Privacy Policy

Effective: 5 May 2026. This is the first version of this policy.

This policy explains what personal data Lifeboat Trainer ("the app") collects, why we collect it, how long we keep it, and what rights you have under UK GDPR. We have written it in plain English — if anything is unclear, email daron_pritchard@yahoo.co.uk and we'll explain.

1. Who we are

Lifeboat Trainer is operated by Daron Pritchard, a sole operator based in Jersey. Daron is the data controller for the purposes of UK GDPR.

Contact: daron_pritchard@yahoo.co.uk.

The app is RNLI-themed because it is built for RNLI crew, but it is not published by, endorsed by, or affiliated with the Royal National Lifeboat Institution. The RNLI is not a controller or processor of your data through this app.

2. What we collect, when, and why

We try to collect as little as possible. Here is everything that goes in:

Account data (when you sign up)

• Email address — used to sign you in, verify your account, and send essential service messages (e.g. password resets).
• Display name — shown to you and, where relevant, to station administrators at your station.
• Station affiliation — the lifeboat station(s) you belong to, so the app shows you the right boats to train on.
• Password — stored only as a cryptographic hash by our authentication provider. We never see your plain-text password.

Lawful basis: performance of a contract — we need these details to provide you with an account and the training service.

Training data (when you use the app)

• Test sessions — which boat layout you tested on, when, in which mode, and your final score.
• Per-item attempts — for each item in a session, whether you placed it correctly and how many hints you used.

We use this so the app can show you your history, identify items you find tricky, and recommend revision.

Lawful basis: performance of a contract.

Security and audit logs

• Failed sign-in attempts, multi-factor authentication setup events, role changes, and significant administrator actions.
• These records reference user IDs only, not names or emails.

Lawful basis: our legitimate interest in keeping the service secure and detecting abuse, balanced against your privacy.

Photos uploaded by station administrators

If you are a station administrator and upload photos of your boat, those photos are stored to display layouts to your crew. The administrator must confirm they have rights to use the photo. Photos are re-encoded on upload to strip embedded metadata.

What we do not collect

• No advertising identifiers.
• No third-party analytics or tracking SDKs.
• No location, contacts, photos library access, or microphone.
• No sensitive (special category) personal data.
• No payment data — the app is free to its users in v1.

3. How long we keep it

• Account and training data: kept while your account is active.
• Account deletion: when you delete your account, there is a 30-day grace period. During those 30 days you can sign back in to restore the account. After 30 days your personal data (email, display name, station affiliation) is permanently purged.
• Aggregated training data: after permanent deletion, we may keep your test history rows with all identifiers removed, so we can understand how the app is used overall. These rows can no longer be linked to you.
• Security and audit logs: retained for a minimum of 12 months, then aged out.

4. Who we share it with

We do not sell your data. We do not share it for advertising. We do not give it to other apps or organisations.

We use one data processor:

• Supabase — provides the database, authentication, and file storage that runs the app. Supabase processes your data on our behalf under a data processing agreement. The Supabase project for this app is hosted in the EU/UK region.

We may also share data if we are required to by law (for example, a court order). If that happens, and we are allowed to tell you, we will.

5. Where it's stored

Your data is stored on Supabase's infrastructure in an EU/UK region (London or Frankfurt). It is encrypted at rest and travels between your phone and the server only over TLS-encrypted connections.

The app also keeps an encrypted copy of your station's layouts and your training history on your device, so it works offline. That on-device copy is encrypted using the operating system's secure storage.

6. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correctanything that's wrong (most of it you can edit yourself in the app).
• Delete your account and personal data — you can start this in the app, or email us.
• Export your data in a portable format.
• Object to processing based on our legitimate interests.
• Withdraw consentat any time, where we're relying on it.
• Complainto the UK Information Commissioner's Office (ICO) at ico.org.uk if you think we've mishandled your data. We'd rather you told us first so we can put it right.

To exercise any of these rights, email daron_pritchard@yahoo.co.uk. We aim to respond within 30 days.

7. Children

The app is intended for adult and youth lifeboat crew aged 16 and over. We do not knowingly collect data from anyone under 16. If you believe a child under 16 has registered, email us and we will delete the account.

8. How to contact us

Daron Pritchard, Jersey. Email: daron_pritchard@yahoo.co.uk.

9. Updates to this policy

If we change this policy, we'll update the effective date at the top and, for material changes, notify you in the app or by email before the changes take effect. Continuing to use the app after a change means you accept the updated policy.

Back to home