as ad delivery, fraud prevention, frequency capping, and measurement. Specifically:

On iOS: the IDFA advertising identifier, only if you grant permission via Apple's App Tracking Transparency prompt
On Android: the GAID (Google Advertising ID), unless you have opted out in your device settings

Where consent is required by law for these technologies (including under UK PECR, EU ePrivacy rules, and applicable US state privacy laws), we request consent or provide any required notices and opt-out choices as applicable. We use Google's User Messaging Platform (UMP) to gather and store these consent and preference choices:

EEA, UK, and Switzerland: a GDPR consent banner is shown when you first open the App or when consent expires
Applicable US states: a US state regulations message is shown where required
iOS: the Apple App Tracking Transparency permission applies in addition

You can change your advertising consent at any time:

iOS: Settings → Privacy → Tracking (manage ATT). You can also revoke consent within the App by reopening the consent banner from in-app Settings
Android: Settings → Google → Ads → "Opt out of Ads Personalisation". On Android 12 and above, you can also tap Delete advertising ID to remove it entirely

Free users will continue to see ads unless they subscribe to Premium. Your consent choices affect which advertising technologies, identifiers, and measurement signals may be used; they do not by themselves remove ads from the free version.

3.12 Push notification data

If you enable notifications, we collect and store:

A device push token issued by Apple Push Notification Service (APNs) (iOS) or Firebase Cloud Messaging (FCM) (Android)
Your notification preferences (which kinds of reminders you want, sound/vibration choices)
Reminder timing settings (e.g. "remind me 3 days before")

We use these to send countdown reminders, shared-calendar updates, account notices, and (with your consent) optional service messages. Shared-calendar notifications may include the event title on your device's lock screen — you can disable lock-screen previews in iOS or Android device settings if you'd prefer not to show this.

You can disable notifications at any time in your device settings or in the App's settings where available.

3.13 Children's data

The Apps are not intended for children under 13 to create accounts without appropriate parental involvement or consent. However, we recognise that the Apps may be accessed by children and teenagers, so we apply Children's Code protections to all users (see Section 10).

3.14 Data we do not collect

For clarity, we do not collect the following without your explicit, in-context consent:

Precise device location. Our Apps do not currently use location services. If we introduce location features in future, they will be opt-in per feature and off by default. See Section 10
Contacts. We never access your phone's contact list
Microphone, except during active Create Video recording when you have started a recording session
Camera, except during active Create Video recording when you have started a recording session
Health data
Clipboard contents
Calendar data from your device's native calendar app
Photo library, except when you choose a specific photo or video in the Create Video feature

If we later introduce a feature that requires any of these (beyond the camera/microphone/photo uses already covered in Section 3.4), we will update this Policy and request your explicit consent at the moment of use, not at install.

4. Why We Use Your Data (Legal Bases)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on:

Purpose	Legal basis
Providing the Apps' core functionality (sync, accounts, features)	Performance of contract with you
Subscription management and payment	Performance of contract
Improving the Apps through account-linked analytics	Consent, where required by UK PECR / EU ePrivacy rules for SDK storage or access technologies (collected via Google's User Messaging Platform). Legitimate interests under UK GDPR for service improvement, where the storage/access has been validly permitted
Improving the Apps through crash diagnostics	Legitimate interests (improving the stability of our Apps)
Showing advertising — storage or access for ad delivery, measurement, frequency capping, fraud prevention	Consent, where required by UK PECR / EU ePrivacy rules or applicable US state privacy laws for the technologies used. Consent is collected via Google's User Messaging Platform
Showing non-personalised contextual advertising itself	Legitimate interests, where personal data is used to deliver the ad without behavioural profiling
Moderating user-generated content (Shared Calendars), abuse prevention	Legitimate interests (protecting users and maintaining service integrity)
Safeguarding child users; reporting illegal content to authorities	Recognised legitimate interests under Annex 1 to the UK GDPR, as inserted by Schedule 4 to the Data (Use and Access) Act 2025, where a specific condition applies — for example safeguarding vulnerable individuals, crime prevention, public security, or responding to a public-task disclosure request
Reporting suspected child sexual abuse material	Legal obligation (where a specific duty applies) and vital interests where necessary to protect life or safety
Banning users who repeatedly violate our Terms	Legitimate interests (preventing abuse)
Communicating about your account (security alerts, terms updates)	Performance of contract or legitimate interests
Marketing emails (optional features, new releases)	Consent (you can withdraw at any time)

