Privacy Compliance

Introduction

Noise Mate, fully developed and maintained by Astri Devs Ltd ("we", "our", or "us"), is deeply committed to protecting your privacy and security. We operate under a "Privacy-First" and "Local-First" methodology. This comprehensive Privacy Policy explicitly details exactly what information we collect, why we collect it, our legal justifications for doing so, and your extensive rights under applicable global data protection laws, including the General Data Protection Regulation (GDPR / Global Data Protection (GDPR)) and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).

1. Comprehensive Declaration of Information We Collect and Why

To operate Noise Mate effectively and legally assist you in gathering noise dispute evidence, we must collect certain categories of data. We pledge to only collect what is strictly necessary.

1.1 Personal Identifiers & Account Data

• What we collect: First and last name, email address, and an internal account ID.
• Why we collect it: To securely create, authenticate, and manage your account; to allow you to synchronise your evidence across multiple devices; and to send you critical service updates or respond to your support requests.
• Legal Basis (GDPR): Contractual necessity and Legitimate Interest.

1.2 Sensitive Audio and Contextual Evidence

• What we collect: Audio recordings, microphone decibel readings, and optionally, photos you attach as evidence.
• Why we collect it: This is the core functional purpose of Noise Mate: allowing you to document, measure, and record noise disturbances for personal and professional dispute resolution. Audio is processed locally.
• Legal Basis (GDPR): Explicit Consent. You must grant operating system-level permission to access the microphone or camera.

1.3 Precise Geolocation Data

• What we collect: GPS coordinates (Latitude and Longitude) at the exact moment a noise log is generated.
• Why we collect it: To provide legally robust evidence for your logs. Authorities and landlords often require proof of where an incident occurred. We embed this location purely into your exported evidence reports.
• Legal Basis (GDPR): Explicit Consent.

1.4 Transaction and Subscription Data

• What we collect: Subscription status, purchase history, and entitlement tiers.
• How payments are handled: All payments are processed securely and directly by the Google Play Store (Android) or Apple App Store (iOS). We use a third-party subscription management platform solely to verify your entitlements. We never receive, see, or store your raw payment card details or billing address. These remain exclusively between you and the respective app store.
• Why we collect it: To unlock premium app features when you purchase a subscription.
• Legal Basis (GDPR): Contractual necessity.

1.5 Technical Telemetry and Usage Diagnostics

• What we collect: Device type, Operating System version, anonymised crash trace logs, and anonymous app usage patterns.
• Crash Reporting: When an unexpected error occurs and you have enabled error reporting in Settings, an anonymised crash report is automatically sent to our internal support inbox at support@astridevs.co.uk. These reports contain only device type, OS version, and a technical stack trace. They never include your name, email, audio recordings, or any personal data.
• Usage Analytics: If you have enabled analytics in Settings, anonymised feature usage events (e.g. which app screens you navigate to) are recorded and sent to our internal team. These events contain no personally identifiable information and are never linked to your audio recordings or identity.
• Legal Basis (GDPR): Legitimate Interest. Both crash reporting and usage analytics can be individually disabled at any time in Settings → Permissions & Privacy.

2. Mobile Platform Specifics

2.1 Android (Google Play) Disclosure

Noise Mate complies with Google Play's Prominent Disclosure requirements. Access to the microphone (RECORD_AUDIO) is used exclusively for noise measurement and recording. This data is processed on-device and is only uploaded to your private cloud storage if you explicitly enable Cloud Sync. We do not share audio data with third-party advertisers.

2.2 iOS (App Store) Privacy Manifest

In accordance with Apple's Privacy Manifest requirements, our data collection is categorised as follows:

• Data Not Linked to You: Diagnostics and usage data are anonymised and not linked to your identity. These are reported to our internal support team only.
• Data Linked to You: Contact information and User IDs (if you create an account) are used for app functionality and account management.
• Sensitive Data: Audio and Location data are classified as "User Content" and are never used for tracking purposes across other companies' apps or websites.

3. Data Storage, Security, and Storage Modes

Noise Mate gives you direct control over where your data lives.

3.1 Cloud Sync (Default)

By default, all noise logs, audio recordings, and metadata are saved to your device and automatically synchronised with our secure backend infrastructure. This allows you to access your logs across multiple devices, restore data when you change phones, and benefit from an encrypted off-device backup. Cloud storage uses industry-standard AES-256 encryption in transit and at rest. Our staff cannot freely browse, listen to, or extract your private audio recordings without explicit legal authority.

