privacy, in plain english.

last updated · 4 may 2026

plus1 is built with the same data minimum as a paper noticeboard at the trail centre. we store only what's needed for the app to work, we never sell or share it for advertising, and you can wipe it all by deleting your account. the rest of this page is the long-form version of that sentence — written so a normal human can read it.

who we are.

plus1 is an independent iOS app made by moss davis, a sole developer based in the forest of dean, gloucestershire, united kingdom. we're the data controller for everything described on this page. you can reach us any time at hello@plus1app.uk.

what data we collect.

we only collect what we genuinely need to make the app work. nothing about your device fingerprint, ad ID, contacts, or anything you didn't actively give us.

email address

required to sign you in. if you use sign in with apple and choose to hide your email, we receive only the relay address apple gives us — never your real one.

name (optional)

a display name shown next to rides you post and comments you leave. you can leave it blank or use a nickname.

home riding area (optional)

a free-text region you ride in (e.g. "forest of dean"). used only to default your feed to nearby rides. never required.

rides you post

title, description, photo, location (lat/lng + optional what3words address), date/time, duration, discipline, vibe, skill level, capacity, optional whatsapp link, "how to find us" notes.

attendance

when you tap "attend" on a ride, we record that you're going so the host and other attendees can see headcount.

comments

anything you write in a ride's comments thread, with a timestamp and your display name.

push token

the apple push token for your device, so we can send you ride reminders and notify you when someone joins your ride or comments on it.

what we do not collect: analytics, advertising identifiers, location tracking in the background, your contacts, your photo library beyond the single image you pick when posting a ride, device fingerprints, crash reports tied to your identity, third-party cookies, or behavioural data of any kind.

how we use it.

to show you rides — your feed needs ride data; ride data needs hosts.
to send you notifications — a reminder the day before and an hour before a ride you're attending; a ping when someone joins your ride or comments on it. you can turn these off in iOS settings any time.
to schedule local reminders — these are scheduled on your device, by your device, and never leave it.
to keep the app secure — basic abuse prevention (e.g. spotting spam patterns server-side).

we do not use your data for advertising, profiling, or training machine-learning models.

sign in with apple.

plus1 supports sign in with apple. when you use it:

apple sends us a verified user identifier, your name (the first time only, if you choose to share it), and either your real email or apple's private relay address.
we never receive your apple id password, your devices, your purchases, or anything else from your apple account.
if you choose "hide my email," messages we send you (e.g. password reset, the rare account email) go through apple's relay and only apple knows your real address. we're fine with that.

where the data lives.

plus1's backend runs on supabase, a managed postgres + auth + storage service. supabase processes data on our behalf in eu-west data centres. they don't use your data for their own purposes.

push notifications are delivered via apple push notification service (apns), operated by apple. we send apple a push token and a short message; apple delivers it to your device.

if you type a what3words address into a ride, we may call the what3words api to validate or autosuggest it. only the text you type is sent.

third parties, full list: supabase (backend hosting), apple (sign in with apple, push notifications), what3words (optional location autosuggest). that's it. no facebook sdk, no google analytics, no ad networks, no segment, no mixpanel, no anything else.

how long we keep it.

we keep your data for as long as your account exists. when you delete your account (which you can do from the in-app profile screen, or by emailing us), we delete:

your auth record and email
your name, home riding area, and any other profile fields
your push tokens
rides you posted are anonymised — the ride content stays so attendees who joined still have a record, but it's no longer associated with you.
your comments are deleted.
uploaded photos are deleted from storage.

if you'd like everything wiped — including any anonymised ride records — email hello@plus1app.uk and we'll do it within 30 days.

your rights.

under the uk gdpr you have the right to:

access — ask us for a copy of everything we hold on you.
correction — fix anything that's wrong (you can edit most of it yourself in the app).
deletion — wipe your account, as described above.
portability — get your data in a machine-readable format.
object — to any processing you're not happy with.
complain — to the uk information commissioner's office (ico.org.uk) if you think we've got something wrong.

email hello@plus1app.uk for any of the above.

cookies and tracking.

the iOS app uses no cookies and no third-party tracking sdks of any kind. the marketing website you came from (plus1app.uk) is a static html page with no analytics or trackers either.

children.

plus1 is not designed for, marketed to, or knowingly used by anyone under 13. if you're under 13, please don't use the app. if you're a parent or guardian and discover that your child has signed up, email us and we'll delete the account.

security.

we take reasonable steps to protect your data:

all traffic to the backend is over https/tls.
passwords are hashed with bcrypt by supabase auth — we never see your plaintext password.
row-level security policies on the database mean users can only read/write their own rows where appropriate.
the apns key, supabase service-role key, and other secrets live only on the server, never in the iOS app binary.

no system is perfectly secure. if you ever spot something concerning, please email us first — we'd rather hear from you than from the news.

changes to this policy.

if we ever change anything material, we'll update the "last updated" date at the top and — if it actually affects you — let you know in the app. the historical version will stay archived on request.

contact.

any privacy question, request, or complaint:

moss davis
email · hello@plus1app.uk
forest of dean, gloucestershire, united kingdom