Privacy policy.

01Introduction

Stranded Solutions Limited ("we", "us", "our", or the "Company") is a company incorporated in England and Wales. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you install, access, or use our iOS applications (each an "App"), visit our website at www.strandedsolutions.co.uk (the "Website"), or otherwise interact with our services (together, the "Services").

Our Apps are available worldwide through the Apple App Store. This Policy applies to users globally. Depending on where you live, you may have additional rights under your local privacy laws. Region-specific disclosures are set out in Sections 17 to 20 below.

We are committed to handling personal information responsibly and in accordance with applicable privacy laws, including the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 ("PECR"), the EU General Data Protection Regulation ("EU GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), other applicable US state privacy laws, and Apple's App Store and developer requirements.

By using the Services, you confirm that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please do not use the Services.

02Who we are and how to contact us

Stranded Solutions Limited is the "data controller" (or "business", under US law) responsible for the personal information processed under this Privacy Policy, unless we expressly state otherwise (for example, where we act as a processor or service provider for a business customer).

03Scope of this policy

This Privacy Policy applies to personal information we collect through the Apps, the Website, and any related communications between you and us. It does not apply to third-party websites, applications, or services that may be linked from, or integrated with, our Services. Those third parties operate their own privacy policies, which we encourage you to review.

Where an App is made available to you by a business customer (for example, your employer or a client of ours), that business may be the data controller in respect of your personal information. In those cases, please refer to that organisation's privacy notice for further information about how your personal data is handled.

04Information we collect

We may collect and process the following categories of personal information, depending on which Services you use and the features you enable. Not all of the data described below is collected by every App we publish; the data actually processed by a given App is disclosed in that App's Apple App Store "Privacy Nutrition Label" and any in-App privacy notice.

4.1 Information you provide directly

• Account and registration details, such as name, email address, password (in encrypted form), telephone number, job title, and organisation.
• Profile information you choose to add, such as profile photo, preferences, and settings.
• Content you submit through the App, including text entries, uploads, files, photos, comments, and feedback.
• Communications with us, including support requests, bug reports, and correspondence.
• Payment and billing information where the App offers paid features (card details are processed by our payment provider and are not stored by us).

4.2 Information collected automatically

• Device information, such as device model, operating system version, language settings, time zone, mobile network information, and unique device identifiers (for example, Identifier for Vendor).
• App usage data, such as features accessed, screens viewed, time and duration of use, taps and interactions, and crash reports.
• Log and diagnostic information, including IP address, error logs, performance data, and event timestamps.
• Approximate location derived from IP address. Precise location data (GPS) is only collected if the relevant App feature requires it and you have granted permission through the iOS system prompt.

4.3 Information from third parties

• Authentication providers, where you choose to sign in using Apple ID, Google, or a similar service.
• Analytics and crash reporting providers, who provide us with aggregated and event-level data about how the App is used.
• Business customers, where the App is provided to you in the context of a business relationship between us and your employer or another organisation.

4.4 Sensitive or special category information

We do not knowingly collect special category personal data (under UK/EU GDPR) or sensitive personal information (under CCPA/CPRA and other US state laws) such as data about your health, race, religion, political opinions, sexual orientation, biometric data, or precise geolocation, unless: (a) it is a clearly disclosed and necessary feature of a specific App; and (b) you have given your explicit consent through the iOS permission system or an equivalent mechanism. Where such data is processed, we will provide a specific notice and obtain consent as required by law.

4.5 Information about children

Our Apps are general-audience products and are not directed to children. We do not knowingly collect personal information from children under the age of 13 (or the higher applicable minimum age in your jurisdiction, such as 16 in some EU Member States). See Section 12 below for further detail. If we publish an App that is intended for use by children, we will provide a separate, age-appropriate privacy notice for that App and obtain verifiable parental consent where required by law.

05iOS permissions & on-device data

Some features of an App require access to data or sensors on your iOS device. iOS will prompt you to grant or deny these permissions, and you can change your choices at any time in iOS "Settings" under the entry for the relevant App. We only request the permissions necessary to deliver the features you choose to use. Common permissions may include:

• Camera, microphone, and photo library, where the App allows you to capture or upload media.
• Location services, where the App provides location-based functionality.
• Notifications, where the App sends push messages relating to your activity, alerts, or reminders.
• Contacts, calendar, reminders, or HealthKit, only where a specific App feature requires it and only with your express consent.
• App Tracking Transparency (ATT), where applicable, to request your permission before tracking your activity across other companies' apps and websites for advertising or measurement purposes.

