Privacy Policy | The Daily Mulligan

2.1. Introduction & Who We Are

This Privacy Policy explains how Bright Sky Apps Ltd ("we", "us") collects and processes your personal data when you use The Daily Mulligan website and apps. We are the data controller for UK GDPR purposes. Contact: [email protected]. Registered office: 27 Victoria Street, Carnoustie, Angus, Scotland, DD7 7LW.

We are committed to protecting your privacy. We do not and will never sell your personal data to third parties.

2.2. Scope

This Policy applies to the website, apps, and related services, including analytics, advertising on free tiers, customer support, promotions, and payments handled by Apple, Google, or Stripe.

2.3. Personal Data We Collect

Account & Profile

Email address (used as your account identifier), display name, password (hashed and salted; unreadable to humans), preferences, subscription tier, Founding Member status.

Usage & Device Data

App/device identifiers (e.g., advertising IDs where permitted), device type/OS, app version, IP address, general location (derived from IP), language, time zone.
Logs and diagnostic data, crash reports (via Firebase and Sentry), performance metrics.
Analytics events (via Google Analytics, Firebase, OpenPanel), including pages/screens viewed, session duration, features used, clicks, referrers/UTM.

Content & Community

Comments, likes, reports/flags you submit, and moderation outcomes.
Entries to promotions, contests, or sweepstakes (plus any required eligibility information specified in Official Rules).

Payments & Subscriptions

For Apple and Google in-app purchases: purchase identifiers, status, and metadata as returned by the platforms. We do not receive your full payment card details.
For web purchases via Stripe: limited billing details (e.g., last 4 digits, expiry month/year), payment status, and your email. Card data is processed by Stripe.

Support & Communications

Emails or messages you send to us (including metadata), support tickets, and your communication preferences.

Cookies & Similar Technologies

Cookies, local/session storage, and SDKs used for authentication, preferences, analytics, and advertising (see 2.10 Cookies).

2.4. Special Categories & Children

We do not intentionally process special category data (e.g., health, religion) and do not knowingly allow under-13s to create accounts. If you believe a child has provided data, contact us and we will delete the account where required.

2.5. Why We Use Your Data (Purposes) & Lawful Bases

Purpose	Examples	Lawful Basis
Provide and operate the Service	Authenticate users; deliver content; maintain accounts	Contract
Process subscriptions & purchases	Manage entitlements; verify receipts; fraud prevention	Contract; Legitimate Interests
Customer support & communications	Respond to requests; service updates	Contract; Legitimate Interests
Analytics & product improvement	Measure usage; improve features; debug crashes	Legitimate Interests (minimised & balanced)
Advertising to free-tier users	AdMob (app) / AdSense (web); measure ad performance	Consent (where required); Legitimate Interests (contextual ads)
Promotions & sweepstakes	Manage entries, eligibility, prize fulfilment	Contract; Consent (where required)
Security & abuse prevention	Detect violations; protect users; enforce Terms	Legitimate Interests; Legal Obligation
Legal & compliance	Record-keeping; respond to lawful requests	Legal Obligation

Where we rely on consent, you can withdraw it at any time (e.g., via your privacy settings or cookie banner). Where we rely on legitimate interests, we balance our interests against your rights and expectations.

2.6. Sharing Your Data

We share personal data only with:

Service providers (processors): hosting, analytics (Google Analytics, Firebase, OpenPanel), crash reporting (Firebase, Sentry), advertising (AdMob, AdSense), email delivery, and customer support tools under appropriate contracts.
Payment & platform partners: Apple App Store, Google Play, and Stripe to process purchases and entitlements.
Authorities or legal requests: where required by law, to enforce our rights, or protect users.
Business transfers: if we undergo a reorganisation, merger, or sale of assets, subject to continued protection of your data.

We do not sell personal data.

2.7. International Transfers

We may transfer data outside the UK/EEA where vendors are located internationally. Where we do so, we use approved safeguards such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs) with the UK Addendum, plus risk assessments as needed.

2.8. Data Retention

We keep personal data only as long as necessary for the purposes above:

Account data: for the life of your account and for up to 6 years after closure for record-keeping/legal purposes.
Analytics & logs: typically 14–26 months, unless a longer period is needed for security or legal reasons.
Promotion data: for the duration of the promotion and as required by law.

We may anonymise or aggregate data for research and statistics.

2.9. Security

We use industry-standard security measures, including encryption in transit and at rest where appropriate, access controls, and secure development practices. Passwords are hashed and salted and not readable by humans. No method of transmission or storage is 100% secure, but we continually improve our safeguards.

2.10. Cookies, Local Storage & SDKs

We use cookies and similar technologies to:

keep you signed in; remember preferences;
perform analytics (Google Analytics, Firebase, OpenPanel);
deliver advertising to free-tier users (AdMob, AdSense) depending on your consent settings;
measure campaign performance.

Consent Management: On the website we present a cookie banner allowing you to accept, reject, or customise cookies (including ad personalisation). In apps, we request applicable platform permissions/consents. You can change choices at any time in Settings.

Typical categories:

Strictly necessary (authentication, security);
Performance/analytics (usage measurement);
Advertising (ad delivery/personalisation);
Functionality (preferences, media playback).

Your browser or device may allow you to block cookies/IDs; this may impact functionality. See our Cookie Settings for details of specific cookies/SDKs and retention periods.

2.11. Your Rights (UK GDPR)

You have the right to:

Access your data;
Rectify inaccurate data;
Erase your data (where applicable);
Restrict or object to certain processing (including direct marketing);
Data portability (receive your data in a commonly used format);
Withdraw consent at any time for consent-based processing;
Complain to the UK Information Commissioner's Office (ICO).

To exercise rights, contact [email protected]. You also have the right to complain to the ICO at ico.org.uk.

2.12. Marketing Communications

With your consent (where required), we may send you updates about features, promotions, and news. You can unsubscribe via the link in emails or your account settings. Transactional or service messages will still be sent.

2.13. Do Not Track / Signals

Our web Service does not currently respond to Do Not Track signals. You can manage consent and cookies via our banner/settings.

2.14. Social Media & Advertising

We operate official accounts on LinkedIn, X (Twitter), Instagram, Facebook, and TikTok. Interactions with these platforms are governed by their privacy policies. We may run advertising campaigns on these platforms subject to your consent choices where applicable.

2.15. AI & Editorial Transparency

We may use AI tools to assist editors. Humans make the final editorial decisions and publish the content. Content is entertainment-focused and may not be factual. Images are original works created by us and are not of known persons; resemblances are coincidental.

2.16. Third-Party Links

Our Service may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal data.

2.17. Changes to this Policy

We may update this Policy. Material changes will be notified via the Service or by email. Continued use after the effective date constitutes acceptance.

2.18. Contact

For privacy requests or questions: [email protected] Data Controller: Bright Sky Apps Ltd (SC390778), 27 Victoria Street, Carnoustie, Angus, Scotland, DD7 7LW.

COOKIE POLICY (Summary)

A full Cookie Policy and in-product Cookie Settings will provide a live list of cookies/SDKs in use. Categories include:

Strictly Necessary: session cookies, authentication tokens, CSRF;
Analytics: Google Analytics, Firebase, OpenPanel IDs;
Advertising: AdSense (web), AdMob (app) identifiers;
Functionality: preference and media cookies.

Retention periods vary by provider. You can change consent at any time via the banner (web) or app settings.