Privacy Policy

Last Updated: March 11, 2026 — Effective Date: March 11, 2026

1. Introduction

Here Now Group Ltd ("we," "us," "our," or the "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application ("App") and related services (collectively, the "Services").

This Privacy Policy applies to users in all jurisdictions, including the United Kingdom ("UK") and California, USA. We comply with the UK GDPR and the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data Controller Information

For users in the UK, the data controller responsible for your personal data is:

Here Now Group Ltd
Email: privacy@herenowlocal.app

For questions about this Privacy Policy or to exercise your rights, contact us at: privacy@herenowlocal.app

3. Information We Collect

3.1 Information You Provide Directly

Data Category Examples Purpose
Account Information Username, email address, phone number Account creation, authentication, communication
Profile Information Profile photo, bio, neighbourhood, interests Displaying your profile, matching with nearby users
Activity Content Activity posts, titles, descriptions, locations, times Facilitating connections with other users
Communications Messages sent through the App, reports, feedback Enabling user-to-user communication, safety, support

3.2 Information Collected Automatically

Data Category Examples Purpose
Location Data Precise geolocation (with your permission) Showing nearby users and activities, distance calculations
Device Information Device type, operating system, unique device identifiers App functionality, security, analytics
Usage Data Features used, interactions, timestamps Improving our Services, analytics
Log Data IP address, access times, app crashes Security, troubleshooting, performance
Push Notification Token Device push token (via Expo Push Notifications) Delivering transactional notifications

3.3 Camera and Photo Library

We request access to your device camera and photo library solely to allow you to take or select a profile photo. Photos are uploaded to our servers for display on your profile. We do not access your camera or photo library for any other purpose.

3.4 Information from Third Parties

We may receive information from authentication providers (Apple, Google) if you choose to sign in using these services, and from other users who may mention you in reports or feedback.

4. Legal Basis for Processing (UK Users)

Under UK GDPR, we process your personal data based on the following legal grounds:

Legal Basis Processing Activities
Contract Performance (Art. 6(1)(b)) Account creation, providing core Services, processing your activities and connections
Consent (Art. 6(1)(a)) Location data collection, marketing communications, optional profile information
Legitimate Interests (Art. 6(1)(f)) Security, fraud prevention, service improvement, analytics
Legal Obligation (Art. 6(1)(c)) Compliance with laws, responding to legal requests

You may withdraw consent at any time by contacting us or adjusting your device settings.

5. How We Use Your Information

Provide and Maintain Services — Create and manage your account, display your profile to other users in your area, facilitate connections and communications between users, and show nearby activities and users based on your location.

Safety and Security — Detect and prevent fraud, abuse, and policy violations; investigate reports and enforce our Terms of Service; maintain a safe community environment.

Improve and Develop Services — Analyse usage patterns to improve features, develop new features and services, fix bugs and technical issues.

Communications — Send service-related notifications, respond to your enquiries and support requests, send transactional push notifications for in-app events, and send promotional communications (with your consent).

6. How We Share Your Information

6.1 With Other Users

Your profile information and activities you post are visible to other users of the App in your geographic area. Messages are shared only with the intended recipients.

6.2 With Service Providers

Provider Purpose Data Shared
Supabase Database hosting, authentication, file storage Account data, profile data, messages, activities
Expo Push notification delivery Device push token
Apple App Store / Google Play App distribution, crash reporting Device information, crash logs
Analytics providers Usage analytics, performance monitoring Anonymised or aggregated usage data only
Communication services Email delivery, SMS verification Email address, phone number

All service providers are contractually bound to protect your data and use it only for specified purposes.

6.3 For Legal Reasons

We may disclose your information if required by law or if we believe in good faith that disclosure is necessary to comply with legal obligations, protect our rights, protect the safety of our users or the public, or detect and prevent fraud.

6.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

6.5 No Sale of Personal Information

We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.

