Privacy Policy
Last updated: 10 April 2026 — Version 1
1. Introduction
This Privacy Policy explains how Localla collects, uses, stores, and protects your personal data when you use the Localla mobile application and related services (the "Service"). It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Localla is operated as a sole trader business. The data controller responsible for your personal data is:
Localla, trading as Localla
Contact email: contact@localla.net
Website: localla.net
Localla is registered with the UK Information Commissioner's Office (ICO) as the data controller for Localla. If you have any questions about this policy or how your personal data is handled, please email contact@localla.net.
2. Data We Collect and Our Lawful Basis
Under Article 6 of the UK GDPR, we must have a lawful basis for every category of personal data we process. The sections below set out what we collect, why, and the basis on which we process it.
Account and identity data
When you create an account we collect your first name, surname, email address, and the identifier supplied by your sign-in provider (Apple ID or, in future, Google). We also record the date you joined and the version of our legal terms you have accepted.
Lawful basis: performance of a contract (Article 6(1)(b)) — we need this data to provide the Service to you.
Profile data
Your public display name (first name only), optional bio, skills, and profile photo (see Section 6). Other users can see this information.
Lawful basis: performance of a contract (Article 6(1)(b)).
Location data
Approximate location when you are using the app, used to show nearby jobs and calculate travel time estimates. Location is handled at a general-area level only — see Section 5 for full detail.
Lawful basis: performance of a contract (Article 6(1)(b)) for core job matching; legitimate interests (Article 6(1)(f)) for approximate travel ETAs.
Job and interaction data
Jobs you post, jobs you express interest in, your chat history with other users, reviews, reports, block actions, and the reliability signals (completed and missed jobs) produced by your use of the Service.
Lawful basis: performance of a contract (Article 6(1)(b)); legitimate interests (Article 6(1)(f)) for the reliability and trust system.
User-generated content
Photos and videos you upload to job posts, chat messages you send, and reports you file about other users or content.
Lawful basis: performance of a contract (Article 6(1)(b)).
Device and technical data
Device model, operating system version, app version, a device identifier used for push notifications, crash diagnostics, and basic error logs.
Lawful basis: legitimate interests (Article 6(1)(f)) — keeping the app secure, stable, and diagnosing faults.
Moderation and safety data
Outcomes of automated content moderation on your job posts, records of reports made against you, and, where a user has been permanently banned, a one-way hash of their sign-in identifier and email address so that banned users cannot simply create a new account.
Lawful basis: legitimate interests (Article 6(1)(f)) — fraud prevention, platform safety, and enforcement of our Terms of Service.
Communications preferences
Whether you have opted in to optional skill alerts or marketing communications (marketing is currently not active at launch).
Lawful basis: consent (Article 6(1)(a)) — you may withdraw consent at any time in Settings.
Data we do NOT process
We do not currently process biometric data within the meaning of Article 9 of the UK GDPR. Your profile selfie (see Section 6) is stored as an ordinary photograph and is not run through any facial recognition, face-matching, or liveness-detection system. We do not process special category data (such as health, racial or ethnic origin, religion, or sexual orientation), and we ask you not to include such information in job posts or messages.
3. How We Use Your Data
We use the personal data described in Section 2 for the following specific purposes:
Providing the Service: creating your account, showing you nearby jobs, letting you post jobs, facilitating chats between Posters and Candidates, and delivering push notifications for new messages and job interest.
Trust and community safety: running a three-layer content moderation pipeline on job posts, processing reports of bad behaviour, maintaining the reliability score shown on profiles, and (where necessary) suspending or banning accounts that breach our Terms.
Support and legal: responding to your support enquiries, handling data subject requests, and meeting our legal obligations (for example, responding to valid law-enforcement requests).
Service quality and improvement: diagnosing crashes, debugging errors, understanding how features are used in aggregate, and making the product better.
Automated decisions and human review: job posts are automatically classified by our moderation pipeline into approved, rejected, or pending-review states. This produces a legal effect in the sense that a rejected post will not be shown to other users. You have the right to ask for a human to review any moderation decision — email contact@localla.net and we will review the post manually.
4. Your Rights Under UK GDPR
UK GDPR gives you a number of rights over the personal data we hold about you. These rights are free to exercise and we will respond within one calendar month of receiving a valid request.
Right of access (Article 15): you can ask for a copy of the personal data we hold about you and information about how we process it.
Right to rectification (Article 16): you can ask us to correct data that is inaccurate or incomplete. Most profile fields are editable directly in the app.
Right to erasure (Article 17): you can delete your account from the Settings screen. This is an in-app flow — see Section 10 for what happens to your data.
Right to restrict processing (Article 18): you can ask us to pause processing of your data in certain circumstances, for example while a dispute about accuracy is being resolved.
Right to data portability (Article 20): you have the right to receive the personal data you provided to us in a structured, machine-readable format. A self-service export is not yet available in the app — please email contact@localla.net and we will prepare your export manually.