We keep a written Legitimate Interests Assessment (LIA) for each legitimate-interests basis above, including the purpose, necessity, and balancing test. These LIAs are not published but are available on request to the ICO or another competent authority.

Special category data

We do not ask you to provide special category data (such as health information, religion or beliefs, political opinions, sexuality, or trade union membership). However, you may choose to include this type of information in event titles, descriptions, notes, or shared calendars.

Please avoid adding sensitive information about other people unless you have their permission. Where you choose to provide sensitive information, we process it only to provide the App features you request and we do not use it for advertising or profiling.

5. How We Share Your Data

We do not sell your personal data.

We share data only as described below:

5.1 With other users — only when you choose to

If you join a Shared Calendar, the owner and other members can see your display name and the events you add
If you invite others to a Shared Calendar you own, you choose who receives the invite
Your email address is not shared with other members

5.2 With third-party services

We use third-party services to operate, distribute, monetise, and support the Apps. See Section 6 for the full list, including the role each service plays.

5.3 For legal reasons

We may disclose data:

To comply with a legal obligation, such as a court order or valid legal request
Where appropriate and lawful, to respond to a request from a public authority or other body carrying out public tasks or official functions
To report content involving the sexual abuse or exploitation of minors to the UK Internet Watch Foundation (IWF), the National Crime Agency, the National Center for Missing & Exploited Children (NCMEC), and relevant law enforcement
To protect the rights, property, or safety of ROOT38, our users, or others

5.4 In a business transfer

If ROOT38 is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you of any such change and your rights regarding the transfer.

6. Third-Party Services

We use third-party services to operate, distribute, monetise, and support the Apps. Some of these providers act as our processors, processing personal data only on our documented instructions. Others — such as app-store, payment, and advertising platforms — act as independent controllers for some processing under their own terms.

Services acting as our processors

Service	Operator	Purpose	Data shared	Location
Firebase Authentication	Google LLC	Account login and identity	Email, hashed password, user IDs	United States
Firebase Realtime Database	Google LLC	Storing your content	All content you create in the Apps	United States
Firebase Cloud Functions	Google LLC	Backend logic	As needed for specific operations	United States
Firebase Crashlytics	Google LLC	Crash reporting	Crash logs, device diagnostics	United States
Google Analytics for Firebase	Google LLC	Usage analytics (subject to configuration)	Pseudonymous usage events, device information, installation identifiers	United States
RevenueCat	RevenueCat, Inc.	Subscription management	Subscriber identifier, app user ID, entitlement status, product, renewal status	United States
Firebase Cloud Messaging (FCM)	Google LLC	Push notification delivery to Android devices	Device push token	United States
Zendesk	Zendesk, Inc.	Customer support, abuse/IP/privacy intake	Email, message content, report details, screenshots	United States
Nolt.io	Nolt UG (haftungsbeschränkt)	Feature request management	Email (optional), feedback content	European Union

Platform services and independent controllers (for at least some processing)

Service	Operator	Role	Data involved	Location
Apple App Store	Apple Inc.	App distribution and payment processing for iOS	Subscription transactions, downloads, payment details (we don't see card details)	United States / Ireland
Google Play	Google LLC	App distribution and payment processing for Android	Subscription transactions, downloads, payment details	United States
Google AdMob	Google LLC	Advertising delivery, fraud prevention, measurement	Advertising identifiers (subject to consent), local storage, frequency-capping data, ad interactions	United States
Apple TestFlight	Apple Inc.	Beta distribution for iOS Insiders	Email address, participation status	United States / Ireland
Google Play Internal Testing	Google LLC	Beta distribution for Android Insiders	Email address, participation status	United States
Apple Push Notification Service (APNs)	Apple Inc.	Push notification delivery to iOS devices	Device push token	United States / Ireland

We review our third-party services periodically and may add or remove services. The current list above reflects the position as of the "Last updated" date.

