Privacy Policy

Effective Date: April 2026

1. Who We Are

Slough App ("we", "us", "our") operates the Slough App mobile application — a community platform for the people of Slough. We are the data controller for personal information processed through this app.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights under the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection laws.

If you have any questions or concerns, please contact us through the Contact Support feature in the app.

2. Information We Collect

We collect the following categories of personal data:

Account Information

• Email address
• Username (chosen by you)
• Profile photo (if provided)
• Phone number (optional, if provided)
• Authentication provider (email/password or Google)

Content You Create

• Posts, including text, images, and videos
• Comments on posts
• Direct messages sent to other users
• Group memberships and activity
• Votes (upvotes/downvotes) on posts and comments

Usage and Activity Data

• Profile views (who viewed your profile)
• In-app notification preferences
• Subscription and premium status
• Reports submitted about other users or content
• Blocks applied to other users

Device and Technical Data

• Device type and operating system
• Device identifiers necessary to deliver push notifications
• IP address and app usage logs

Advertising Data (with your consent)

• Ad interaction data
• Consent status (personalised or non-personalised ads)

Payment and Purchase Data

• Subscription status and entitlements (processed by our subscription provider)
• We do not directly store payment card details — these are handled by the relevant app store (Apple App Store or Google Play).

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

Performance of a Contract (Article 6(1)(b))

Processing necessary to provide the Slough App service to you, including account management, posts, comments, messages, groups, and community features.

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests, including security and fraud prevention, abuse detection and moderation, improving our services, and notifying you of activity relevant to your account. These interests do not override your fundamental rights.

Consent (Article 6(1)(a))

Where you have given explicit consent, including:

• Personalised advertising (you are asked for consent before ads are shown)
• Push notifications (you may grant or deny permission at the OS level)

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Legal Obligation (Article 6(1)(c))

Where we are required to process data to comply with applicable law.

4. How We Use Your Information

We use your personal data to:

• Create and manage your account
• Enable posting, commenting, group participation, and direct messaging
• Display your profile to other community members
• Deliver push notifications about community activity (comments, messages, profile views, group events)
• Calculate and display your community rank and badges
• Process in-app subscription purchases and verify premium entitlements
• Show advertisements (personalised or non-personalised, based on your consent)
• Respond to contact form submissions via email
• Detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service
• Comply with legal obligations and enforce our policies
• Operate, maintain, and improve the app

5. Advertising

We display advertisements through a third-party advertising platform. Before any ads are shown, we ask for your consent via an in-app consent form.

• If you consent to personalised ads, the advertising platform may use data about your interests to show relevant advertisements.
• If you decline personalised ads (or are outside the EEA/UK), you will still see ads, but they will not be tailored to your interests.

You may withdraw or change your advertising consent at any time through the app settings. Please note that ad revenue helps us keep the core app free for all users.

Our advertising provider's privacy policy governs how they handle data processed for advertising purposes.

6. In-App Purchases and Subscriptions

Premium subscriptions are managed through a third-party purchase verification service, which verifies your entitlements via the Apple App Store or Google Play. We receive only your subscription status (active/inactive) — we do not store your payment card details or full transaction records.

Premium status is verified securely before being applied to your account.

Our subscription provider's privacy policy governs how they handle your purchase data.

7. Push Notifications

If you grant notification permission, we store a device identifier linked to your account to deliver push notifications about:

• New comments on your posts
• New direct messages
• Profile views
• Group membership events (e.g. join approvals)

You can manage individual notification preferences within the app's profile settings, or revoke permission entirely via your device's operating system settings. Revoking permission stops all push notifications but does not affect your account.

8. Third-Party Service Providers

We use the following categories of third-party services to operate the app. Each acts as a data processor or independent data controller under their own privacy policy:

Cloud Backend Infrastructure

Stores your account data, posts, comments, messages, groups, and associated metadata.

Cloud Media Storage

Stores post images and videos you upload.

Advertising Platform

Displays advertisements and processes ad interaction data subject to your consent.

Social Sign-In Provider

If you sign in using a social account, that provider authenticates your identity and shares your email address with us to create or link your account.

Subscription & Purchase Verification

Verifies in-app subscription entitlements via the Apple App Store or Google Play.

Push Notification Service

Routes push notifications to your device.

We do not sell your personal data to any third party.

9. International Data Transfers

Some of our third-party service providers are based outside the UK and EEA, including in the United States. Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR and EU GDPR, such as Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms as adopted by the relevant provider.

By using Slough App, you acknowledge that your data may be transferred to and processed in countries outside your country of residence.

10. Data Security

We implement appropriate technical and organisational security measures, including:

• All communication between the app and our servers is encrypted in transit
• User authentication is required to access all community features
• We apply access controls to ensure users can only interact with data they are authorised to access
• Uploaded content is validated before being accepted
• We regularly review our security practices to protect your data

While we take reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Data Retention

We retain your personal data for as long as your account is active or as reasonably necessary to provide the service.

• Account data is retained until you delete your account or request deletion.
• Posts, comments, and messages may be retained in anonymised or soft-deleted form for a limited period after deletion to support platform integrity.
• Notification delivery identifiers are removed when you log out or request account deletion.
• Advertising consent records are retained for the duration required by applicable law.

You can request deletion of your account and associated personal data at any time through the Contact Support feature in the app.

12. Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

Right of Access

You may request a copy of the personal data we hold about you.

Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data where there is no compelling reason for us to continue processing it.

Right to Restriction of Processing

You may request that we restrict how we use your data in certain circumstances.

Right to Data Portability

You may request a copy of your data in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not make decisions about you based solely on automated processing that produces legal or similarly significant effects.

Right to Withdraw Consent

Where processing is based on your consent (e.g. personalised ads, push notifications), you may withdraw consent at any time.

To exercise any of these rights, please contact us via the Contact Support feature in the app. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local supervisory authority if you are based in the EU.

13. Children's Privacy

Slough App is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.

If you are located in the European Economic Area (EEA) or the United Kingdom, the minimum age to use this service is 16, unless the law in your country specifies a lower age (minimum 13).

If we become aware that we have collected personal data from a child below the applicable minimum age without appropriate parental consent, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal data, please contact us immediately via the Contact Support feature.

For more information on our approach to child safety, please visit www.slough.app/child-safety/.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this policy.

We encourage you to review this policy periodically. Your continued use of Slough App after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us using the Contact Support feature available in the app's profile section.

For data subject rights requests or complaints, we will acknowledge receipt promptly and respond within 30 days in accordance with applicable law.

You also have the right to make a complaint to the Information Commissioner's Office (ICO) in the UK at ico.org.uk if you believe your data protection rights have been infringed.