3.2 Local-Only Mode (Privacy Option)

If you prefer greater privacy and do not want your data stored on any external server, you may switch to Local-Only Mode in Settings → Permissions & Privacy → Data Storage. When enabled:

• All existing cloud-stored noise logs and audio recordings are permanently and irreversibly deleted from our servers.
• All new recordings are saved only to your device's local storage, organised in a dedicated NoiseMate/Logs/<your-account>/ folder.
• No new logs are transmitted to any external server.
• Logs will not appear if you switch phones or reinstall the app. They exist only on the original device.
• Each log is tied to your account ID so that if another user signs into the same device, they cannot see your logs. Your logs reappear when you sign back in.
• When you switch back to Cloud Sync, all local logs and audio files will be automatically re-uploaded to your account.

4. Evidence Share Links & Online Report Viewer

Noise Mate allows you to generate a secure shared evidence report accessible at noisemate.co.uk/reports. This section explains how it works, who it's for, and your legal responsibilities.

4.1 What Share Links Are

• When you share evidence, the recipient receives a Case ID and a unique auto-generated password to access the report at noisemate.co.uk/reports.
• Both credentials are required. Neither alone is sufficient. Only someone you have personally given both pieces of information to can access the report.
• The recipient (a landlord, solicitor, local authority, environmental health officer, or any third party) does not need a Noise Mate account to view it.
• The online viewer displays decibel readings, timestamps, audio playback (if enabled), photos, and incident location for the linked evidence only.

4.2 Who This Feature Is For

Share links are designed for:

• Legal and dispute proceedings: Providing evidence to solicitors, mediators, or courts.
• Authority reporting: Sending evidence to environmental health officers, property managers, or the police in support of a formal complaint.
• Landlord correspondence: Providing documented evidence without emailing large files.

This feature is available on the Ultimate subscription tier.

4.3 Data Visible to Recipients

Recipients can see: incident titles, timestamps, decibel levels, duration, audio playback, attached photos, location names, and the incident date range. The recipient can also see your name and email address as attribution for the evidence report. They cannot see your account ID, password, precise GPS coordinates, subscription tier, or any other account metadata.

4.4 Security & Control

• Two-Factor Access: Recipients must supply both a Case ID and a unique password. Possessing only one does not grant access.
• Password Uniqueness: Each password is auto-generated and unique per share event. It cannot be reused across different cases.
• Expiry: You may set an expiry period (e.g., 7 or 30 days). After expiry both credentials are permanently deactivated.
• Revocation: You can revoke access instantly from the Share Link Manager in the app. Revocation is immediate and permanent.
• Watermarking: Report packs carry a Noise Mate watermark by default to preserve evidential integrity.
• Tier Downgrade: If your subscription drops below Ultimate, active shared reports are automatically paused until you re-upgrade.

4.5 Your Legal Responsibility as the Initiator

When you create and distribute a share link, you act as the data controller for that sharing action under GDPR and equivalent laws:

• You are responsible for ensuring a lawful basis for sharing (e.g., legitimate interest in resolving a noise dispute).
• Ensuring you are legally entitled to share any audio recordings, including recordings that may capture the voices of third parties such as neighbours. In many jurisdictions (including the UK), recordings made on your own premises for personal dispute purposes are generally permissible, but you must verify and comply with applicable laws in your specific jurisdiction before sharing.
• Noise Mate acts as a data processor in this context, executing your explicit instruction. We do not monitor share link content or recipient identity.

4.6 Cloud Dependency

Note for Local-Only Mode users: The online report viewer at noisemate.co.uk/reports requires Cloud Sync to be enabled, as the evidence must be accessible from our servers when a recipient views the report. Shared report access is unavailable while in Local-Only Mode.

5. How We Share Information (We Do Not Sell Your Data)

We emphatically do not sell, rent, or trade your personal data or audio recordings to third-party advertisers or data brokers.

We only share data in the following highly restricted situations:

• Essential Service Providers: With infrastructure providers (Supabase for secure databases and cloud storage) who process data strictly on our behalf under strict Data Processing Agreements (DPAs).
• Internal Error Reporting: Anonymised crash reports may be sent to our internal team at support@astridevs.co.uk for debugging. No personal data is included.
• Legal Compliance: If required by law, subpoena, or a formal court order, we may disclose specific data to law enforcement.
• Your Explicit Action: When you explicitly choose to generate and share a PDF/CSV report of your evidence with your landlord, lawyer, or local authority.