7. International Data Transfers

Most of our service providers are based in the United States, so your data is transferred outside the United Kingdom and European Economic Area.

We rely on the following transfer mechanisms depending on the recipient and the circumstances:

Adequacy mechanisms such as the UK Extension to the EU-US Data Privacy Framework (the UK-US Data Bridge) for US recipients certified under the Framework and where the certification covers the relevant data
UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses where adequacy is not available
Appropriate supplementary measures including encryption in transit and at rest, access controls, audit logs, and transfer risk assessments

In particular:

Google LLC (Firebase, AdMob, Google Play, FCM) is certified under the EU-US, Swiss-US, and UK Extension Data Privacy Frameworks; transfers also rely on Google's Data Processing Addendum and SCCs as a secondary mechanism
Transfers to RevenueCat, Inc. are governed by RevenueCat's Data Processing Agreement and the UK Addendum to the SCCs
Transfers to Apple Inc. are governed by Apple's standard developer agreements

You may request more information about the safeguards in place for international transfers by contacting privacy@root38.zendesk.com.

8. How Long We Keep Your Data

We retain your personal data only for as long as needed for the purpose it was collected. Specific retention periods:

Data category	Retention period	Reason
Account data (email, profile, login credentials)	Active account records are deleted or irreversibly anonymised as soon as reasonably practicable after deletion is confirmed. Residual copies may remain in encrypted backups or system logs for up to 30 days before automatic deletion	Backup, integrity, and rollback period
Event and calendar content you create	Active content is deleted as soon as reasonably practicable after you delete it or your account. Residual copies may remain in encrypted backups for up to 30 days before automatic deletion	Backup, integrity, and rollback period
Shared Calendar content	Active content is deleted as soon as reasonably practicable after the calendar is deleted or all members leave. Residual copies may remain in encrypted backups for up to 30 days	Backup, integrity, and rollback period
Subscription transaction records	7 years from purchase	UK statutory tax record requirement (HMRC)
Crash and diagnostic logs (Firebase Crashlytics)	Up to 90 days in the Firebase Crashlytics dashboard	Diagnostic timeframe; this is the Firebase default and is not extended by us
Usage analytics (Firebase Analytics)	Up to 14 months	Configurable Firebase retention; we use 14 months
Moderation reports and review decisions	24 months from report	Track patterns of repeat offending
Banned-user records	Indefinite	Maintain an enforcement history and prevent reinstatement of the same account
Create Video export metadata	12 months	Abuse traceability
Insider Access participation records	Until you leave the programme, plus 12 months	Programme administration
Email communications (Zendesk tickets)	Up to 2 years after last activity	Customer support context

After the retention period ends, we delete or anonymise the data. Once data is deleted, your rights to access, rectification, erasure, and portability can no longer be enforced on it.

We may retain data longer if required by law (for example, in response to a regulatory request or legal claim).

9. Your Rights

Under UK GDPR, your rights in relation to your personal data include:

Right to be informed — to know what data we hold and how we use it (this Policy fulfils this right)
Right of access — to request a copy of the personal data we hold about you ("Subject Access Request")
Right to rectification — to correct inaccurate or incomplete data
Right to erasure ("right to be forgotten") — to request deletion of your data, subject to legal exceptions
Right to restrict processing — to limit how we use your data
Right to data portability — to receive your data in a structured, machine-readable format and transfer it to another provider
Right to object — to object to processing based on legitimate interests, direct marketing, or profiling
Right to withdraw consent at any time, where processing is based on consent (this does not affect the lawfulness of processing carried out before withdrawal)
Rights in relation to automated decision-making — to not be subject to decisions producing legal or similarly significant effects made solely on automated processing (we do not make such decisions; see below)
Right to lodge a complaint with the supervisory authority (see Section 17)

How to exercise your rights

Send a request to privacy@root38.zendesk.com including:

Your name and the email address associated with your account
A description of your request (e.g. "Subject Access Request" or "deletion request")
Verification of identity (we may ask for additional proof to prevent fraudulent requests)

We will respond without undue delay and within one month, unless the law allows an extension. If we need information from you to verify your identity or clarify your request, the response period may pause until we receive what we need (this reflects the stop-the-clock provisions in the Data (Use and Access) Act 2025).