Right to object (Article 21): you can object to processing based on legitimate interests, including our moderation and reliability processing. We will stop the relevant processing unless we can show compelling legitimate grounds to continue.
Rights related to automated decision-making (Article 22): you have the right to ask for human review of any automated moderation decision that affects you.
Right to withdraw consent: where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, email contact@localla.net. We may need to verify your identity before acting on a request, usually by asking you to send the request from the email address linked to your Localla account.
5. How We Handle Your Location
Localla is a location-based service, but we are deliberately conservative about how location data is stored and shown.
When you use the app, your device supplies a set of coordinates which we use to show you nearby jobs and to calculate approximate travel time. Your precise coordinates are never shared with other users. The Service only ever displays locations at a general-area level — typically a ward, district, or postcode area, resolved through the public postcodes.io service at ward-level granularity.
Job locations shown to other users are similarly generalised. Travel time estimates are calculated by routing approximate origin and destination points through our mapping and route calculation provider (see Section 8).
You can revoke the app's access to your device location at any time through your device Settings. If you revoke location access, parts of the Service that depend on location (such as the nearby jobs feed) will stop working.
6. Your Profile Selfie
Before you post your first job or express interest in a job for the first time, we ask you to take a live selfie in the app. This is a social-accountability feature (a "presence photo") so that the people you are transacting with can see who they are dealing with. It is not biometric identification.
We do not perform facial recognition, face matching, liveness detection, or any other biometric analysis on this photo. We do not generate a face template or face encoding, we do not compare the photo against any database, and we do not use it to verify who you are. The photo is stored and served as an ordinary image file.
When you capture your selfie, it is written to two places:
A private storage bucket ("profile-selfies") which is locked down by row-level security. Access is granted only through short-lived signed URLs produced by a server-side function that checks you are in an active chat with the person requesting the photo.
A public avatar bucket ("avatars") which backs the public profile card that other users see when they tap your name.
You can retake or remove your selfie at any time from Settings. When you delete your account, both copies of the photo are permanently deleted.
7. How We Handle Your Surname
When you set up your profile we ask for your real first name and surname. Your first name is shown publicly alongside your profile and in chats. Your surname is never displayed anywhere in the app. Other users cannot see it, it is not returned from any public API endpoint, and it is not included in search results or any profile screen.
We hold your surname on the server for a narrow set of lawful purposes only:
- To respond to valid legal or law-enforcement requests;
- To resolve formal disputes and support enquiries where the counterparty or a regulator needs to know who they are dealing with;
- To meet our own legal, tax, and record-keeping obligations as a sole trader.
This is a deliberate data-minimisation decision. We collect the surname because we cannot later reconstruct it if it is ever needed, but we strip it from every API response that reaches another user. Access to surname fields is restricted at the database and edge-function layer to a small number of server-side code paths.
If you want to change the first name or surname on your account, please email contact@localla.net — name changes are a support-mediated flow.
8. Third-Party Services
Localla is built on a small set of carefully chosen third-party services. These are the only organisations that process your personal data on our behalf, and each has been selected for its security and data-protection posture.
Cloud hosting and database provider (servers located in the European Economic Area) — provides our database, authentication, file storage, realtime messaging, and serverless edge functions. This provider is our core data processor and is contractually bound under a Data Processing Agreement.
Apple — provides Sign in with Apple, in-app purchases (when the Localla Plus subscription launches), and push notification delivery via Apple Push Notification service (APNs).
Google — reserved for Sign in with Google on Android. Google sign-in is not active at launch but the integration is present in the app.
AI content moderation provider (data processed in the United States) — provides the text classification endpoints used by our moderation pipeline. When a job post is submitted, its text is sent to this provider's moderation and classification APIs for automated review. Our provider does not train its models on this content (API traffic is excluded from training by default under the provider's enterprise terms).
Mapping and route calculation provider — provides the routing service used to calculate approximate travel-time estimates between a generalised origin and a generalised job location. Only approximate coordinates are sent; no user identity is attached to the routing request.
Push notification delivery provider — relays push notification payloads to Apple and Google notification services. Push tokens are handled by this provider on our behalf.
We do not sell your personal data to any third party, and we do not use advertising networks, behavioural ad tracking, or third-party analytics SDKs.
9. International Transfers
Some of the services above process data outside the United Kingdom. Specifically:
- Our cloud infrastructure provider is hosted in a region within the European Economic Area, which is covered by UK adequacy arrangements. This provider may replicate backups across other EEA regions.
- Our AI content moderation provider's APIs are served from the United States. The United States does not benefit from a UK adequacy decision for all transfer routes, so we rely on the International Data Transfer Addendum to the EU Standard Contractual Clauses (the UK IDTA) as the safeguard for this transfer, together with the provider's own enterprise security and privacy commitments.
- Apple and Google operate global infrastructure and may process authentication and push-notification data in countries outside the UK, under their own published transfer safeguards.
