Privacy Policy: The Staffy Trail App

Privacy Policy

Last updated: 20/04/2026

Haywyre LLP (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This policy explains what personal data we collect when you use The Staffy App (the “App”), how we use it, who we share it with, and what rights you have over it.

Please read this policy carefully. By using the App, you agree to the processing of your personal data as described here.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Haywyre LLP, registered at

Chartwell House, 4 St Paul’s Square, Burton-On-Trent, Staffordshire, DE14 2EF.

1. Information we collect

We collect and process the following personal data about you:

Account information. When you create an account in the App, we collect the information you provide during registration. Depending on the sign-in method you use, this may include your email address, display name, profile photo URL, and a unique user identifier. We support email/password, Google Sign-In, Apple Sign-In. We use Firebase Authentication (provided by Google) to manage sign-in and credentials; we do not store your password ourselves.

Content and data you create in the App. Any information you enter, upload, or generate while using the App — for example, the first part of your postcode, your group size, your unlocked locations — is stored in our Cloud Firestore database so the App can function.

Technical and diagnostic information. We may automatically collect limited technical information about your device and how you use the App, including device type, operating system version, app version, a unique installation or device identifier, and crash or error reports. This helps us keep the App stable and secure.

Correspondence. If you contact us (for example, by email for support or to request account deletion), we keep a record of that correspondence.

2. How we use your information

We use your personal data for the following purposes:

  • To provide and operate the App — creating and managing your account, authenticating you, and storing the content you create so you can access it across sessions and devices. Legal basis: performance of a contract (our Terms of Use with you).
  • To keep the App secure and reliable — detecting and preventing fraud, abuse, or technical failures, and diagnosing crashes and errors. Legal basis: our legitimate interests in operating a secure and functional service.
  • To communicate with you — responding to support requests and sending essential service messages (for example, security alerts or changes to this policy). Legal basis: performance of a contract and our legitimate interests.
  • To comply with legal obligations — where we are required by law to retain or disclose information. Legal basis: legal obligation.

We do not use your personal data for advertising, and we do not sell your personal data to third parties.

3. Where your data is stored and who processes it

The App is built on Google’s Firebase platform. The following Google services act as sub-processors on our behalf:

  • Firebase Authentication — manages account sign-in and credentials.
  • Cloud Firestore — stores the content and data you create in the App.
  • Firebase Crashlytics — stores crash data
  • Cloud Functions — provides login functionality
  • Google Analytics — stores anonymous user interactions with the app

Google processes this data on our instructions under its data processing terms. Firebase services may store and process data on servers located in the United States and other countries outside the United Kingdom. Where personal data is transferred outside the UK, we rely on appropriate safeguards — such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses — as provided by Google’s Firebase Data Processing and Security Terms.

You can find more information about Firebase’s data handling in the Firebase Privacy and Security page (https://firebase.google.com/support/privacy) and Google’s Privacy Policy (https://policies.google.com/privacy).

4. How we protect your data

We use industry-standard security measures to protect your personal data, including encryption of data in transit (HTTPS/TLS) and at rest, Firestore security rules to restrict access, and authenticated access to our backend services. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Where you have chosen a password to access the App, you are responsible for keeping it confidential. Please do not share your password with anyone.

5. Data retention

We retain your personal data only for as long as is necessary for the purposes described in this policy:

  • Account and content data is retained while your account is active. If you delete your account, we and our sub-processors will delete or anonymise the associated data within a reasonable period, except where we are required to retain it for legal, accounting, or security reasons.
  • Diagnostic and crash data is retained for a limited period in line with Firebase’s default retention settings (typically up to 90 days for Crashlytics, or as otherwise configured).
  • Correspondence is retained for as long as necessary to handle your query and for a reasonable period afterwards for record-keeping.

6. Sharing your information

We do not share your personal data with third parties except:

  • Sub-processors who help us operate the App, as described in Section 3 (principally Google, for Firebase services).
  • Legal and regulatory disclosures, where we are required to disclose data to comply with a legal obligation, court order, or lawful request from a public authority, or to protect our rights, property, or safety, or that of our users or others.
  • Business transfers, if Haywyre LLP is involved in a merger, acquisition, or sale of assets, in which case personal data may be transferred as part of that transaction. You will be notified before your data is transferred and becomes subject to a different privacy policy.

7. Your rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (“right to be forgotten”), subject to certain exceptions.
  • Restrict or object to our processing of your data.
  • Data portability — receive a copy of your data in a structured, commonly used format.
  • Withdraw consent at any time, where our processing is based on consent.

To exercise any of these rights, contact us at support@haywyre.co.uk. We will respond within one month.

Account and data deletion. You can request deletion of your account and associated data at any time by using the ‘Delete Account’ option in the App’s account settings or by emailing us at support@haywyre.co.uk. Full instructions are also available at https://haywyre.co.uk/apps/the-staffy-trail-app/delete-account.

If you are unhappy with how we have handled your personal data, you have the right to complain to the UK Information Commissioner’s Office (ICO) at https://ico.org.uk.

8. Children

The App is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. When we do, we will post the updated policy in the App and/or on our website and update the “Last updated” date at the top. Where the changes are significant, we will notify you by email or through the App.

10. Contact us

If you have any questions, comments, or requests about this privacy policy or how we handle your personal data, please contact:

Haywyre LLP Chartwell House, 4 St Paul’s Square, Burton-On-Trent, Staffordshire, DE14 2EF. Email: support@haywyre.co.uk