Denying a permission may limit your ability to use certain features but will not prevent you from accessing the core Services unless that permission is strictly necessary.

06How we use your information and our legal basis

We process personal information for the purposes set out below. Where the UK GDPR, EU GDPR, or another law that uses similar concepts applies, we have indicated the corresponding legal basis.

6.1 To provide and operate the Services

We process account, device, and usage information to deliver the Services, authenticate users, deliver content you request, and maintain the security and availability of the Apps and Website. Legal basis: performance of a contract with you, or our legitimate interests in operating and improving our business.

6.2 To improve the Services and develop new features

We use analytics, diagnostic, and crash data to understand how the Services are used and to debug, improve, and develop new features. Where possible, this information is aggregated or pseudonymised. Legal basis: legitimate interests in improving our products.

6.3 To communicate with you

We use contact details to respond to support requests, send service-related notices (such as security alerts, changes to terms, or important updates), and provide information you have requested. Legal basis: performance of a contract or legitimate interests.

6.4 To send marketing communications

Where you have opted in (or where we are otherwise permitted to do so under applicable law), we may send you marketing emails or in-App messages about our products and services. You can withdraw consent or unsubscribe at any time using the unsubscribe link in any marketing email or by contacting us. Legal basis: consent, or legitimate interests where permitted.

6.5 To comply with legal obligations

We may process and retain personal information to comply with applicable laws, regulations, court orders, and lawful requests from public authorities (including authorities outside the UK where required). Legal basis: legal obligation.

6.6 To establish, exercise, or defend legal claims

We may use personal information to investigate, prevent, or take action regarding fraud, misuse of the Services, or breach of our terms, and to establish, exercise, or defend legal claims. Legal basis: legitimate interests.

6.7 With your consent

Where required by law (for example, for certain cookies, advertising identifiers, sensitive personal information, or features requiring iOS system permissions), we will only process your personal information with your prior consent, which you may withdraw at any time.

07How we share your information

We do not sell your personal information for money. Depending on how the Services are configured, some processing activities may constitute "sharing" under the CCPA/CPRA; see Section 17. Subject to that, we may share personal information with the following categories of recipient, under appropriate contractual and technical safeguards:

• Service providers and processors who help us operate the Services, including cloud hosting providers, analytics providers, crash reporting providers, customer support tools, email and communications providers, and payment processors.
• Authentication providers, such as Apple or Google, where you choose to sign in using their services.
• Business customers, where the App is provided to you in the context of a business relationship and the relevant data forms part of that organisation's data.
• Professional advisers, such as lawyers, accountants, auditors, and insurers, where reasonably necessary.
• Regulators, law enforcement, and other public authorities, where required by law or where we consider disclosure is necessary to protect our rights or the rights, property, or safety of others.
• Acquirers or successors, in the event of a corporate transaction such as a merger, acquisition, restructuring, sale of assets, or insolvency, in which case personal information may be transferred as part of the transaction.

We require all third parties acting as processors or service providers on our behalf to enter into written contracts containing the safeguards required by applicable law, and to process personal information only on our documented instructions.

08International transfers

We operate globally and our service providers may be located in countries outside the United Kingdom, the European Economic Area ("EEA"), or your country of residence. Where we transfer personal information internationally, we put in place appropriate safeguards to ensure that your information continues to be protected to a standard essentially equivalent to that under your local law, including:

• Transfers to countries that the UK Government, European Commission, or other competent authority has determined provide an adequate level of protection.
• UK International Data Transfer Agreements, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses.
• Binding corporate rules or other lawful transfer mechanisms recognised under applicable data protection law.
• Supplementary technical and organisational measures, such as encryption and access controls, where appropriate.

You can request further information about the safeguards we apply to international transfers by contacting us using the details in Section 2.

09Data retention

We retain personal information only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting, regulatory, or reporting requirements, or to resolve disputes and enforce our agreements.

Typical retention periods include:

• Account information: for the duration of your account, plus a reasonable period afterwards to handle queries or claims.
• Transaction and billing records: for the period required by tax and accounting laws (generally six years in the UK).
• Diagnostic and crash data: typically retained for a limited period in identifiable form, after which it is deleted or aggregated.
• Marketing preferences and consent records: until you withdraw consent, plus a reasonable period to evidence your choices.

