Legal

Privacy Policy

Effective: 18 April 2026 · Last updated: 18 April 2026

This Privacy Policy explains how Alderframe Ltd ("Alderframe", "we", "us", "our") collects, uses, discloses and safeguards personal data when you visit alderframe.co.uk (the "Site") or use any of our mobile applications, games, or other interactive products distributed through the Apple App Store or otherwise made available by us (each an "App" and together with the Site, the "Services"). It also sets out your rights and how to exercise them.

Please read this Policy carefully. By using the Services you acknowledge that you have read and understood it. If you do not agree with this Policy, please do not use the Services.

1. Who we are (data controller)

Alderframe Ltd is a private limited company incorporated in England and Wales. We are the "controller" of the personal data processed under this Policy.

  • Company: Alderframe Ltd
  • Registered office: United Kingdom
  • Email for privacy matters: hello@alderframe.co.uk
  • Supervisory authority: Information Commissioner's Office (ICO), United Kingdom

If you would like this Policy in another format or language, or need help understanding any part of it, contact us at the address above.

2. Scope of this Policy

This Policy applies to personal data processed by Alderframe through:

  • the Site and any sub-domains;
  • our Apps (including, without limitation, Freshli) and any future iOS, iPadOS, watchOS, macOS, visionOS or other applications and games we publish;
  • our support channels (including email correspondence with us);
  • our pages and communications on third-party platforms (for example, X, Instagram, TikTok and Facebook) to the extent we act as controller of information you share with us there.

Individual Apps may display additional privacy information at the point of collection (for example through Apple's App Store "App Privacy" labels and in-app notices). Where an App-specific notice provides more detail, that notice and this Policy should be read together; where they genuinely conflict, the App-specific notice prevails for that App.

3. Personal data we collect

The categories of personal data we may collect depend on how you interact with us. Not all categories are collected by all Services.

3.1 Information you provide to us

  • Contact and correspondence data: your name, email address, and the contents and metadata of any message you send to us (e.g. via hello@alderframe.co.uk or a contact form).
  • Account data (App-specific): if an App requires an account, we may collect a username or display name, email address, password (stored in hashed form), and optional profile information you choose to provide.
  • User content: content you create, upload, save or share within an App (for example, entries, lists, game progress, notes, photos you attach, in-app messages).
  • Support data: information you share when requesting help, reporting a bug, or giving feedback.

3.2 Information collected automatically

  • Device and technical data: device model, operating system and version, locale, language, time zone, mobile network information, hardware identifiers generated by Apple (such as the Identifier for Vendors, "IDFV"), and crash and performance data.
  • Usage data: the features you use, in-app events, screens viewed, session duration, and similar analytics signals used to understand how the Services are used and to improve them.
  • Log and connection data: IP address, request headers, user-agent string, referring URL, and timestamps collected by our hosting and security providers for reliability, fraud prevention and protection against abuse.
  • Transaction metadata (in-app purchases): details of purchases and subscriptions made through the Apple App Store (such as product identifier, purchase date, subscription status, and a transaction receipt). Payment card details are handled entirely by Apple — we do not receive, store or have access to your payment card information.

3.3 Information from third parties

  • Apple: where you sign in with Apple, use Game Center, or purchase via the App Store, Apple may share limited information with us (such as a pseudonymous identifier, optional name, a relay email address, and purchase status). Apple's own Privacy Policy applies to Apple's processing.
  • Service providers: technical information from our hosting, analytics, crash-reporting and security providers as described in Section 7.
  • Social platforms: if you contact us through a social media channel, we receive the information you choose to send plus any profile information that platform makes available.

3.4 Sensitive data

We do not ask for, and ask you not to send us, special category personal data (for example, data concerning health, race, religion, sexual orientation, or biometric data) unless an App makes a specific and clearly-explained request, with an appropriate legal basis, at the point of collection.

4. How we use personal data (purposes and legal bases)

Under the UK GDPR and the Data Protection Act 2018 we must have a lawful basis for processing personal data. We rely on the bases listed in the table below.