5. Your Rights Under GDPR (UK/EU Residents)

If you are located in the European Economic Area (EEA) or the UK, you are protected by the GDPR. As the data controller of your own recordings, you are guaranteed:

• Right to Access: You can browse, view, and export all your data directly within the Noise Mate app.
• Right to Portability: You can generate professional evidence reports in PDF or CSV format to transfer to third parties.
• Right to Erasure (Right to be Forgotten): You can delete any individual log or recording at any time. You can also trigger a "Permanent Account Deletion" from the app settings, which irrevocably wipes all account data.
• Right to Restrict or Object: You can disable Cloud Sync, Location Services, or microphone permissions at the OS level at any time.

6. Privacy Notice for California Residents (CCPA / CPRA)

This section applies specifically to users residing in California, aiming to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

6.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following statutory categories of personal information:

• Category A (Identifiers): Name, email address, unique account IDs.
• Category B (Personal Information): Audio recordings.
• Category F (Internet/Network Activity): App usage patterns, crash logs.
• Category G (Geolocation Data): GPS coordinates (when explicitly authorised by the user).

6.2 Disclosure of "Sale" or "Sharing"

We do not sell and have not sold any personal information in the preceding 12 months. We do not "share" personal information for cross-context behavioural advertising.

6.3 Your California Privacy Rights

• Right to Know & Access: Request the specific pieces and categories of personal information we have collected.
• Right to Delete: Request the deletion of your personal information.
• Right to Correct: Request corrections to inaccurate personal data.
• Right to Limit Use of Sensitive Info: Strictly limit our use of your precise geolocation and audio data by revoking app permissions.
• Right to Non-Discrimination: We will not deny you goods or services, or provide a different quality of service for exercising your CCPA rights.

7. Global Privacy Regulations (Worldwide Applicability)

We recognise that noise disputes and monitoring cross borders. If you access or use Noise Mate from anywhere in the world, the following regional guidelines outline your privacy protections in addition to the strict "Local-First" foundational principles of our app.

7.1 Australia (Privacy Act 1988)

If you reside in Australia, your data is handled in accordance with the Australian Privacy Principles (APPs). We will not use your personal information for direct marketing without your explicit consent. If you wish to make a complaint about a breach of the APPs, please contact us via our Privacy email. We will respond within 30 days. Your local audio recordings and evidence remain securely stored on your device, preventing unauthorised offshore disclosures.

7.2 Canada (PIPEDA)

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We rely exclusively on meaningful consent as the basis for collecting your data. You may withdraw this consent at any time without penalty by managing your OS permissions or deleting your account. Subscriptions are processed in compliance with modern Canadian e-commerce laws, and any cloud backups you manually initiate are secured with end-to-end encryption in transit.

7.3 India (Digital Personal Data Protection Act 2023)

If you are a Data Principal located in India, we act as a Data Fiduciary in compliance with the DPDP Act. We ensure notice and request verifiable consent before processing personal data. You possess the right to grievance redressal and the right to nominate an individual to act on your behalf in the event of incapacity. We categorically do not process personal data of children in a manner that would cause them harm.

7.4 Other International Jurisdictions

If you are accessing Noise Mate from other regions (e.g., South America, Asia, Africa), we commit to general overarching principles of internationally recognised data privacy: data minimisation, explicit permission (especially regarding the microphone and GPS), and the absolute non-sale of personal data. When you optionally enable Cloud Sync, your data is securely transferred and processed on world-class encrypted infrastructure. We reserve the right to block access in regions where strict censorship prevents us from offering secure, encrypted tools.

8. Data Retention Policy

We keep your personal information only as long as necessary to fulfil the purposes outlined in this policy.

• Local Data: Remains on your phone until you delete the app or clear the app's cache.
• Cloud Data: If you use cloud sync, your data remains until you manually delete standard logs, switch to Local-Only Mode, or initiate an Account Deletion. If you are inactive for over 18 months, we will send you a 30-day advance warning email before we securely purge your account data. You can prevent purging by signing back into the app within that 30-day window.

9. Children's Privacy

Noise Mate is a professional documentation tool meant for resolving disputes, and is exclusively intended for individuals aged 18 and older. We do not knowingly collect personal information from minors.

10. Changes to This Privacy Policy

We may routinely update this Privacy Policy to ensure compliance with emerging international privacy laws. We will notify you of any material changes via a prominent in-app notification before the changes take effect.

11. Contact Us & Exercise Your Rights

If you have any questions, require a copy of your data, or wish to exercise your data rights under GDPR, CCPA, or other regional regulations, please contact our Data Protection representative directly:

📧 privacy@noisemate.co.uk