When personal information is no longer needed, we will delete or anonymise it. Where deletion is not technically feasible (for example, in backups), we will isolate the information and prevent further processing until deletion is possible.

10Security

We use a combination of administrative, technical, and organisational measures designed to protect personal information against accidental or unlawful loss, destruction, alteration, unauthorised disclosure, or access. These measures include encryption in transit, access controls, secure development practices, vendor due diligence, and ongoing security monitoring.

No method of transmission or storage is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect unauthorised access to your account.

11Your general rights

Subject to applicable law, you have the following rights in respect of your personal information. Additional rights and procedures specific to your jurisdiction are set out in Sections 17 to 20.

• Right of access: to obtain confirmation of whether we process your personal information and a copy of it.
• Right to rectification or correction: to have inaccurate or incomplete personal information corrected.
• Right to erasure or deletion: to request deletion of your personal information in certain circumstances.
• Right to restriction: to ask us to limit how we use your personal information in certain circumstances.
• Right to data portability: to receive personal information you have provided to us in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller, where technically feasible.
• Right to object: to object to processing based on our legitimate interests, including profiling, and to direct marketing at any time.
• Right to withdraw consent: where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
• Right not to be subject to a decision based solely on automated processing, including profiling, where such a decision produces legal or similarly significant effects.
• Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us using the details in Section 2. We may need to verify your identity before responding. We will respond to valid requests within the timeframes required by applicable law (one month under UK/EU GDPR, 45 days under most US state laws).

12Children

The Services are not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction, which may be higher). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without appropriate consent, please contact us so that we can take appropriate action to delete it.

Where an App is intended for use by children, we comply with applicable children's privacy laws, including the US Children's Online Privacy Protection Act ("COPPA"), the UK Age Appropriate Design Code, and equivalent regulations. In those cases, we will provide a separate, age-appropriate notice for that App and obtain verifiable parental consent where required.

13Cookies and similar technologies

Our Website uses cookies and similar technologies to operate the site, remember your preferences, measure performance, and (where you have consented) deliver marketing content. Our Apps may use similar identifiers, such as the iOS Identifier for Vendor or analytics SDK identifiers, to provide and improve the Services.

Where required by law, we will request your consent before using non-essential cookies or tracking technologies. You can manage your preferences at any time through the cookie banner on the Website or through the privacy settings within an App. For information on managing tracking on iOS, see Apple's guidance on App Tracking Transparency.

We honour recognised opt-out signals, including the Global Privacy Control ("GPC"), where applicable. See Section 17 for further details relating to California.

14Third-party links and services

The Services may contain links to, or integrations with, third-party websites, applications, plug-ins, and services. Following those links or enabling those integrations may allow third parties to collect or share information about you. We do not control these third parties and are not responsible for their privacy practices. We encourage you to read the privacy notice of every third-party service you use.

15Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where appropriate, notify you through the relevant App, by email, or by other reasonable means before the changes take effect. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the updated terms.

16How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us using the details in Section 2. We are committed to working with you to resolve any concerns in a timely and respectful manner.

17Notice to California residents (CCPA/CPRA)

This section provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"), and applies to California residents.

17.1 Categories of personal information collected and disclosed

In the preceding twelve (12) months, we may have collected the following categories of personal information about California residents. The same categories may be disclosed to our service providers for the business purposes described in Section 6 above.

17.2 Sources of personal information

We collect personal information from the sources described in Section 4 above, namely: directly from you; automatically through your use of the Apps and Website; and from third parties such as authentication providers, analytics providers, and business customers.

17.3 Business and commercial purposes

We use personal information for the purposes set out in Section 6 above, which constitute "business purposes" under the CCPA, including providing and operating the Services, improving the Services, communicating with you, security, fraud prevention, legal compliance, and (with your consent) marketing.

17.4 "Sale" and "sharing" of personal information

We do not sell personal information for monetary consideration. The CCPA defines "sale" and "sharing" broadly, and certain disclosures of identifiers and internet activity to analytics or advertising providers may be considered "sharing" for cross-context behavioural advertising purposes under the CCPA. Where any such activity occurs, we will treat it as "sharing" and honour your right to opt out.

To opt out, please use the "Do Not Sell or Share My Personal Information" link on our Website, or contact us using the details in Section 2. We also honour the Global Privacy Control ("GPC") signal as an opt-out preference signal where it is transmitted by your browser or device.

