Any Company — Privacy Policy

Quick summary

This app is intended for users 18 years and older. We do not use usernames/passwords. Instead we use a Firebase-generated unique identifier (the Firebase ID) to create and manage an account tied to the device and app installation. Location or location history may be revealed to other users if you enable location features.

1. Data controller & contact

Controller: Any Company

Postal address: Rusper Court 2, SW99EG, London

If you have questions, concerns, or want to exercise your data rights, contact the privacy email above.

2. Scope — what this policy covers

This policy describes how we collect, use, share and retain personal data when you: install or use the app; create or edit an alias/profile; create/join events or groups; upload photos; send messages in public chat; scan or generate QR codes; or report other users. It also explains your rights under UK data protection law (UK GDPR & Data Protection Act 2018).

3. Age requirement & children

Minimum recommended age: 18+

We do not knowingly collect data from children under 18. If we become aware that we have collected personal data from someone under 18 we will delete it unless we have a lawful basis to retain it. If you reasonably expect children may use the app, you must implement protections consistent with the ICO's Age-Appropriate Design Code.

4. Account creation & identifiers

When you first open the app, Google Firebase automatically generates a unique identifier for that device and installation (the Firebase ID). We use that Firebase ID to create and manage your account. There is no username/password or logout — anyone with access to the device can access the account.

If you uninstall/reinstall, switch devices, or reset app data, your Firebase ID may change and a new account may be created. We will warn users in-app about this behaviour.

5. What personal data we collect

We map key categories below (useful for Apple & Google store declarations).

Category	Examples
Identity & profile	Alias, selected gender option, optional profile picture, linked social avatar/name
Contact & social identity	Data from social identity providers you choose to link (e.g., LinkedIn: name, avatar)
Device & identifiers	Firebase ID, device model, OS version, IP address, crash logs, analytics identifiers
Location	Device location or location history (only if you grant permission; may be visible to other users)
Content you provide	Public chat messages, event/group photos, alias photos, QR-scan data you provide
Reports & moderation data	Reports you submit about other users (including evidence)
Logs & analytics	Usage logs, analytics events, cookies/local storage/indexedDB

6. How we use your data (purposes & lawful bases)

Operate the app: creating/managing accounts, delivering core features. (Lawful basis: performance of contract / legitimate interests.)
Consent-based features: social account linkage, public profile picture, non-essential analytics. (Lawful basis: consent.)
Safety & moderation: preventing abuse, investigating reports. (Lawful basis: legitimate interests.)
Legal compliance: complying with legal obligations, responding to lawful requests. (Lawful basis: legal obligation.)
Analytics & improvement: aggregated/pseudonymised analytics to improve product. (Lawful basis: consent or legitimate interests depending on data type.)

We share personal data only with parties necessary to operate and secure the service:

Google / Firebase (processors): backend, hosting, analytics, crash reporting. Firebase may process data outside the UK.
Social identity providers: only the data you consent to share (name, avatar).
Service providers: analytics, hosting/CDN, moderation partners, email providers (under contract).
Other users: profile picture, alias, selected gender, location or location history you choose to reveal, event photos and group membership.
Law enforcement & safety partners: when required by law or to prevent harm (e.g., child protection concerns).
Business transfers: data may be included in mergers or acquisitions; users will be notified where required.

This app can collects data to improve user experience including: Other Usage Data, Device ID, Email Address, Other User Content, Precise Location, Coarse Location, Other Diagnostic Data, Photos or Videos, Other Data Types, Crash Data, Name, Performance Data, User ID, Customer Support, and Product Interaction.

8. Location permissions & platform rules

We request location permissions only for features that require them (showing others your location for events/journeys, matching, etc.). Background location is requested only when strictly necessary and will include prominent in-app disclosure as required by Apple and Google policies. You may revoke permissions at any time via device settings.

9. Public chat, moderation & retention

Public chat: do not post personal or sensitive information in public chat — it is visible to other users. We process public chat for moderation, abuse detection and product improvement.

Retention: maximum retention for messages is 3 years. You can delete conversations from your profile privacy form if no active investigation is underway. Deletion may not remove copies held in backups or by other users.

