Privacy policy
Effective date: 18 October 2025
This Privacy Policy explains how Everconnected Ltd (“Everconnected”, “we”, “us”, “our”) collects, uses, shares, and protects your information when you use our mobile apps, websites, and related services (the “Services”). We are the data controller under the UK GDPR and the Data Protection Act 2018.
Who we are (controller details)
Everconnected Ltd (company no. 14828305)
Registered/Contact address: 86–90 Paul Street, London, England, EC2A 4NE
Email for privacy requests: [itd@everconnected.com]
(No DPO appointed at this time. If we appoint a DPO or EU Representative, we’ll update this notice.)
1) What we collect
We collect only what’s needed to run Everconnected, keep users safe, and improve the experience.
Account & profile (you provide): name/username, date of birth (for age-gate), avatar, interests you add, city/region, language, and contact details (email/phone, optional).
User content: None. The Service has live audio calls only and no user chat beyond predefined system messages.
Audio/Video: We access camera/microphone only with your permission. We record and transcribe calls for security, trust & safety, and transcription features. Consent is obtained at signup via acceptance of this Policy and the Terms.
Location (optional): City-level/approximate location to improve matching or show relevant experiences. We do not use precise GPS. (In App Store terms this is Coarse/Approximate Location, not Precise.) Apple Developer
Usage, device & diagnostics: app interactions, device/OS, push notification token, crash/performance data and identifiers (e.g., app/device IDs) for stability and analytics.
Payments: Apple’s in-app purchase system (and any payment processor you choose) handles card data. We don’t store full card numbers.
Contacts (optional): If you choose to invite friends, we’ll request permission to read selected contacts strictly to send invitations.
Special-category data: If you deliberately choose to share such info, we’ll only process it to provide the requested feature and only with your explicit consent.
2) Why we use data & legal bases
- Provide, operate & secure the Services (account creation, matching, messaging, support, fraud prevention).
Legal basis: Contract, Legitimate Interests.
- Comms about the Service (service notices, security alerts, changes).
Legal basis: Contract, Legitimate Interests.
- Analytics & app improvement (aggregated metrics, crash diagnostics).
Legal basis: Legitimate Interests.
- Marketing (email/push newsletters, features, events) only if you consent. You can opt out anytime.
Legal basis: Consent.
- Legal/compliance (e.g., tax, responding to lawful requests).
Legal basis: Legal Obligation.
3) Minimum age
Everconnected is for age 18+. We ask for age at sign-up and do not allow registration if you’re under 18.
4) Sharing your information
We don’t sell your personal data. We share it only with:
Service providers under contract (cloud hosting, databases, analytics/crash reporting, safety/moderation, real-time communications, customer support, payments). They must follow our instructions and protect your data.
Other users (only what you choose to share—e.g., avatar, hobbies, faith).
Legal/safety (to comply with law, enforce terms, or protect users).
Corporate events (e.g., merger/acquisition) under this Policy.
We do not use your data for cross-app tracking or targeted ads. If we ever introduce ad tech, we’ll request App Tracking Transparency (ATT) consent and update this Policy and our App Store disclosures first.
5) International data transfers
EU → UK: The EU has adequacy decisions for the UK allowing flows from the EEA to the UK. ICO
UK → US: Where we transfer UK personal data to US partners, we use the UK-US Data Bridge (UK extension to the EU-US Data Privacy Framework) for recipients certified to that programme; otherwise we use the UK IDTA/UK Addendum to SCCs. GOV.UK+1EEA → US: For EEA data, we use the EU-US Data Privacy Framework (DPF) for certified recipients, or SCCs otherwise. EUR-Lex+1We keep records of transfer mechanisms and, where required, do transfer risk assessments.
6) Retention — how long we keep data
We keep data only as long as necessary for the purposes above and then delete or anonymise it, consistent with the storage-limitation principle.
Session metadata: 180 days
Call recordings: 30 days max
Transcripts: 180 days max
Safety reports & linked evidence: up to 6 years from final decision
Payments/tax: 7 years
Support/DSAR: 3 years
Analytics (pseudonymous): 24 months, then anonymise
Backups: 35-day max restore window
You can request deletion at any time; where we must keep some records (e.g., tax/legal), we’ll isolate and minimise them.
7) Your rights
Subject to exceptions, you can access, rectify, erase, restrict, object, port your data, and withdraw consent where used. UK/EU residents can also complain to a data protection authority (in the UK, the ICO).
If you’re in the EEA, you can contact your local supervisory authority (see the EDPB members list).
US residents: If your state has a consumer privacy law, you may have rights to access, delete, correct, or opt-out of “sale”/“sharing” or targeted advertising. We do not sell or share personal information for cross-context behavioural advertising. Contact us to exercise rights and we’ll apply the appropriate process.
We respond within 1 month, extendable by up to 2 months if complex; ID verification may be required.
8) Security
We use appropriate technical and organisational measures (TLS encryption in transit, access controls, least-privilege, monitoring). No method is 100% secure, but we continuously improve.
9) Your choices & device permissions
Notifications, camera, mic, contacts, location: you can grant/withdraw permissions in your device settings at any time. iOS lets you share approximate (not precise) location.
Marketing: you’ll only receive marketing if you opted in; you can opt out any time in-app or via unsubscribe.
10) Third-party links
Links to third-party sites/services have their own privacy practices.
11) Changes to this Policy
We’ll update this Policy as needed and post the new effective date. For material changes, we’ll provide a prominent in-app notice or email.
12) Contact
Everconnected Ltd
86–90 Paul Street, London, England, EC2A 4NE
Email: itd@everconnected.com
If you’re in the EEA and Article 27 EU GDPR requires an EU Representative for us (because we offer services to EEA residents), we’ll publish their contact details here once appointed.