Requests are usually free. We may charge a reasonable fee or refuse a request where permitted by law, for example if a request is manifestly unfounded or excessive.

Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

We do use automated systems for routine operations such as content moderation pre-screening (e.g. automatic profanity filtering on event titles), but a human reviews any decision to remove content or suspend an account.

10. Children's Privacy

Our approach: Children's Code protections for everyone

ROOT38 has chosen to apply the protections of the UK Age Appropriate Design Code (the "Children's Code") to all users of our Apps, rather than asking users to declare their age. We adopted this approach because it provides clearer protection for children who use the Apps with or without their parents' awareness, avoids the risks of inaccurate age declarations, and is fairer to all users.

This means everyone — adults and children alike — benefits from the following:

High privacy by default — we do not enable optional data sharing features unless you actively turn them on
Non-personalised advertising in the free version by default, regardless of age
No location-based features turned on by default (see "Future location features" below)
No profiling for advertising or recommendation
Data minimisation — we collect only what is necessary to provide the Service to you
Clear, plain-English language in our privacy and community documents

Children using the Apps

We recognise that the Apps may be accessed by children and teenagers — particularly Event Countdown and Exam Countdown, which are commonly used for birthdays, school events, holidays, revision planning, and exam timetables.

Because of this, we apply Children's Code protections to all users regardless of whether we know they are a child.

Minimum age and children under 13

You must be at least 13 years old, or the minimum age required in your country to use services like this without parental consent, to create an account.

Children under 13 must not create their own account. A parent or guardian may use the Apps on behalf of a child where lawful and appropriate, and may share their own account's content with a child (for example, by displaying a countdown a parent has set up).

We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has created an account or provided us with personal data, please contact privacy@root38.zendesk.com and we will delete the data promptly.

Parental notice

If you are a parent and your child is using one of our Apps, you may contact us to:

Review the data we hold about your child
Request deletion of your child's data
Restrict further data collection

Future location features

Event Countdown does not currently use device location. If we introduce location features in future (for example, location autocomplete when adding an event, a map view of upcoming events, location-based reminders, travel countdowns, or local event discovery), they will be designed as follows:

Off by default. Location permission is requested only at the moment you activate a specific feature, not when you install the App
Per-feature opt-in. Each location feature has its own toggle. There is no global "enable location" switch
Visible when active. iOS's built-in location indicator (the blue dot/arrow in the status bar) and Android's equivalent location icon will be visible whenever a location feature is running. Our in-app Settings will also show which location features are currently enabled
Sharing off by default. Even when a feature might allow sharing your location with other users (for example, to other members of a Shared Calendar), sharing defaults to off and requires per-instance opt-in
No location-based advertising. We commit not to implement location-targeted advertising
No location-based profiling. Location data will not be used to build user profiles, recommend content, or train models
Easy revocation. You can revoke any location permission at any time via your device's privacy settings (iOS Settings → Privacy → Location Services, or Android Settings → Apps → Event Countdown → Permissions). We provide a direct link from our in-app Settings

When we introduce location features, we will update this Privacy Policy, update our App Store and Google Play data-safety disclosures, and ensure permission requests are clear about the specific purpose of each request.

11. Cookies and Similar Technologies

On our websites

Our website (root38.com) uses essential cookies for site functionality and optional cookies for analytics. You can accept, reject, or change optional cookie choices using our cookie preferences tool.

