KIH KIH Technologies

Legal

Privacy Policy

Last updated: 15 May 2026

This privacy policy explains how KIH Technologies Ltd ("we", "us", "our") collects, uses, stores and shares personal data when you use our products: FishingTactix (fishingtactix.com) and TradeKit (tradekitapp.co.uk), and any iOS or Android versions of those apps published under the KIH Technologies developer accounts.

We are the data controller for personal data processed through our apps and this website. You can contact us at kristan@kihtech.co.uk or by post at our registered office (see below).

1. Who we are

KIH Technologies Ltd is a private limited company registered in England & Wales.

  • Company number: 17214671
  • Registered office: 12 Itchen Close, Bettws, Newport, NP20 7AL, United Kingdom
  • Director: Kristan Hurn
  • ICO registration: Pending (we will publish our ICO registration number here once issued)

2. What data we collect

The data we collect depends on the app and how you use it. We collect the minimum needed to make our apps work.

2.1 Account data (both apps)

  • Email address and password (passwords are hashed by Firebase Authentication — we never see them in plain text)
  • Display name you choose
  • Authentication tokens from Google Sign-In, where used
  • Subscription status and Stripe customer ID (no full payment card data — that stays with Stripe)

2.2 FishingTactix-specific data

  • Catch logs you create — species, weight, location (subject to your Privacy Shield level), photos, voice notes
  • Saved venues, trip plans, kit checklists
  • Discipline preferences, region (UK-EW/UK-S/UK-NI/IE) and licence-expiry dates if you choose to enter them
  • Approximate location for bite-prediction and weather feeds (we do not continuously track your location)

2.3 TradeKit-specific data

  • Business information you enter: trading name, UTR, VAT number, address
  • Customer records you create
  • Quotes, invoices, jobs, expenses, mileage entries and receipt photos
  • If you connect Open Banking, transaction data shared by your bank via TrueLayer (you control what is shared and you can disconnect at any time)
  • If you submit to HMRC via the app, the data needed for that submission (your HMRC credentials are held by HMRC, not us)

2.4 Technical data (both apps)

  • IP address, device type, OS version, app version
  • Crash and error logs (Sentry, see Sub-processors below)
  • Basic analytics — page views, feature usage. We do not use advertising trackers and we do not sell data

3. How we use your data

We use personal data only for these purposes:

  • To provide the service you signed up for — store your catches/quotes/etc, sync across your devices, calculate bite scores, generate invoices
  • To communicate with you — service emails, support replies, licence-renewal reminders if you've enabled them
  • To improve the apps — aggregate, non-identifying analytics about which features are used
  • To meet legal obligations — for example, retaining tax-related submission records for the period required by HMRC

4. Lawful basis (UK GDPR Art. 6)

  • Contract — most processing is necessary to deliver the app you signed up for
  • Legitimate interests — crash logs, basic analytics and fraud prevention, balanced against your rights
  • Consent — for optional features like push notifications, marketing email, or sharing location to the community feed (FishingTactix). You can withdraw consent at any time
  • Legal obligation — for example, retaining records required by HMRC or UK accounting law

5. Sub-processors

We use the following carefully selected sub-processors to deliver the apps. Each is bound by a Data Processing Agreement and provides equivalent or stronger privacy protections than UK GDPR requires.

  • Google Firebase (Google Ireland Ltd) — authentication, hosting, database, cloud functions, push notifications, crash reporting. Firebase privacy
  • Stripe (Stripe Payments UK Ltd) — subscription billing. We never see your full card number. Stripe privacy
  • RevenueCat — subscription entitlement management across Apple, Google and Stripe (iOS apps in future). RevenueCat privacy
  • TrueLayer — Open Banking provider used by TradeKit (FCA-authorised). TrueLayer privacy
  • Google AI / Gemini — optical character recognition for receipts (TradeKit) and match-result sheets (FishingTactix). Images are processed transiently and not used to train models. Google AI privacy
  • Sentry — error and crash diagnostics. Sentry privacy
  • HMRC — direct submission of tax data (TradeKit). We are an HMRC-recognised vendor; submissions go from your device to HMRC over a secure channel

6. International transfers

Some of our sub-processors store or process data outside the UK. Where transfers occur outside the UK or EEA, they are protected by UK International Data Transfer Agreements, EU Standard Contractual Clauses, or equivalent safeguards approved by the Information Commissioner's Office (ICO).

7. How long we keep your data

  • Active account data — for as long as your account is active
  • After account deletion — we erase your personal data within 30 days. Anonymised, aggregated data (with no identifier) may remain
  • Financial records — invoices, expenses and tax submissions retained for 6 years to meet UK accounting and HMRC requirements
  • Crash logs — 90 days

8. Your rights (UK GDPR Art. 13)

You have the right to:

  • Access — request a copy of the personal data we hold about you (FishingTactix has a one-tap GDPR export in Settings)
  • Rectification — correct inaccurate data
  • Erasure — delete your account and data. See our Account Deletion page
  • Restrict processing — pause our use of your data while a dispute is resolved
  • Data portability — receive your data in a machine-readable format
  • Object — to processing based on legitimate interests
  • Withdraw consent — at any time, with no effect on lawful processing before withdrawal
  • Complain — to the Information Commissioner's Office (ICO) at ico.org.uk/concerns or 0303 123 1113. We'd appreciate the chance to address your concern first by emailing us at kristan@kihtech.co.uk

9. Children

Our apps are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Security

We protect personal data with industry-standard technical and organisational measures: TLS encryption in transit, encryption at rest, multi-factor authentication for staff access, role-based access control via Firebase custom claims, and routine security review of our codebase and sub-processors. No system is perfectly secure, but we take the responsibility seriously.

11. Cookies and analytics

This website uses only essential cookies. Our apps use first-party storage to remember your settings and authentication state. We do not run advertising trackers. If we add non-essential cookies (for example, marketing analytics), we will request your consent first via a granular cookie banner.

12. Changes to this policy

We may update this policy from time to time. Significant changes will be notified in-app and by email to active users at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

13. Contact

Any questions about this policy or your data? Email kristan@kihtech.co.uk or write to:

Data Protection
KIH Technologies Ltd
12 Itchen Close, Bettws
Newport, NP20 7AL
United Kingdom