Legal
Privacy Policy
This Privacy Policy was last updated on .
This notice describes how we handle personal information when you use DANDER. It is designed to meet our obligations under the UK GDPR and the Data Protection Act 2018. It is not legal advice; please obtain professional advice if you need it for your own circumstances.
The data controller
Norn Digital is a company incorporated in Northern Ireland. We are the data controller for the processing described in this Policy. We refer to ourselves as “DANDER”, “we”, “us” or “our”.
What this Policy covers
This Policy applies when you use the DANDER mobile application (the “App”), our website (the “Site”), and the features we make available through them, including step tracking, goals, in-app rewards, and offers involving independent businesses in Northern Ireland (together, the “Services”). It explains the basis on which personal data you give us—or that we collect automatically—will be stored and processed.
Age limit
You must be at least 13 years old to use the Services. If you are under 13, please do not use the App or Site or send us personal information.
Personal data we may collect
We may ask you for, or otherwise receive, information such as: your name; email address; mobile number; account credentials; profile details (for example display name or photo); and, where you choose to provide it, payment or payout details for rewards.
We also collect information about how you use the Services and about the device you use. That can include:
- Device and connection data: IP address, device identifiers, browser or app version, operating system, language, time zone, and similar technical signals.
- Usage data: screens viewed, taps, session length, referral source, crash or error logs, and in-app events needed to operate features (for example goals, clover or step mechanics, and reward flows).
- Movement and location (where you allow it): data from motion sensors or health integrations (such as Apple Health where you connect it), and approximate or precise location where needed to verify activity or show local offers. You can adjust permissions in your device settings; disabling certain permissions may limit features.
- Transaction or preference data: redemptions or interactions with partner offers, where applicable.
If you contact us (including through the partnership form on the Site), we will process the content of your message and related metadata.
Partners, analytics and other recipients
We work with suppliers who help us host infrastructure, analyse product usage, deliver messages, process payments, and operate security. We may also receive information from business partners who participate in reward or discount programmes you choose to use, where that is needed to confirm eligibility or redemption.
We do not sell your personal data for money. Where advertising or analytics tools involve cookies or similar technologies on the Site, we will align their use with applicable consent requirements and Annex B.
Why we use your data (legal bases)
We only process personal data where UK law permits. Annex A summarises typical purposes and the legal bases we rely on (such as contract, legitimate interests, consent, or legal obligation). Where we rely on legitimate interests, we consider your rights and apply safeguards.
Disclosures
We may share personal data with:
- Other users — limited profile elements you choose to make visible (for example in leaderboards or social features), as explained in the App.
- Service providers — processors who assist us under contract.
- Independent businesses — where necessary to deliver an offer you have chosen, subject to the terms shown at redemption.
- Authorities and professional advisers — where required by law or to protect rights, safety, and integrity.
- A successor — in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.
We may also disclose data where you have clearly instructed us or given consent.
Transfers outside the UK
Some processors may be located outside the United Kingdom. Where we transfer personal data to countries not covered by a UK “adequacy” decision, we put in place safeguards such as the UK International Data Transfer Agreement / Addendum or other approved mechanisms, unless a specific derogation applies. You may request further detail about safeguards by contacting us (see below).
How long we keep data
We retain personal data only as long as needed for the purposes in this Policy, including to meet legal, tax, or regulatory requirements, resolve disputes, and enforce agreements. Retention periods depend on the nature of the data and the risk of harm from misuse; we periodically review what we hold.
Security
We apply administrative, technical, and organisational measures appropriate to the risk. No system is perfectly secure; please protect your account credentials and devices.
Cookies and similar technologies
Our Site may use cookies and similar tools as described in Annex B. Essential cookies may be needed for the Site to work; where non-essential cookies are used, we will seek consent where required.
Your rights
Depending on circumstances, you may have rights to: access; rectification; erasure; restriction; portability; objection (including to direct marketing); and withdrawal of consent where processing is consent-based. These rights are not absolute. To exercise them, contact us using the details below. You may also complain to the ICO (ico.org.uk).
Marketing. You can opt out of marketing emails by using the unsubscribe link or by emailing us with the subject line “Marketing opt-out”.
Access / deletion. You may email us with the subject “Data access request” or “Account deletion”. Account deletion, where available in the App, may be the fastest way to remove certain data; we will confirm steps in the App or by reply.
Third-party links
The Services may link to third-party sites or services. Their privacy practices are governed by their own policies. We are not responsible for those practices.
Changes
We may update this Policy from time to time. The date at the top will change. For material changes we may also notify you through the App, the Site, or email where appropriate.
Contact
Questions about this Policy or our use of personal data: use our contact page or email privacy@dander.app with subject “Privacy enquiry”. Replace the email address with the inbox you actively monitor.
Annex A — Purposes and legal bases (summary)
The following is a high-level summary. Actual processing must match what you implement in product and contracts.
| Category / activity | Typical purpose | Legal basis (UK GDPR Art. 6) |
|---|---|---|
| Account identifiers (e.g. phone or email) | Create and secure your account; verify identity where needed. | Performance of a contract; legitimate interests in fraud prevention. |
| Profile and movement data (steps, goals, in-app activity) | Deliver core App features, leaderboards, and rewards. | Contract; consent where required for optional integrations (e.g. Health data); legitimate interests for community features balanced against user expectations. |
| Location (if enabled) | Verify activity or surface local partner offers. | Consent for precise location where required; contract or legitimate interests for product delivery where applicable. |
| Transaction / redemption data | Operate partner offers and prevent abuse. | Contract; legitimate interests in analytics and fraud prevention. |
| Support and communications | Respond to you; send service messages; conduct surveys with consent. | Legitimate interests; consent for non-essential marketing. |
| Analytics and improvement | Understand usage and improve stability. | Consent for non-essential analytics cookies on the Site; legitimate interests for product improvement where proportionate. |
| Legal and safety | Comply with law; enforce terms; protect users. | Legal obligation; legitimate interests. |
If you integrate Google APIs, you must comply with Google’s API Services User Data Policy and Limited Use requirements where applicable.
Annex B — Cookies (website)
Cookies are small files stored on your device. We may use:
- Strictly necessary cookies required for security, load balancing, or core Site functionality;
- Analytics cookies to understand traffic (for example aggregated visit counts), where you have consented where consent is required;
- Preference cookies to remember choices you make.
You can control cookies through your browser; blocking some cookies may affect Site behaviour. Industry information is available from resources such as allaboutcookies.org.
Annex C — Users outside the UK
If you access the Services from outside the United Kingdom, additional local laws may apply. We process UK-focused personal data in line with this Policy; where local rules impose stricter requirements, we will comply where we are legally required to do so. Residents of some U.S. states may have rights under state privacy laws (for example to know, delete, or opt out of certain sharing for advertising); to exercise such rights, contact us with a clear description of your request and your state of residence.