Privacy Policy – Mystery Diners Ltd Apps

Last updated: 30 March 2026

This Privacy Policy explains how Mystery Diners Ltd collects, uses, stores and shares personal data when you use any mobile application published or operated by us, including apps previously published by Activated Apps Ltd and now operated by Mystery Diners Ltd.

This policy is intended to apply to our mobile apps made available through the Apple App Store, Google Play, and other official app distribution channels, unless a particular app has its own separate privacy policy.

1. Who we are

Mystery Diners Ltd is the controller of the personal data described in this policy, unless we say otherwise in a particular app or service.

Contact details
Email: admin@mydine-vouchers.co.uk

Business address:
Mystery Diners Ltd
Clyde Offices, 2nd Floor
48 West George Street
Glasgow
Scotland
G2 1BP

If you have any questions about this policy or about how we use your personal data, please contact us using the details above.

2. What this policy covers

This policy covers personal data we collect through our apps, including:

  • information you provide directly to us;
  • information collected automatically from your device or app use;
  • information connected with notifications, analytics, purchases, support, and app security;
  • information received from third-party services where you choose to connect them.

Some features may only be available in certain apps. Where this is the case, the relevant parts of this policy apply only if that feature or service is actually used in that app.

3. The personal data we may collect

Depending on the app you use and the features you enable, we may collect the following categories of personal data.

A. Information you provide directly

This may include:

  • your name;
  • email address;
  • username or account details;
  • profile information;
  • customer support messages or enquiries;
  • information you provide when taking part in surveys, feedback requests, competitions, or promotions;
  • any information you choose to submit through forms, contact screens, or connected features.

B. Account and login information

If an app allows account creation or sign-in, we may collect and process:

  • login credentials or authentication identifiers;
  • password-reset and account verification information;
  • account preferences and settings;
  • identifiers linked to your account.

We do not intentionally store full payment card numbers in our apps. Payments, subscriptions, and in-app purchases may be processed by Apple, Google, or other authorised payment providers subject to their own terms and privacy information.

C. Device, app, and technical information

When you use our apps, we may automatically collect technical data such as:

  • app-instance or installation identifiers;
  • device type and model;
  • operating system and version;
  • app version;
  • language, time zone, and country-level location derived from technical information;
  • IP address or network-related information where required for service delivery, security, diagnostics, or server logs;
  • crash data, performance data, and diagnostic information;
  • information about how and when the app is opened, used, updated, or closed.

D. Analytics and usage information

For apps that use analytics tools, including Google Analytics for Firebase or related Firebase services, we may collect information about how people use the app, such as:

  • app opens and sessions;
  • screens viewed;
  • feature usage;
  • general engagement and navigation patterns;
  • aggregated or pseudonymous analytics events and user properties;
  • approximate geolocation derived from device or network information;
  • device and app information used to understand app performance and user engagement.

E. Push notification information

If an app supports push notifications, we may collect and process:

  • the Apple Push Notification service (APNs) token and/or Firebase Cloud Messaging (FCM) registration token;
  • device and app metadata associated with notifications, such as device model, operating system version, language, time zone, app identifier, and app version;
  • records of notification preferences;
  • message delivery, open, and interaction data where supported by the relevant notification and analytics services.

F. Purchase and transaction information

Where relevant to an app, we may collect limited transaction-related information such as:

  • order or transaction identifiers;
  • items purchased or redeemed;
  • subscription status;
  • receipt validation results;
  • non-card payment metadata supplied by app stores or payment processors.

We do not intentionally collect your full bank card details through the app unless a specific payment flow clearly tells you otherwise.

G. Information from connected third-party services

If you choose to connect or use third-party services, social features, or external sign-in options, we may receive information from those providers, such as:

  • account identifiers;
  • public profile details you choose to share;
  • usernames;
  • email address;
  • confirmation that you have successfully authenticated with that service.

The exact data shared depends on the third-party service and your privacy settings with that service.

4. How we use your personal data

We use personal data only where we have a valid legal basis to do so. Depending on the app and service, we may use personal data to:

  • provide and operate the app and its features;
  • create and manage user accounts;
  • authenticate users and maintain secure sessions;
  • provide purchases, subscriptions, redemptions, or in-app functionality;
  • send service messages, alerts, reminders, and notifications;
  • send marketing or promotional messages where permitted and, where required, where you have given consent;
  • understand how our apps are used and improve content, design, stability, and features;
  • troubleshoot errors, monitor performance, and protect the security of our systems;
  • personalise settings and remember user preferences;
  • respond to support enquiries and complaints;
  • prevent fraud, abuse, unauthorised access, and other misuse;
  • comply with legal obligations, defend legal claims, and enforce our terms.

5. Our lawful bases for processing

Under UK data protection law, we may rely on one or more of the following lawful bases:

Contract

Where processing is necessary to provide the app or a service you have requested, such as account access, purchases, or essential app functionality.

Legitimate interests

Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include:

  • operating and improving our apps;
  • keeping our services secure;
  • preventing misuse and fraud;
  • understanding app performance and user engagement at a reasonable level;
  • handling support, complaints, and service administration.

Consent

Where consent is required, for example:

  • for optional permissions;
  • for certain marketing communications or promotional notifications;
  • for any optional processing that legally requires consent.

You may withdraw consent at any time for future processing. This will not affect the lawfulness of processing carried out before withdrawal.

Legal obligation

Where we must process data to comply with legal or regulatory requirements.

