Plain English summary
We collect the minimum data needed to run the app. We don't sell it. We don't advertise with it. Votes are visible to everyone in your group — that's how the game works. You can request access to, correction of, or deletion of your data at any time. The full policy is below and is worth reading.
🚫
Never sold
Your data is not sold to or shared with advertisers, ever.
🗳
Transparent jury
How you vote is visible to everyone in your group. That's part of the game.
🗑
Right to delete
Request erasure at any time. Processed within 30 days.
📦
Right to export
Request a copy of your data in a portable format.
🔒
Encrypted at rest
All personal data is encrypted in storage and in transit.
🇬🇧
UK GDPR
We operate under the Data Protection Act 2018 and UK GDPR.
FineTime Ltd ("FineTime", "we", "us", "our") is the data controller responsible for your personal data. We are a company registered in England and Wales.
This Privacy Policy explains what personal data we collect when you use the FineTime mobile application and associated website, why we collect it, how we use it, and what your rights are in relation to it.
For any privacy-related enquiry, including data subject requests, please contact us via the contact page selecting Account matter.
We collect the following categories of personal data. We collect only what is necessary to operate the Service.
Account data
| Data point |
Purpose |
Basis |
| Email address |
Authentication via one-time passcode; account recovery; service communications |
Contract |
| Display name |
Shown to group members in charges, verdicts, and transcripts |
Contract |
| Account creation date |
Record keeping; abuse prevention |
Legitimate interest |
Usage data
| Data point |
Purpose |
Basis |
| Charges filed |
Core product functionality; group feed; dossier |
Contract |
| Vote cast |
Determining verdict; calculating sentence. Votes are attributed to your identity and visible to all members of the group. |
Contract |
| Comments & reactions |
Transcript display; group engagement |
Contract |
| Group membership |
Access control; charge routing; notifications |
Contract |
| Proof of service uploads |
Evidence of fine payment; transcript record |
Contract |
Technical data
| Data point |
Purpose |
Basis |
| Device push token |
Delivering push notifications for charges, verdicts, and activity |
Consent |
| App version & platform |
Bug diagnosis; compatibility management |
Legitimate interest |
| Crash reports & error logs |
Stability monitoring; debugging. Logs do not contain vote data. |
Legitimate interest |
| API request logs |
Security monitoring; abuse detection. Retained for 30 days. |
Legitimate interest |
What we do not collect
We do not collect your phone number, location, contacts, payment information, or any biometric data. We do not build advertising profiles. We do not track you across other apps or websites.
We use your personal data exclusively for the following purposes:
⚖
Providing and operating the Service
Processing charges, routing votes, calculating verdicts and sentences, displaying the group feed and dossier, and delivering notifications.
🔐
Authentication
Verifying your identity via one-time passcode sent to your email address. We do not store passwords.
📬
Service communications
Sending transactional emails such as OTP codes and account-related notices. We do not send marketing emails without your consent.
🛡
Safety and abuse prevention
Detecting and preventing misuse, harassment, and violations of our Terms of Service. Reviewing content reports submitted by users.
📊
Product improvement
Analysing aggregate, anonymised usage patterns to understand how the Service is used and where it can be improved. This analysis is never performed at an individual level.
We use a small number of carefully selected third-party services to operate the platform. Each processor is bound by a data processing agreement and handles data only as instructed by us. We do not sell data to any third party.
Delivers one-time passcodes and transactional email. Receives your email address for the purpose of delivery only.
Privacy policy →
Delivers push notifications to your device via your device push token. Only used where you have granted notification permission.
Privacy policy →
Captures application crashes and errors to help us identify and fix bugs. Configured to exclude all user content and vote data from reports.
Privacy policy →
All application data is stored on AWS infrastructure within the EU (Ireland) region. Bound by AWS's data processing addendum.
Privacy policy →
Sits in front of the Service to provide DDoS protection and content delivery. Processes request metadata for security purposes.
Privacy policy →
The App Store and Google Play handle app distribution and may collect device and download data per their own privacy policies, independently of FineTime.