PurposeUK GDPR legal basis
Providing the Services you request, operating your account (if any), processing in-app purchases and delivering the features of an App.Performance of a contract with you (Art. 6(1)(b)).
Responding to your enquiries, support requests and correspondence.Our legitimate interests in running a responsive business (Art. 6(1)(f)); or performance of a contract where the request is tied to a Service.
Keeping the Services secure, detecting and preventing fraud, abuse and unauthorised use, and enforcing our Terms.Our legitimate interests in protecting the Services, our users and our business (Art. 6(1)(f)); legal obligation where applicable (Art. 6(1)(c)).
Measuring how the Services perform and are used (aggregate analytics and crash reports) to improve and develop them.Our legitimate interests in improving our products (Art. 6(1)(f)), or your consent where required by law (Art. 6(1)(a)).
Using optional analytics, tracking or advertising identifiers (such as the IDFA) on iOS — only where you have granted permission through Apple's App Tracking Transparency prompt.Your consent (Art. 6(1)(a)).
Sending you service messages (for example, changes to Terms, security notices, significant App updates).Our legitimate interests and/or legal obligation.
Sending you marketing communications about our products (only where permitted).Your consent (Art. 6(1)(a)), which you can withdraw at any time.
Complying with legal, regulatory and tax obligations (for example, record-keeping, responding to lawful requests).Legal obligation (Art. 6(1)(c)); our legitimate interests.
Establishing, exercising or defending legal claims.Our legitimate interests; legal obligation.
Corporate transactions (e.g. a restructure, merger, sale or insolvency).Our legitimate interests; legal obligation.

Where we rely on legitimate interests, we carry out a balancing test to make sure those interests are not overridden by your rights and freedoms. You can ask us for more detail about that assessment.

5. Apple App Tracking Transparency and advertising identifiers

On iOS and iPadOS devices running iOS 14.5 or later, apps must request your permission through the App Tracking Transparency framework before they are allowed to track you across apps and websites owned by other companies or access your device's advertising identifier (IDFA) for that purpose.

  • Where an App does not use cross-app tracking, we will not ask for this permission and we will not track you across other apps or websites.
  • Where an App does use tracking, we will only enable it after you grant permission through Apple's prompt. You can change your choice at any time in Settings → Privacy & Security → Tracking on your device.
  • Our current position on tracking is disclosed for each App in that App's "App Privacy" entry on its App Store product page.

6. Children's privacy

Our Services are not directed to children under the age of 13 (or the minimum age required by your local law, if higher). We do not knowingly collect personal data from children who do not meet the minimum age.

Where any App is rated for, or directed to, children, we will comply with the Children's Code (the UK's Age Appropriate Design Code), Apple's "Kids" category requirements, and applicable children's privacy laws (including COPPA in the United States where relevant). Such Apps will carry an additional, age-appropriate notice inside the App.

If you believe a child has provided us with personal data without appropriate consent, please contact us at hello@alderframe.co.uk and we will promptly delete it.

7. Who we share personal data with

We do not sell personal data. We share personal data only with the recipients listed below, and only to the extent necessary.

  • Apple Inc. and Apple Distribution International Ltd. — as the operator of the App Store, provider of in-app purchase, subscription and receipt-validation services, Sign in with Apple, Game Center, push notifications (APNs), App Analytics, TestFlight, CloudKit and related developer services. Apple is an independent data controller for some of this processing.
  • Hosting and content-delivery providers — such as Cloudflare (for the Site) — which process IP addresses and request metadata to deliver content, protect against attack and maintain availability.
  • Crash reporting, analytics and diagnostics providers — which process device, usage and crash data on our behalf. Where these are strictly-necessary for stability, we rely on legitimate interests; otherwise we rely on consent.
  • Email, support and communications providers — which process your messages so we can reply.
  • Professional advisers — lawyers, accountants, auditors and insurers, bound by duties of confidence.
  • Law enforcement, regulators and other authorities — where we are legally compelled to disclose personal data or where disclosure is necessary to protect rights, property or safety.
  • Acquirers and successors — if we are involved in a merger, acquisition, financing, reorganisation, bankruptcy or sale of assets, personal data may be transferred as part of that transaction, subject to the protections in this Policy.

All service providers engaged by us act on our documented instructions under a written agreement that contains the protections required by UK GDPR Article 28.

8. International transfers

Some of our service providers are located outside the United Kingdom (for example, in the European Economic Area and the United States). Where personal data is transferred internationally, we put in place appropriate safeguards, which may include:

  • transfers to jurisdictions that benefit from UK "adequacy regulations";
  • the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses; and
  • additional technical and organisational measures (such as encryption in transit and at rest) where appropriate.

