Privacy Policy

Effective: 1 April 2026 Last updated: 19 April 2026 Controller: Thynkr Systems Ltd

Your routine is your business. This policy describes what data NearPulse collects, why we need it, and the choices you have. We've written it in plain English; the legal basis (UK GDPR & Data Protection Act 2018) is still the one that applies.

1. Who we are

NearPulse is operated by Thynkr Systems Ltd, a company registered in England & Wales (Company No. 15306717), with its registered office at Office 1, 1st Floor, 73 Station Passage, London E18 1JL, United Kingdom.

For the purposes of the UK GDPR, Thynkr Systems Ltd is the data controller for personal data processed through the NearPulse mobile app and website.

2. What we collect

Account data	Name, email address or phone number, and password hash (if you register). You can use most of the app without an account.
Saved locations	Places you tell us about — home, work, school run — stored so we can give you the right briefing.
Location (live)	Latitude/longitude when you open the app or enable GPS, so we can fetch data for where you actually are.
Preferences	Notification settings, briefing time, voice preferences, interests (e.g. fuel, NHS, weather).
Emergency contacts	Name and phone number of the people you choose for SOS. Stored on your device; synced if you enable cloud backup.
Crash telemetry	If the app crashes, we record the error message, screen name, stack trace, device model, OS version and app version — so we can fix the bug.
Usage analytics	Aggregate, non-identifying analytics about which sections are used (e.g. "X% of users open the fuel tab"). Via Google Tag Manager on the website only.

We do not collect your contacts list, photos, microphone, camera, SMS messages, or browsing history. We do not fingerprint your device for advertising.

3. Why we use it

Service delivery — to show you weather, fuel, transport, NHS, grocery prices, etc. relevant to your location. (Legal basis: performance of a contract.)
Safety — to route SOS calls through the correct regional gateway and notify your emergency contact. (Legal basis: vital interests / performance of a contract.)
Product improvement — crash reports and aggregate usage tell us what to fix or improve. (Legal basis: legitimate interests.)
Communication — occasional service emails (security, major changes). Never marketing without opt-in. (Legal basis: legitimate interests / consent.)

4. Location data

Principle. NearPulse works in real-time. When you're not using the app, we're not following you.

Location is requested only when the app is open or when a scheduled briefing runs (e.g. your 06:00 alarm).
You can disable GPS entirely and use a manually set postcode — the app degrades gracefully.
Background location is off by default. You can opt in from Settings if you want wake-up-time pre-fetching.
We never share raw GPS traces with third parties. Requests to external APIs (TfL, weather services, etc.) include only the rounded lat/lng needed for that lookup.

5. Third-party data sources

Your briefing is powered by public and commercial data feeds, including (non-exhaustive):

Transport — Transport for London (TfL), National Rail, regional transit APIs.
Weather — Met Office, OpenWeather, Bureau of Meteorology (AU), and equivalent national services.
Fuel — CMA fuel price disclosure feeds and regional equivalents.
Roads — DVSA, National Highways, Waze Community data, local council roadworks registers.
NHS & pharmacy — NHS Digital open APIs.
Grocery — supermarket price APIs and public-website price comparisons.
AI briefing — large-language-model providers used solely to write a readable version of data you already have. No personal identifiers are included in model prompts.

Where these providers become data processors, we have data-processing agreements or rely on their public-data status.

6. How long we keep data

Account data	Until you delete your account, then 30 days for backup purging.
Location history	We do not retain a location history. Each request is served and discarded.
Crash reports	90 days, or until the related bug is fixed — whichever is later.
Website logs	Server access logs: 30 days. Analytics: 14 months (Google Analytics default).

8. Your rights

Under UK GDPR you have the right to:

Access a copy of the personal data we hold about you;
Rectify inaccurate data;
Erase ("right to be forgotten") your data;
Restrict or object to processing;
Port your data to another service;
Withdraw consent at any time where processing relies on it.

To exercise any of these, email [email protected]. We respond within 30 days.

You also have the right to complain to the Information Commissioner's Office (ico.org.uk) if you believe we've mishandled your data. We'd prefer you tell us first so we can fix it.

9. Children

NearPulse is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you're a parent or guardian and believe we hold data about your child, email us and we'll delete it.

10. Cookies & website analytics

The NearPulse marketing website (nearpulse.app) uses Google Tag Manager to load analytics scripts. Specifically:

_ga, _gid (Google Analytics) — aggregate pageview stats. No personal profile is built.
No advertising cookies. We don't run retargeting or third-party ad networks.

The mobile app does not use web cookies.

You can disable analytics by blocking JavaScript or using a browser that respects Global Privacy Control (GPC) — we honour the signal.

11. Security

All traffic is TLS 1.2+ encrypted.
Passwords are hashed with bcrypt.
Session tokens expire and are automatically invalidated on password change or SOS-contact change.
We separate crash telemetry (low-trust) from account data (high-trust) at the database level.
Server access is restricted to named engineers with 2FA.

No system is 100% secure. If you suspect your account has been compromised, email [email protected] immediately.

12. Changes to this policy

We update this policy when our practices change. Material changes (new data types, new sharing, shorter retention) trigger an in-app notification and a 30-day notice period. Minor edits (clarifications, typos) are reflected in the "Last updated" date above.

13. Contact & complaints

Privacy contact: [email protected]
Postal address: Thynkr Systems Ltd, Office 1, 1st Floor, 73 Station Passage, London E18 1JL, United Kingdom.
Supervisory authority: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF · ico.org.uk