Apple →
Google →
⚠
No advertising networks. We do not integrate any advertising SDK, analytics platform that profiles individuals for advertising, or data broker service. This is not planned to change.
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
Account data
Until deletion
Retained for the lifetime of your account. Deleted within 30 days of an erasure request.
Charges & verdicts
Until deletion
Associated with your account. On deletion, your involvement is anonymised where removal would affect other users' records.
Comments & reactions
Until deletion
Removed or anonymised on account deletion.
Media uploads
Until deletion
Removed from object storage within 30 days of account deletion or content removal request.
API access logs
30 days
Retained for security monitoring. Automatically purged after 30 days.
Crash & error reports
90 days
Retained to support bug diagnosis. Automatically purged by Sentry.
Database backups
7 days
Nightly snapshots retained for 7 days for disaster recovery. Deletion requests are honoured from live data immediately; backup purge follows the 7-day cycle.
Push tokens
While notifications enabled
Removed when notifications are disabled or on account deletion.
Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. All requests are processed within one calendar month.
👁
Right of access
You may request a copy of the personal data we hold about you and information about how we process it.
Article 15 UK GDPR
✏
Right to rectification
You may request correction of inaccurate personal data we hold about you.
Article 16 UK GDPR
🗑
Right to erasure
You may request deletion of your personal data. We will action this within 30 days, subject to any legal retention obligations. Your account and associated personal data will be removed from live systems immediately; residual copies in backups are purged within 7 days.
Article 17 UK GDPR
⏸
Right to restrict processing
In certain circumstances, you may request that we restrict how we process your data while a query or objection is resolved.
Article 18 UK GDPR
📦
Right to data portability
You may request a machine-readable export of the personal data you have provided to us.
Article 20 UK GDPR
🚫
Right to object
Where we rely on legitimate interests as our legal basis, you may object to that processing. We will cease unless we can demonstrate compelling legitimate grounds.
Article 21 UK GDPR
To exercise any of these rights, contact us via the contact page. We will respond within one calendar month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
The FineTime mobile application does not use cookies. The FineTime website uses a minimal set of cookies strictly necessary for its operation.
✓
Strictly necessary
Session and security cookies required for the website to function. These cannot be disabled. No consent is required for these under applicable law.
🚫
No analytics or advertising cookies
We do not use Google Analytics, Meta Pixel, or any third-party tracking or advertising cookie on any FineTime property.
Invite link tokens passed via URL query parameters are stored temporarily in sessionStorage for the duration of the browser session only and are not persisted, shared, or used for any purpose other than routing you into the correct group after app installation.
We take the security of your data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure.
🔒
Encryption in transit and at rest
All data is transmitted over TLS. Personal data stored in the database is encrypted at rest. Media files in object storage are encrypted at rest.
🏗
Network isolation
Application servers, databases, and internal services operate within private network subnets and are not directly accessible from the internet.
🛡
Security testing
The codebase is subject to automated dependency scanning, static analysis, and recurring security review covering authentication flows, access controls, and media handling.
🔑
Secret management
Credentials and API keys are stored in AWS Secrets Manager and are never hard-coded or exposed in application logs.
No method of electronic transmission or storage is 100% secure. If you become aware of a potential security vulnerability, please disclose it responsibly via our contact page.
⚠
FineTime is not for children. The Service is intended exclusively for adults of legal drinking age (minimum 18). We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a minor, we will delete it immediately. If you believe a minor is using the Service, please report it via the
contact page.
We may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the current version came into force. We will notify you of material changes via the app or by email where we are able to do so, before they take effect.
Continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy. If you do not accept the changes, you may request deletion of your account.
For all privacy-related requests — including data subject rights requests, questions about this policy, or concerns about how your data is handled — contact us via the contact page and select Account matter.
If you are not satisfied with our response, you have the right to complain to the UK supervisory authority:
🏛
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ico.org.uk/make-a-complaint · 0303 123 1113