You can request a copy of the safeguards that apply to a specific transfer by contacting us.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purposes set out in this Policy, or longer where required or permitted by law. Typical retention periods are:

  • Email correspondence and support tickets: up to 3 years after the issue is resolved (longer if needed for legal claims).
  • Account data: for the life of the account, plus a short grace period after deletion to allow for account recovery and to comply with backups.
  • User content: for as long as stored by you in the App (subject to App-specific defaults) or until you delete it.
  • Purchase records: at least six years from the end of the relevant financial year, to meet UK tax and accounting obligations.
  • Security, abuse and fraud logs: typically 12 months.
  • Cookies and similar technologies: as set out in Section 13.

When personal data is no longer needed we will delete or anonymise it.

10. How we protect personal data

We maintain appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include access controls, least-privilege administration, encryption of data in transit (TLS) and at rest where appropriate, regular review of our vendors, and staff training.

No system is perfectly secure. If you believe your account or any personal data has been compromised, please contact us immediately.

11. Your rights

Subject to applicable law, you have the following rights in relation to personal data we hold about you:

  • Access — to ask for a copy of personal data we hold about you and information about how it is processed.
  • Rectification — to have inaccurate or incomplete personal data corrected.
  • Erasure — to ask us to delete personal data in certain circumstances (the "right to be forgotten").
  • Restriction — to ask us to limit our processing of your personal data in certain circumstances.
  • Portability — to receive personal data you provided to us in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Objection — to object to processing based on legitimate interests, including profiling, or to direct marketing at any time.
  • Consent withdrawal — to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Not to be subject to solely automated decisions with legal or similarly significant effects — we do not currently carry out such decision-making.
  • Complain to a supervisory authority — in particular the UK Information Commissioner's Office (ico.org.uk). We would, however, appreciate the chance to address your concerns first.

To exercise any of these rights, email hello@alderframe.co.uk. We may need to verify your identity before acting. We will respond within one month, extendable by a further two months for complex requests (we will tell you if that applies).

12. Push notifications, in-app messages and marketing

With your permission (usually via the iOS system prompt), we may send you push notifications from our Apps. You can turn these off at any time in your device settings. We do not send marketing push notifications without your consent.

If you opt in to marketing emails, you can unsubscribe at any time using the link in each email or by contacting us. We do not sell or rent email addresses to third parties.

13. Cookies and similar technologies (Site)

The Site is a static marketing website and does not use tracking or advertising cookies. We may use strictly-necessary cookies or similar technologies to keep the Site secure, remember your preferences or maintain a session. Where we introduce any non-essential cookies in future, we will update this Policy and request your consent through a cookie banner, as required by the UK Privacy and Electronic Communications Regulations (PECR).

Apps do not use browser cookies, but may use local storage or equivalent on-device storage to support core functionality, as described in an App-specific notice where relevant.

14. Third-party links and services

The Services may contain links to or embed content from third-party websites, services or platforms (for example, X, Instagram, TikTok, Facebook, or Apple). We are not responsible for the privacy practices of third parties. We encourage you to read their privacy policies before providing personal data to them.

15. Region-specific disclosures

European Economic Area (EEA): where EU GDPR applies, references in this Policy to the UK GDPR should be read as references to Regulation (EU) 2016/679 (the GDPR) and to your national implementing laws, and references to the ICO include your local supervisory authority.

California residents: we do not sell or share personal information as defined by the CCPA/CPRA. You have rights to know, delete and correct your personal information and to limit the use of sensitive personal information. To exercise these rights, contact us at hello@alderframe.co.uk. We will not discriminate against you for exercising them.

Other jurisdictions: you may have additional rights under local law. Contact us and we will do our best to accommodate lawful requests.

16. Changes to this Policy

We may update this Policy from time to time. The "Effective" and "Last updated" dates at the top show when it was last revised. Where the changes are material (for example, a new purpose or a new recipient), we will take reasonable steps to notify you in advance — for example, by an in-App notice, a banner on the Site, or an email.

17. How to contact us

For any question about this Policy, a privacy right, or how personal data is processed, please contact:

Alderframe Ltd
Email: hello@alderframe.co.uk
Web: alderframe.co.uk

If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, or your local supervisory authority.