Privacy Policy - ParaFlags

Privacy Policy

Last updated: September 28, 2025

Who we are

Controller: John Garvey trading as Latch Lab (“we”, “us”).

Contact: john@jdwilsh.com

Scope

This policy covers the ParaFlags iOS/iPadOS application and the supporting website pages that host this policy. The app is intended for UK ambulance clinicians.

No patient data is entered into or stored by ParaFlags.

What we do not collect

  • No accounts or profile data (name, email, phone).
  • No contacts, photos, precise GPS location, microphone, or health data.
  • No content you view outside the app, and no cross-app tracking by us.

Data we process

1) Anonymous usage analytics

What: screen/topic IDs viewed, search terms, feature taps, app version, basic device/OS model, approximate region (country/region derived from IP), and timestamps.

Why: to understand which content is useful, fix issues, and prioritise updates.

How: events are logged without names or emails and are not linked to patient information.

Legal basis: Legitimate interests (UK GDPR Art. 6(1)(f)): running and improving a clinical reference app in a privacy-preserving way.

2) Crash & performance diagnostics

What: crash reports (stack traces), performance metrics, app version, device/OS model.

Why: stability, debugging, and security.

Legal basis: Legitimate interests.

3) Advertising (Google AdMob banners)

ParaFlags shows small, static banner ads via Google AdMob. We request non-personalised (contextual) ads by default.

What AdMob may collect: IP address (for approximate location and fraud prevention), device/OS information, app information, general ad interaction data, and-only if allowed on your device-the Apple advertising identifier (IDFA).

Your choices: You can limit ad personalisation/reset the advertising identifier in iOS Settings → Privacy & Security. If we add an in-app privacy choice in future, it will appear under About → Settings.

Legal basis: Legitimate interests for non-personalised ads and essential ad measurement; Consent where personalised ads/IDFA access are enabled by the user.

We do not combine analytics with ad data to build user profiles. We do not show interstitial/pop-up ads.

Third-party processors

  • Google AdMob (Google Ireland Limited/Google LLC) - ad serving, fraud prevention, measurement. See Google’s privacy policy for details.
  • Google FireBase (Google Ireland Limited/Google LLC) - analytics and crash reporting. See Google’s privacy policy for details.
  • Apple - distribution and optional crash reporting if you opted in on your device.

Where providers transfer data outside the UK/EEA, they use appropriate safeguards (e.g., the UK Addendum to the EU Standard Contractual Clauses).

Retention

  • Usage analytics: up to 24 months (aggregate stats may be kept longer without device-level identifiers).
  • Crash logs: up to 12 months.
  • Support emails: kept only as long as needed to resolve your query, then archived up to 24 months.

Security

We use TLS for data in transit, restrict access on a need-to-know basis, and design analytics to avoid direct identifiers. No patient data is stored.

Your rights

Under UK GDPR you can object to processing based on legitimate interests, and you can withdraw consent for personalised ads at any time (via iOS settings). You may also have rights to access, rectify, erase, restrict processing, and data portability where applicable.

To exercise rights, email [privacy@yourdomain]. You can complain to the ICO if you are unhappy with our response.

Children

ParaFlags is intended for professional clinicians and is not directed at children.

International use

The app is intended for the UK and is locked to UK users only through the AppStore.

Changes to this policy

We will update this policy if we change features (e.g., add accounts or email/SMS) or providers. We will adjust the “Last updated” date above and, for material changes, note them in the app’s About → Updates.

Contact

Data Controller: John Garvey (trading as Latch Lab)

Email: john@jdwilsh.com

App Store disclosure summary (“Nutrition Labels” guidance)

  • Data not linked to you: product interaction/usage analytics; diagnostics (crash/performance); possibly device identifiers if AdMob uses IDFA.
  • Tracking: select No if you serve non-personalised ads and do not access IDFA; select Yes and implement ATT if you enable personalised ads/IDFA.