7. Data Retention

Data Type Retention Period
Account Information Until account deletion + 30 days
Profile Information Until account deletion
Activity Posts Until expiry (midnight daily reset) or deletion
Messages 90 days after conversation ends, or until account deletion
Location Data Not stored permanently; used in real-time only
Log Data 12 months
Blocked / Reported User Records 3 years (for safety purposes)

After account deletion, we may retain anonymised or aggregated data that cannot identify you.

8. Your Rights

8.1 Rights for All Users

Regardless of your location, you may access your personal information, update your profile information through the App, delete your account and associated data, and opt out of marketing communications.

8.2 Additional Rights for UK Users (UK GDPR)

Right Description
Access (Art. 15) Request a copy of your personal data
Rectification (Art. 16) Correct inaccurate or incomplete data
Erasure (Art. 17) Request deletion of your data ("right to be forgotten")
Restriction (Art. 18) Limit how we process your data
Data Portability (Art. 20) Receive your data in a structured, machine-readable format
Objection (Art. 21) Object to processing based on legitimate interests
Withdraw Consent (Art. 7) Withdraw previously given consent at any time
Lodge a Complaint File a complaint with the Information Commissioner's Office (ICO)

8.3 Additional Rights for California Users (CCPA/CPRA)

California residents have the right to know, delete, correct, opt-out of sale/sharing, non-discrimination, and limit use of sensitive information. We do not sell personal information and have not done so in the past 12 months.

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@herenowlocal.app or in-app via Settings > Account > Delete Account. We will respond within 30 days (UK GDPR) or 45 days (CCPA).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including encryption (data encrypted in transit via TLS/SSL and at rest), access controls (role-based access and authentication requirements), infrastructure security (secure cloud hosting with industry-standard protections), and incident response procedures for detecting and responding to data breaches.

While we take the security of your data seriously, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@herenowlocal.app.

10. International Data Transfers

Your information is stored and processed in the United States, where our service providers (including Supabase) operate.

For transfers from the UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office and supplementary measures where necessary to ensure an equivalent level of protection.

You may request a copy of the safeguards we use by contacting us at privacy@herenowlocal.app.

11. Children's Privacy

Our Services are not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe a child under 18 has provided us with personal information, please contact us at privacy@herenowlocal.app.

12. Third-Party Links and Services

Our App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App, updating the "Last Updated" date, and sending you a notification for significant changes. For material changes, we will provide at least 30 days' notice before changes take effect.

14. Contact Us

Department Contact
General Privacy Enquiries privacy@herenowlocal.app
Safety Concerns support@herenowlocal.app
Legal legal@herenowlocal.app

For UK users: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

For California users: If you are not satisfied with our response, you may contact the California Attorney General's office.

15. Additional Information for Specific Jurisdictions

15.1 United Kingdom

Lead Supervisory Authority: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Data Protection Officer: Not currently required for our scale of operations. We will keep this under review as the Service grows.

15.2 California

"Do Not Track" Signals: Our App does not currently respond to "Do Not Track" signals. "Shine the Light" Law: California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information for such purposes.

16. SMS/Text Messaging

16.1 Consent

By providing your phone number and requesting a verification code, you consent to receive SMS text messages from Here Now Group Ltd. These messages contain one-time verification codes used solely for account authentication.

16.2 Message Frequency

You will receive one (1) SMS message per sign-in attempt. We do not send marketing messages via SMS.

16.3 Costs

Message and data rates may apply. Please contact your mobile carrier for details about your messaging plan.

16.4 Opt-Out

Reply STOP to any SMS message to opt out of receiving further text messages. After opting out, you will no longer be able to use phone-based authentication but may still sign in using email.

16.5 Data Handling

Phone numbers are stored securely and used only for authentication purposes. We do not share phone numbers with third parties for marketing. For more details, see Section 3 (Information We Collect) and Section 9 (Data Security).

16.6 Help

For assistance with SMS messages, reply HELP to any message or contact us at support@herenowlocal.app.

This Privacy Policy was last updated on March 11, 2026.