10. Account deletion & data subject requests

Because accounts are tied to a Firebase ID (no username/password), deletion and portability need special handling:

In-app deletion (preferred)

Account → Delete my account. This requests deletion of data tied to the current Firebase ID (profile, public messages, event photos, metadata), subject to legal exceptions. User reports are not deleted when your account is removed. They automatically expire after a maximum of three years and may be linked to any future accounts you create. This policy helps maintain community safety and fairness by preventing users from bypassing restrictions through account deletion. When you delete your account, any active reports associated with you are retained and anonymized using a hash of your email address (if provided).

Lost device / cannot access app

Email office@vmie.org with: (a) the Firebase ID if you have it, (b) device information, (c) an identity verification copy (government ID with redactions permitted) and (d) a deletion request. We will verify identity to prevent fraudulent requests and acknowledge within 5 working days.

11. Cookies & client storage

We use cookies, localStorage and IndexedDB for preferences, session state and temporary data. A session cookie is used to manage the app's session behaviour. Clearing app data may create a new Firebase ID and a new app account.

12. Security

We implement reasonable technical and organisational measures: TLS for data in transit, access controls, role-based internal access, and encryption where supported by providers. We rely on Google Cloud / Firebase safeguards for hosted data. In the event of a breach we will follow legal requirements including notifying affected users and the ICO where required.

13. International transfers

Your data may be processed or stored by processors outside the UK (including the U.S.). We rely on appropriate safeguards such as the UK-approved transfer mechanisms and contractual safeguards (e.g., International Data Transfer Agreement, IDTA, or other contractual clauses) and will provide details on request.

14. Law enforcement & safety disclosures

We will disclose personal data in response to lawful requests (court orders, warrants) and to prevent imminent harm. We will challenge overly broad requests where feasible and notify users when permitted by law. We will cooperate with child protection authorities as required.

15. Your rights (UK)

If you are a UK resident you have the right to:

Access: ask what personal data we hold about you.
Rectification: correct inaccurate data.
Erasure: request deletion of data where lawful.
Restriction: limit processing in certain circumstances.
Portability: obtain a copy of your personal data in a structured, machine-readable format.
Object: object to processing based on legitimate interests or to direct marketing.
Withdraw consent: withdraw consent at any time (where processing is consent-based).

To exercise your rights email: office@vmie.org (subject: Data Subject Request) and provide proof of identity where required. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

16. Moderation, reporting & child safety

Reports made via the in-app reporting flow are reviewed by our trust & safety team. For serious allegations (violence, stalking, threats, child safety concerns) we may escalate to law enforcement. Selecting "I have child safety concerns" will show a pop-up encouraging you to notify authorities and will offer links to third-party child safety organisations such as ChildHelpLine.

17. Data retention & backups

We retain personal data only as long as needed for the purposes set out here and for legal obligations. Public messages and user content may be retained up to 3 years unless deleted earlier or subject to legal hold. Logs and backups may be retained for limited operational or legal reasons. We will anonymise/aggregate data for analytics where possible.

18. App Store & Play Store disclosures

When you publish to Apple App Store and Google Play you must provide accurate App Privacy and Data Safety declarations that match this policy. Google Play also requires an account deletion mechanism answer. Be sure your Play Console and App Store Connect entries match the processing described here.

19. Changes to this policy

We may update this policy from time to time. We will publish the updated policy with a new effective date and, when appropriate, notify users in-app. Continued use after changes indicates acceptance.

20. Developer checklist before publishing

Replace placeholder controller contact details (postal address & email).
Map each processing activity to a lawful basis and keep records.
Publish a short app-store privacy summary that matches this policy.
Put DPAs in place with Firebase/Google and other processors; document transfer mechanisms.
Implement & test an in-app privacy form for deletion and a process for lost devices.

21. Contact & complaints

Privacy & DPA enquiries / data subject requests: office@vmie.org

If you remain dissatisfied after contacting us, you can complain to the UK ICO: ico.org.uk

Helpful references (for developers/legal)

Apple — App Privacy & developer guidance (App Store Connect).
Google Play — Data safety & background location guidance (Play Console).
ICO — How to write a privacy notice; Age-Appropriate Design Code.
Firebase / Google Cloud — Data processing terms & hosting info.

Links and specific guidance should be consulted when finalising the policy text and your technical implementation.