Privacy Policy

The data controller for information processed by Recce Net is the security company that deploys the App to its officers (“your employer”). If you are an officer using this App in the course of your employment, please direct any data subject request to your employer's Data Protection Officer in the first instance.

For platform-level queries relating to the Recce Net service itself, contact: privacy@recce-net.app.

Account information

• Your full name, officer ID, email address, phone number.
• Your role, unit/division and line manager.
• Verification documents you upload (e.g. SIA badge, driving licence).

Reconnaissance and operational data

• Venue details, client names, visit dates, route plans, access points, threat observations and vehicle assignments you record.
• Photographs captured in-app for venue access points, emergency evacuation routes and threat observation documentation (uses the camera).
• Voice notes you dictate into assessment text fields (uses the microphone). Audio is streamed to our Edge Functions for transcription, and the original audio is discarded server-side after transcription completes. The resulting text transcript is retained alongside your recce.
• Location data (GPS coordinates, what3words addresses) for venues, access points, medical facilities, evacuation assembly points and, during a live event, periodic position checks for geofence-based reminders. Location is only sampled while you are actively using the App or an event is active.
• Incident logs, shift handovers and post-event debriefs created during live operations.
• Principal profile data (medical, allergies, known threats) is encrypted on-device using AES-256 before upload; plaintext never leaves your device.

Device and diagnostic information

• Device identifier (used solely to register push-notification tokens and revoke them on logout).
• Platform (iOS/Android) and app version.
• Crash reports and error logs.

• Contractual necessity — to deliver the service your employer has contracted from us.
• Legitimate interests — to operate and secure the platform, respond to incidents, generate the recce report, and improve our AI models' reliability. We balance these interests against your privacy rights.
• Legal obligation — to keep records as required by UK law, regulators or law enforcement.

Recce Net uses large language models to summarise reconnaissance data, score site risk, generate shift handovers, produce client reports and transcribe voice notes. The following data may be sent to third-party AI providers (OpenAI) via our Edge Functions solely for these purposes:

• Assessment fields you have recorded (no free-text personal data beyond the officer's full name appears in prompts).
• Voice-note audio files (discarded after transcription).
• Photograph content for the Photo Intelligence feature.

AI providers act as our processors under a data-processing agreement. Your data is not used to train their public foundation models.

• Supabase (authentication, database, file storage) — EU region.
• OpenAI API (natural-language AI features, audio transcription).
• Google Maps Platform (map tiles, geocoding, nearby-places search).
• WeatherAPI.com (weather forecast for impact analysis).
• what3words (address encoding for precise locations).
• Firebase Cloud Messaging (push notifications for live-ops incident alerts, when configured).

• Location (when in use / always) — to capture venue and access-point coordinates and, during a live event, to trigger geofence-based reminders when you approach marked points.
• Camera — to photograph access points, evacuation routes and threat observations for your recce report.
• Microphone (RECORD_AUDIO) — to record voice notes which you dictate into text fields of an assessment. Audio is transcribed on-device when offline, and sent to our Edge Functions for higher-quality transcription when you are online. You are in control of when recording starts and stops.
• Photos / media / files — to attach existing media to an assessment when you choose to.
• Notifications — to alert you to live-ops incidents and geofence events. You can disable these at any time in your device settings.
• Internet & network state — to sync your recces and receive AI-generated briefings.

Application-level personal data is retained for the duration of your employer's contract with Recce Net plus up to one month, after which it is deleted from our systems unless your employer requests a different retention period in writing. Audit logs required for compliance are kept for longer where the law requires.

Our primary data storage is in the European Union. Some third-party AI and notification providers process data in the United States; transfers rely on UK Standard Contractual Clauses and the UK's adequacy decision where available.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Request that inaccurate data be corrected.
• Request deletion (“right to be forgotten”).
• Request that processing be restricted.
• Request a portable copy of your data.
• Object to processing based on legitimate interests.
• Complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Data is transmitted over TLS, stored encrypted at rest, and access is gated by Supabase Row-Level Security policies. Principal profile data is additionally encrypted client-side with AES-256 + HMAC-SHA256 before it leaves the device.

Recce Net is a professional-use product for licensed security operators. It is not directed at children and we do not knowingly collect data from anyone under 18.

We may update this policy when new features are released or regulations change. The “Last updated” date at the top of this page will change accordingly. Material changes will be communicated in-app.

Questions about this policy or to exercise any of your rights:
privacy@recce-net.app