Where personal data is transferred outside the UK, we rely on one of the lawful transfer mechanisms in Chapter V of the UK GDPR — usually UK adequacy (for EEA transfers) or the UK IDTA / Standard Contractual Clauses (for transfers outside the EEA). You can ask us for more information about these safeguards by emailing contact@localla.net.
10. How Long We Keep Your Data
We keep personal data only for as long as we need it for the purpose for which it was collected, or for as long as we are required to by law.
Active account data: retained for as long as your account is active.
Account deletion: when you delete your account in Settings, your profile is anonymised immediately, your profile selfie is hard-deleted from both storage buckets, and your chat partners see an anonymised "deleted user" stub in place of your name so that the conversation history remains coherent for them. Backup copies are purged within 30 days. A short record of the deletion event (date, reason category) is retained in our account-deletion audit log for ICO compliance.
Job posts and chat history: retained while relevant to the Service. After deletion or closure, anonymised stubs may remain visible to the other party for continuity.
Reports, bans, and moderation records: where you have been the subject of a report or ban, the underlying record is retained on a legitimate-interests basis for as long as is necessary for fraud prevention and platform safety.
Banned-identity hashes: if an account is permanently banned, one-way hashes of the sign-in identifier and email address are retained indefinitely to prevent the banned user from creating a new account. No reversible personal data is kept in this table.
Surname and legal records: retained for up to six years after account closure where UK law, tax, or dispute-resolution obligations require it.
Diagnostic and crash logs: typically retained for up to 90 days, then deleted or fully anonymised.
We do not currently process biometric data, but for transparency: if we ever did, biometric data would be hard-deleted immediately on account deletion with no retention grace period, in line with the stricter rules under Article 9 of the UK GDPR.
11. How We Protect Your Data
We take the security of your personal data seriously and have implemented technical and organisational measures appropriate to the risk, as required by Article 32 of the UK GDPR.
Encryption in transit: all traffic between the app and our backend is encrypted over TLS 1.3.
Encryption at rest: our cloud infrastructure provider encrypts our database and storage buckets at rest using industry-standard algorithms.
Row-level security: every table containing user data has Postgres row-level security policies enabled, restricting access to rows that belong to the authenticated user or that the user is explicitly authorised to see.
Server-side access control for sensitive fields: fields such as surname are stripped from API responses at the edge-function layer before any data leaves the server. Your profile selfie is served only through short-lived signed URLs scoped to an active chat.
Audit logging: privileged access to sensitive tables is audit-logged. (For example, the dormant biometric audit log table captures every access attempt against the biometric schema, even though that schema is not in active use.)
Principle of least privilege: only a minimal set of server-side functions can access sensitive fields, and access is scoped to the specific task at hand.
Authentication: we do not handle passwords ourselves — authentication is delegated to Sign in with Apple (and, in future, Sign in with Google), both of which support strong device-based authentication and two-factor verification on the provider side.
No internet service can be perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by Article 33 of the UK GDPR, and we will inform affected users without undue delay where Article 34 requires it.
12. Cookies and Marketing Communications
The Localla mobile app does not use cookies. We do not operate an advertising SDK, a behavioural tracking SDK, or a third-party analytics SDK. Secure on-device storage is used only for your authentication session, not for tracking.
Push notifications from Localla currently fall into two categories:
Transactional notifications — messages about direct activity on your account, such as a new chat message or someone showing interest in your job. Under the Privacy and Electronic Communications Regulations 2003 (PECR), these are service messages and not direct marketing. You can turn them off at the OS level in your device Settings.
Marketing communications — promotional emails or marketing-style push notifications. Localla does not send marketing communications at launch. If we introduce marketing communications in future, we will ask for your separate opt-in consent first, in line with PECR Regulation 22, and every marketing message will include an easy unsubscribe mechanism.
The localla.net website does not use analytics cookies or any non-essential cookies at the time of writing.
13. Children's Privacy
Localla is rated 17+ on the App Store and is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 18. Sign-in is gated through Apple Sign-In, which applies the age rating at the device level.
If you believe a child under 18 has created an account, please email contact@localla.net and we will investigate and, if confirmed, delete the account and associated data promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, our data-handling practices, or the law. When we make material changes, we will bump the version number at the top of this page, update the "Last updated" date, and prompt you to re-acknowledge our legal terms inside the app. Minor editorial changes will be made silently. The current version of this policy aligns with our internal legal version 1.
We recommend reviewing this policy periodically. Your continued use of Localla after a material update becomes effective constitutes acceptance of the updated policy.
15. How to Contact Us and Your Right to Complain
If you have any questions about this Privacy Policy, wish to exercise any of your UK GDPR rights, or want to raise a concern about how we handle your personal data, please contact us first at:
Email: contact@localla.net
Data controller: Localla, trading as Localla
Website: localla.net
We will do our best to resolve any concern directly. However, you also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the regulator for data protection in the United Kingdom.
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk
Exercising your right to complain to the ICO does not affect any other legal rights or remedies you may have.