Privacy Policy
Last Updated: March 11, 2026 — Effective Date: March 11, 2026
1. Introduction
Here Now Group Ltd ("we," "us," "our," or the "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application ("App") and related services (collectively, the "Services").
This Privacy Policy applies to users in all jurisdictions, including the United Kingdom ("UK") and California, USA. We comply with the UK GDPR and the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
2. Data Controller Information
For users in the UK, the data controller responsible for your personal data is:
Here Now Group Ltd
Email: privacy@herenowlocal.app
For questions about this Privacy Policy or to exercise your rights, contact us at: privacy@herenowlocal.app
3. Information We Collect
3.1 Information You Provide Directly
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Username, email address, phone number | Account creation, authentication, communication |
| Profile Information | Profile photo, bio, neighbourhood, interests | Displaying your profile, matching with nearby users |
| Activity Content | Activity posts, titles, descriptions, locations, times | Facilitating connections with other users |
| Communications | Messages sent through the App, reports, feedback | Enabling user-to-user communication, safety, support |
3.2 Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Location Data | Precise geolocation (with your permission) | Showing nearby users and activities, distance calculations |
| Device Information | Device type, operating system, unique device identifiers | App functionality, security, analytics |
| Usage Data | Features used, interactions, timestamps | Improving our Services, analytics |
| Log Data | IP address, access times, app crashes | Security, troubleshooting, performance |
| Push Notification Token | Device push token (via Expo Push Notifications) | Delivering transactional notifications |
3.3 Camera and Photo Library
We request access to your device camera and photo library solely to allow you to take or select a profile photo. Photos are uploaded to our servers for display on your profile. We do not access your camera or photo library for any other purpose.
3.4 Information from Third Parties
We may receive information from authentication providers (Apple, Google) if you choose to sign in using these services, and from other users who may mention you in reports or feedback.
4. Legal Basis for Processing (UK Users)
Under UK GDPR, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance (Art. 6(1)(b)) | Account creation, providing core Services, processing your activities and connections |
| Consent (Art. 6(1)(a)) | Location data collection, marketing communications, optional profile information |
| Legitimate Interests (Art. 6(1)(f)) | Security, fraud prevention, service improvement, analytics |
| Legal Obligation (Art. 6(1)(c)) | Compliance with laws, responding to legal requests |
You may withdraw consent at any time by contacting us or adjusting your device settings.
5. How We Use Your Information
Provide and Maintain Services — Create and manage your account, display your profile to other users in your area, facilitate connections and communications between users, and show nearby activities and users based on your location.
Safety and Security — Detect and prevent fraud, abuse, and policy violations; investigate reports and enforce our Terms of Service; maintain a safe community environment.
Improve and Develop Services — Analyse usage patterns to improve features, develop new features and services, fix bugs and technical issues.
Communications — Send service-related notifications, respond to your enquiries and support requests, send transactional push notifications for in-app events, and send promotional communications (with your consent).
6. How We Share Your Information
6.1 With Other Users
Your profile information and activities you post are visible to other users of the App in your geographic area. Messages are shared only with the intended recipients.
6.2 With Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting, authentication, file storage | Account data, profile data, messages, activities |
| Expo | Push notification delivery | Device push token |
| Apple App Store / Google Play | App distribution, crash reporting | Device information, crash logs |
| Analytics providers | Usage analytics, performance monitoring | Anonymised or aggregated usage data only |
| Communication services | Email delivery, SMS verification | Email address, phone number |
All service providers are contractually bound to protect your data and use it only for specified purposes.
6.3 For Legal Reasons
We may disclose your information if required by law or if we believe in good faith that disclosure is necessary to comply with legal obligations, protect our rights, protect the safety of our users or the public, or detect and prevent fraud.
6.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
6.5 No Sale of Personal Information
We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion + 30 days |
| Profile Information | Until account deletion |
| Activity Posts | Until expiry (midnight daily reset) or deletion |
| Messages | 90 days after conversation ends, or until account deletion |
| Location Data | Not stored permanently; used in real-time only |
| Log Data | 12 months |
| Blocked / Reported User Records | 3 years (for safety purposes) |
After account deletion, we may retain anonymised or aggregated data that cannot identify you.
8. Your Rights
8.1 Rights for All Users
Regardless of your location, you may access your personal information, update your profile information through the App, delete your account and associated data, and opt out of marketing communications.
8.2 Additional Rights for UK Users (UK GDPR)
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of your personal data |
| Rectification (Art. 16) | Correct inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten") |
| Restriction (Art. 18) | Limit how we process your data |
| Data Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Withdraw Consent (Art. 7) | Withdraw previously given consent at any time |
| Lodge a Complaint | File a complaint with the Information Commissioner's Office (ICO) |
8.3 Additional Rights for California Users (CCPA/CPRA)
California residents have the right to know, delete, correct, opt-out of sale/sharing, non-discrimination, and limit use of sensitive information. We do not sell personal information and have not done so in the past 12 months.
8.4 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@herenowlocal.app or in-app via Settings > Account > Delete Account. We will respond within 30 days (UK GDPR) or 45 days (CCPA).
9. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including encryption (data encrypted in transit via TLS/SSL and at rest), access controls (role-based access and authentication requirements), infrastructure security (secure cloud hosting with industry-standard protections), and incident response procedures for detecting and responding to data breaches.
While we take the security of your data seriously, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@herenowlocal.app.
10. International Data Transfers
Your information is stored and processed in the United States, where our service providers (including Supabase) operate.
For transfers from the UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office and supplementary measures where necessary to ensure an equivalent level of protection.
You may request a copy of the safeguards we use by contacting us at privacy@herenowlocal.app.
11. Children's Privacy
Our Services are not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
If you believe a child under 18 has provided us with personal information, please contact us at privacy@herenowlocal.app.
12. Third-Party Links and Services
Our App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App, updating the "Last Updated" date, and sending you a notification for significant changes. For material changes, we will provide at least 30 days' notice before changes take effect.
14. Contact Us
| Department | Contact |
|---|---|
| General Privacy Enquiries | privacy@herenowlocal.app |
| Safety Concerns | support@herenowlocal.app |
| Legal | legal@herenowlocal.app |
For UK users: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
For California users: If you are not satisfied with our response, you may contact the California Attorney General's office.
15. Additional Information for Specific Jurisdictions
15.1 United Kingdom
Lead Supervisory Authority: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Data Protection Officer: Not currently required for our scale of operations. We will keep this under review as the Service grows.
15.2 California
"Do Not Track" Signals: Our App does not currently respond to "Do Not Track" signals. "Shine the Light" Law: California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information for such purposes.
16. SMS/Text Messaging
16.1 Consent
By providing your phone number and requesting a verification code, you consent to receive SMS text messages from Here Now Group Ltd. These messages contain one-time verification codes used solely for account authentication.
16.2 Message Frequency
You will receive one (1) SMS message per sign-in attempt. We do not send marketing messages via SMS.
16.3 Costs
Message and data rates may apply. Please contact your mobile carrier for details about your messaging plan.
16.4 Opt-Out
Reply STOP to any SMS message to opt out of receiving further text messages. After opting out, you will no longer be able to use phone-based authentication but may still sign in using email.
16.5 Data Handling
Phone numbers are stored securely and used only for authentication purposes. We do not share phone numbers with third parties for marketing. For more details, see Section 3 (Information We Collect) and Section 9 (Data Security).
16.6 Help
For assistance with SMS messages, reply HELP to any message or contact us at support@herenowlocal.app.
This Privacy Policy was last updated on March 11, 2026.