Privacy Policy

Last updated: 1 July 2026

1. Who we are

MyLocalLoo ("we", "us", "our") is the MyLocalLoo mobile app and this website (mylocalloo.com). MyLocalLoo is a sole trader business based in the United Kingdom and is the data controller for the personal data described in this policy.

Contact: support@mylocalloo.com · Correspondence address: Suite A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE, United Kingdom.

2. Privacy at a glance

  • You don't need an account to browse the map — but posting a review requires a free account (Sign in with Apple, Google, or email).
  • Your live location is used on your device and is never stored on our servers.
  • The free app shows ads via Google AdMob (Premium removes them). You'll be asked for tracking permission — you can decline and still use everything.
  • Reviews you post are stored on our servers and shown publicly, tied to your account so they sync across your devices.
  • You can delete your account and erase your data at any time from within the app.

3. What we collect and why

Location. When you grant permission, your device's location is used on-device to centre the map and to request nearby toilets and EV chargers. The coordinates are sent to the third-party data sources (section 6) to return nearby results. We do not store your location on our servers or keep any location history.

Accounts. Posting a review requires a free account. You can create one with Sign in with Apple, Google, or an email address and password. We store your account identifier and the email address associated with the account (with Sign in with Apple you may choose to hide your email, in which case we receive Apple's private relay address). We use this only to authenticate you, attribute your reviews to you, and let them sync across your devices. Authentication is handled by Supabase. Lawful basis: performance of a contract (providing your account) and our legitimate interest in a trustworthy community map. You can delete your account at any time (section 9).

Reviews. If you post a review, it is sent to and stored on our servers (via Supabase) and shown publicly to other users. A review includes your star ratings, your written comment, an optional display name you choose, the name and approximate coordinates of the place you reviewed, and your account identifier (so you can view, sync and delete your own reviews). Review text is automatically screened for prohibited content (section 6) before it is shown. Lawful basis: our legitimate interest in providing a useful, trustworthy community map.

Community submissions. If you add a missing loo, we store the details you provide (such as the name, location and features of the facility), your account identifier, and any optional contact email you include, so we can review and publish it. Submitted text is automatically screened for prohibited content (section 6) before it is shown. Lawful basis: our legitimate interest in maintaining an accurate, useful community map.

On-device data. Favourites, saved collections, downloaded offline areas, issue reports and preferences (e.g. currency, units, appearance) are stored only on your device and never sent to us.

Business listings. If you list a venue (on the website), we process the email address you sign in with (via a magic link), your venue details, and — if you subscribe — billing information handled by Stripe. Lawful basis: performance of a contract and our legitimate interest in operating the listings service.

Support & enquiries. If you email us or use a contact form, we process the name, email and message you provide (the website form uses Cloudflare Turnstile to prevent spam, and Resend to deliver the message to us). We use this only to respond.

4. Anonymous device identity

So that the app works before you sign in, it creates a persistent anonymous account (an anonymous Supabase user). It is not linked to your name, email, Apple ID or any contact details. Under UK GDPR this counts as an online identifier, so we treat it as personal data and you can erase it (section 9). When you sign in with Apple, Google or email, your activity (such as the reviews you post) is tied to that account instead, which is how your reviews follow you across devices.

5. Advertising

The free version of the app shows ads through Google AdMob, a Google advertising service. To show and measure ads, AdMob may collect your device's advertising identifier (IDFA), ad interactions and usage data, and general device and diagnostic information.

On iOS we ask your permission first via Apple's App Tracking Transparency prompt. If you allow it, ads may be personalised using your advertising identifier; if you decline, you will still see ads but they will be non-personalised. You can change this at any time in iOS Settings → Privacy & Security → Tracking.

For the data it collects through ads, Google acts as an independent controller. See Google's Privacy Policy and how Google uses advertising data. Premium subscribers do not see ads.

6. Who we share data with

We use a small number of trusted providers ("processors") to run the service:

  • Supabase — database and authentication (anonymous sessions and your account; stores reviews and business listings).
  • Apple and Google — if you choose to sign in with them, they authenticate you and provide your account email/basic profile to us. Your use of those services is governed by Apple's and Google's own privacy policies.
  • Cloudflare — website hosting, security, and Turnstile bot-protection.
  • Stripe — payment processing for business subscriptions (we never see your full card details).
  • OpenAI — automated moderation of review and community-submission text only (no account data).
  • Resend — delivery of support/enquiry and business sign-in emails.
  • Google AdMob — serves ads in the free version of the app and may collect advertising/usage identifiers (see section 5).
  • Apple — in-app Premium subscriptions are processed entirely by Apple.

The app also queries open public data sources to show facilities — the Great British Public Toilet Map, OpenStreetMap (Overpass) and OpenChargeMap — sending only approximate coordinates. Some of these providers are based outside the UK/EEA; where data is transferred internationally we rely on appropriate safeguards such as the providers' standard contractual clauses. We never sell your data.

7. Cookies

The website uses only strictly-necessary cookies (for example, to keep a business owner signed in and for security). We do not use analytics, advertising or tracking cookies. See our Cookie Policy for details.

8. How long we keep data

On-device data lasts until you delete the app. Your account, reviews and business listings are kept until you delete them (deleting your account removes them all). Support emails are kept only as long as needed to handle your enquiry. When a business subscription ends, the listing is removed from the map.

9. Your rights

Under UK GDPR you have the right to access, correct, erase, restrict or object to the processing of your personal data, and to data portability. To exercise them:

  • In the app, use "More → Account → Delete account" (or "More → Privacy → Delete account & data") to permanently delete your account, your reviews, any venues, and all on-device data.
  • Not signed in? The same option ("Forget & delete me") erases your reviews, any venues, and your anonymous identity.
  • Businesses can edit or delete their venues (and cancel subscriptions) from the dashboard.
  • Or email support@mylocalloo.com and we will respond within 30 days.

You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk.

10. Children

MyLocalLoo is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes & contact

We may update this policy; changes are posted here with a new "Last updated" date. Questions or requests: support@mylocalloo.com.