6. Push notifications

If you allow notifications on your device, we may send push notifications through Apple Push Notification service and/or Firebase Cloud Messaging.

These notifications may include:

  • service or operational messages;
  • reminders you have enabled;
  • account or transaction updates;
  • app content or feature updates;
  • marketing or promotional messages, where permitted and where we have any consent required by law.

To deliver notifications, a push token may be generated and associated with your app installation or device. We may store and use that token to send notifications, manage subscriptions, prevent duplicate messaging, and remove invalid or outdated tokens.

If supported by the relevant services, we may also record whether a notification was delivered, opened, or interacted with in order to understand effectiveness and improve the service.

You can stop push notifications at any time by changing your device settings, or by using any in-app notification controls where available.

7. Analytics

Some of our apps use analytics services, including Google Analytics for Firebase, to help us understand app usage, app performance, and user engagement.

Analytics information helps us to:

  • measure app opens, screens, sessions, and general use;
  • understand which features are most useful;
  • identify crashes, bugs, and poor user journeys;
  • improve app performance, stability, and design;
  • assess the effectiveness of notifications, campaigns, or product changes where applicable.

Where analytics is used, data may include app-instance identifiers, device and app metadata, approximate location, usage events, and technical information described in this policy.

We do not use analytics data for unlawful purposes, and we aim to configure analytics in a privacy-conscious way appropriate to the app and its audience.

8. Marketing communications

Where we send marketing by electronic means, including promotional emails or push notifications, we will do so in accordance with applicable data protection and electronic marketing rules.

You can opt out of marketing emails by using the unsubscribe link where available.
You can opt out of push notifications through your device settings or any in-app controls that are provided.

Service messages relating to your account, purchases, security, or the normal operation of the app are not the same as marketing and may still be sent where necessary.

9. Who we share your data with

We may share personal data with the following categories of recipients where necessary:

  • service providers and processors who help us run the app and related services;
  • analytics providers, including Google / Firebase, where used;
  • notification and messaging providers, including Apple and Firebase, where used;
  • payment providers and app stores, such as Apple or Google, where relevant to purchases or subscriptions;
  • hosting, infrastructure, support, security, and development providers;
  • professional advisers, such as lawyers, accountants, insurers, and auditors;
  • regulators, law enforcement, courts, and public authorities where required by law or where necessary to protect rights, property, or safety;
  • a buyer, investor, successor, or group company in connection with a merger, acquisition, restructuring, financing, insolvency process, or sale of all or part of the business or assets.

We require processors acting on our behalf to handle personal data only on our instructions and with appropriate safeguards.

10. International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where we transfer personal data internationally, we will take steps to ensure that appropriate safeguards are in place, which may include:

  • transfers to countries that are recognised as providing an adequate level of protection; or
  • approved contractual or other lawful safeguards.

You can contact us if you would like more information about the safeguards we rely on for relevant international transfers.

11. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy, including to provide services, resolve disputes, enforce agreements, maintain security, and comply with legal, tax, accounting, or regulatory obligations.

Retention periods may vary depending on the type of data and the app feature involved. For example:

  • account data is usually kept while your account remains active and for a reasonable period afterwards;
  • push notification tokens are retained only while needed for active messaging, token refresh, security, and suppression of invalid tokens;
  • analytics and diagnostic data is retained according to the configuration and retention settings of the relevant analytics tools and our internal business needs;
  • customer support records may be retained for as long as needed to resolve your issue and keep an appropriate record of the interaction;
  • transaction and financial records may be retained for longer where required by law.

When personal data is no longer needed, we will delete it, anonymise it, or securely store it only for a lawful residual purpose.

12. Security

We use appropriate technical and organisational measures to help protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures may include:

  • access controls;
  • authentication protections;
  • encryption in transit where appropriate;
  • secure hosting and service-provider controls;
  • logging and monitoring;
  • least-privilege access practices;
  • procedures for handling security incidents.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

13. Children’s privacy

Some of our apps may be used by children or may be likely to be accessed by children. Where that is the case, we aim to take an age-appropriate and privacy-conscious approach to design, language, defaults, and data handling.

If a particular app is directed at children, or likely to be accessed by children, we may provide additional notices or controls in that app.

Parents or guardians who believe that a child has provided us with personal data in a way they did not expect may contact us and ask us to review or delete that information where appropriate.

14. Third-party services and links

Our apps may link to websites, stores, platforms, videos, social networks, or other third-party services that we do not own or control.

We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy information before using those services.

15. Your rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of your personal data;
  • request restriction of processing;
  • object to certain processing;
  • request transfer of certain personal data to you or another provider;
  • withdraw consent where processing is based on consent;
  • complain to the UK Information Commissioner’s Office (ICO).

If you want to exercise any of these rights, please contact us at admin@mydine-vouchers.co.uk.

We may need to verify your identity before acting on a request.

16. Account deletion

If a particular app allows you to create an account, you may request deletion of that account and associated personal data by:

  • using any in-app account deletion feature, where available;
  • using any account deletion page or web form we provide; or
  • contacting us at admin@mydine-vouchers.co.uk.

When you request deletion, we will delete or anonymise your personal data unless we need to keep some of it for lawful reasons, such as security, fraud prevention, legal compliance, accounting, or dispute resolution.

17. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we have a chance to address your concern.

You also have the right to complain to the Information Commissioner’s Office in the UK.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our apps, services, legal obligations, or data practices.

When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice within the app or through other suitable means.

Loading

Last modified: March 30, 2026