17.5 Sensitive personal information

We may collect a limited category of sensitive personal information, such as account login credentials and (with your consent) precise geolocation. We use sensitive personal information only for the purposes permitted under the CCPA and do not use it for purposes that would trigger the right to limit its use.

17.6 Your California rights

• Right to know: to request the categories and specific pieces of personal information we have collected about you, the sources, the business or commercial purpose for collection, and the categories of third parties to whom we disclose it.
• Right to delete: to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to correct: to request correction of inaccurate personal information.
• Right to opt out of sale or sharing, as described in Section 17.4.
• Right to limit use of sensitive personal information, where applicable.
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us using the details in Section 2. We will verify your identity before responding. You may also designate an authorised agent to make a request on your behalf, in which case we may require written proof of authorisation.

17.7 Retention

Retention periods are described in Section 9. We retain each category of personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, taking into account legal, accounting, and operational requirements.

17.8 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about the disclosure of personal information to third parties for direct marketing purposes. We do not currently disclose personal information to third parties for their own direct marketing purposes.

18Notice to other US state residents

This section provides additional disclosures applicable to residents of US states with comprehensive privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana, Iowa, Delaware, New Jersey, New Hampshire, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and any other US state with applicable law (collectively, "US State Privacy Laws").

18.1 Your rights

Subject to applicable US State Privacy Laws and certain exceptions, you may have the following rights:

• Right to confirm and access: to confirm whether we are processing your personal data and to access that data.
• Right to correct: to correct inaccuracies in your personal data.
• Right to delete: to request deletion of your personal data.
• Right to data portability: to obtain a copy of your personal data in a portable format.
• Right to opt out of (i) targeted advertising, (ii) the sale of personal data, and (iii) profiling in furtherance of decisions producing legal or similarly significant effects.
• Right to appeal: if we decline to act on your request, you have the right to appeal that decision.
• Right to non-discrimination: we will not discriminate against you for exercising your rights.

18.2 Sensitive data

Where US State Privacy Laws require consent for the processing of sensitive data (including precise geolocation, racial or ethnic origin, religious beliefs, mental or physical health, sexual orientation, citizenship or immigration status, genetic or biometric data, children's data, and similar categories), we will request your consent before processing such data.

18.3 How to exercise your rights

To exercise any of these rights, contact us using the details in Section 2. We will verify your identity before responding. We aim to respond within 45 days (or such other period as applicable law allows). If we decline to act on a request, we will inform you of the reasons and of your right to appeal. To submit an appeal, contact us using the same details, marking your message "Privacy Appeal".

18.4 Universal opt-out signals

Where required by applicable US State Privacy Laws, we will treat recognised universal opt-out signals (including the Global Privacy Control) as a valid request to opt out of targeted advertising and/or the sale of personal data.

19Notice to UK and EEA residents

If you are located in the United Kingdom or the European Economic Area, the following supplements the above. Your rights under the UK GDPR or EU GDPR are summarised in Section 11.

• Legal bases: as set out in Section 6 above.
• Right to lodge a complaint: with the UK Information Commissioner's Office (ICO) at www.ico.org.uk, or with the supervisory authority in the EEA Member State of your habitual residence, place of work, or place of alleged infringement.
• EU representative: where we are required to appoint an EU representative under Article 27 of the EU GDPR, the representative's details will be published on our Website.
• Automated decision making: we do not currently use automated decision making that produces legal or similarly significant effects without human involvement. If this changes, we will provide further information and obtain consent or another lawful basis as required.

20Other jurisdictions

If you are located outside the UK, EEA, or the United States, your local privacy laws may grant you additional or different rights. Examples include (without limitation):

• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial laws, including Quebec's Law 25.
• Brazil: Lei Geral de Proteção de Dados (LGPD).
• Australia: Privacy Act 1988 and the Australian Privacy Principles.
• Japan: Act on the Protection of Personal Information (APPI).
• South Korea: Personal Information Protection Act (PIPA).
• Singapore: Personal Data Protection Act (PDPA).
• South Africa: Protection of Personal Information Act (POPIA).
• India: Digital Personal Data Protection Act 2023 (DPDP Act).
• Switzerland: revised Federal Act on Data Protection (FADP).
• New Zealand: Privacy Act 2020.

We are committed to handling your personal information in accordance with applicable local laws. To exercise your local privacy rights, contact us using the details in Section 2 and identify the jurisdiction whose rights you wish to invoke. We will respond within the timeframes required by your local law and, where required, appoint local representatives or registered agents.