In our Apps

Our mobile Apps do not use traditional browser cookies. Instead, they use:

Device identifiers — IDFV on iOS (scoped to apps from the same Apple developer/vendor on a device), Firebase Installation ID on Android (scoped to an app installation) — for analytics and crash reporting. Neither is used to track you across unrelated companies' apps or websites
Advertising identifiers — IDFA on iOS (only with your ATT consent), GAID on Android (until you opt out)
Local storage and SDK storage technologies — used by Firebase, AdMob, and other libraries (and by the App itself) for purposes including ad delivery, fraud prevention, frequency capping, measurement, and caching of content and preferences on your device

You can manage these:

iOS: Settings → Privacy → Tracking (manage ATT consent and per-app tracking permissions). You can also reopen our consent banner from in-app Settings
Android: Settings → Google → Ads → "Opt out of Ads Personalisation" or "Delete advertising ID"
Limit ad tracking via your device's privacy settings on either platform
Opt out of personalised ads via industry programmes: YourOnlineChoices (EU/UK), Network Advertising Initiative (US), Digital Advertising Alliance (US)

12. Security

We protect your data with industry-standard measures:

Encryption in transit — all data sent between your device and our servers is encrypted using HTTPS/TLS
Encryption at rest — data stored by Firebase and our other providers is encrypted on their servers
Access controls — only authorised ROOT38 personnel can access user data, and only when necessary for service operation
Audit logs — administrative actions on our systems are logged
Authentication — Firebase Authentication handles password storage using industry-standard hashing

No system is completely secure. We cannot guarantee that all transmissions or storage are immune to compromise.

13. Data Breach Notification

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware, as required by UK GDPR
Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms — typically via in-app notification, email to the address on your account, or both

We maintain internal procedures for breach detection, investigation, and reporting.

14. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this document
Post a notice in the relevant Apps and/or send you an email
For changes that require your consent (such as new processing based on consent), we will ask for that consent

Updates take effect from the date stated in the updated Policy. Where a change requires consent, we will ask for consent before relying on that processing.

15. Contact Us

For questions about this Privacy Policy or to exercise any of your rights:

Email (privacy matters): privacy@root38.zendesk.com
Named privacy contact: Ben Sheehan
Email (other matters): support@root38.zendesk.com
Reports of abuse or rule violations: file via our reporting form at https://root38.zendesk.com/hc/en-us/requests/new or email support@root38.zendesk.com
Intellectual property complaints: ip@root38.zendesk.com

Registered address: ROOT38 Limited 10 Oak Road Barton Under Needwood Burton-On-Trent, DE13 8LR United Kingdom

Company number: 10349589

16. Deleting Your Account

You can delete your account directly in the App:

Open the App
Tap the Settings menu (top right)
Scroll to the bottom
Tap Delete My Account
Confirm

You can also request account and data deletion outside the App:

Web form: visit www.root38.com/account-deletion. This page directs you to our help centre, where you can select "Delete My Account" as the reason for contact and submit a request without needing the App installed
Email: write to privacy@root38.zendesk.com

We will acknowledge your request within a few days and complete the deletion within one month, unless we are legally required to retain certain data (see Section 8). We may ask you to verify your identity (typically by replying from the email address on your account) before we proceed.

Deleting your account removes your account profile and personal content, except where we need to retain limited information for legal, tax, security, moderation, abuse-prevention, or dispute-resolution purposes as described in Section 8. In particular, subscription transaction records are retained for 7 years for HMRC tax compliance, and banned-user records (where applicable) are retained indefinitely to prevent ban evasion.

Important: deleting the App or your account does not cancel an Apple App Store or Google Play subscription. You must manage or cancel subscriptions through your Apple ID account settings (iOS) or your Google Play account settings (Android).

17. Complaints

If you are unhappy with how we have handled your personal data, please contact us first using the details in Section 15. We will:

Acknowledge your complaint within a reasonable period
Investigate and respond with the outcome
Explain what additional information we need (if any) and why

If we cannot resolve your concern, or if you are dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

If you are based in an EEA country, you may also lodge a complaint with the supervisory authority in your country of residence.