Privacy Policy for Not Guilty®
Effective Date: January 10, 2025
Last Updated: January 10, 2025
1. Introduction
Not Guilty® ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications and related services.
Scope: This Privacy Policy applies to both Not Guilty® mobile applications:
- NG Lawyer - For legal professionals (lawyers, barristers, legal consultants)
- Not Guilty® - For individuals seeking legal services
2. Information We Collect
2.1 Personal Information You Provide
For Legal Professionals (NG Lawyer App):
- Professional Information: Name, email address, phone number, date of birth
- Professional Qualifications: Legal qualifications, certifications, licenses, practice areas
- Professional Experience: Years of practice, specializations, case history
- Service Areas: Geographic areas where you provide legal services
- Availability: Schedule, consultation hours, service capacity
- Professional Documents: Certificates, licenses, insurance information
For General Public (Not Guilty App):
- Personal Information: Name, email address, phone number, date of birth
- Legal Case Information: Case details, legal matter type, urgency level
- Contact Preferences: Preferred communication methods and times
- Service Requirements: Type of legal assistance needed, budget considerations
For Both App Types:
- Account Information: Username, password, profile settings
- Service Requests: Information you provide when requesting or offering legal services
- Dynamic Questionnaire Data: Based on the specific legal service type, we may collect additional information through dynamic questionnaires. This data includes:
- Personal details relevant to your legal matter or professional services
- Case-specific information required for service validation
- Consent confirmations for data processing under UK GDPR
- Documentation and evidence related to legal cases
- Contact preferences and communication history
Purpose of Questionnaire Data: The information collected through these dynamic questionnaires is analysed by our lawyer and admin team for:
- Service request validation and matching
- Professional service verification
- Case assessment and preparation
- Ensuring compliance with legal aid and regulatory requirements
2.2 Data Minimization and Privacy Protection
IMPORTANT: Our platform implements strict data minimization policies to protect your privacy:
Financial Information Collection:
- What We Collect: Financial categories and ranges only (e.g., "£20,000 - £30,000", "Under £1,000")
- What We Do NOT Collect: Specific financial amounts, account details, precise figures, or bank account information
- Purpose: Enable service provision while protecting financial privacy
- Examples: Salary ranges, income categories, maintenance fund ranges, investment amount ranges
Child Information Collection:
- What We Collect: Age groups and categories only (e.g., "Child 6-12 years", "Teen 13-17 years")
- What We Do NOT Collect: Specific child names, dates of birth, or detailed personal information
- Purpose: Enable legal case assessment while protecting children's privacy
- Examples: Age groups, living arrangement categories, relationship categories
Health and Medical Information Collection:
- What We Collect: Health categories and assessment status only (e.g., "Assessment completed", "Mental health considerations")
- What We Do NOT Collect: Detailed medical diagnoses, symptoms, treatment information, or medical records
- Purpose: Enable case evaluation while protecting medical privacy
- Examples: Health condition categories, assessment status, impact levels
Personal Communication Collection:
- What We Collect: Communication preferences and categories only (e.g., "Phone records", "Email correspondence")
- What We Do NOT Collect: Specific message content, emails, text messages, or private communications
- Purpose: Enable service coordination while protecting communication privacy
- Examples: Communication method preferences, evidence type categories
2.3 Content Warning and Consent System
For sensitive legal matters, our platform includes mandatory content warnings and consent mechanisms:
Mandatory Content Acknowledgments:
- Users must actively check consent boxes before accessing sensitive content
- Clear warnings about the nature of sensitive legal topics
- Direct links to relevant support organisations and helplines
- User acknowledgment is required for all sensitive forms
Sensitive Content Categories:
- Domestic Violence and Abuse: Links to National Domestic Violence Helpline
- Trafficking and Modern Slavery: Links to Modern Slavery Helpline
- Mental Health and Capacity: Links to Mind and mental health support
- Criminal Proceedings: Links to Legal Aid and support resources
Consent Mechanisms:
- All sensitive data collection requires explicit checkbox consent
- Users must acknowledge understanding of content sensitivity
- Support resources are prominently displayed
- Consent can be withdrawn at any time
2.4 Automatically Collected Information
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: App usage patterns, features accessed, time spent in app
- Log Data: IP address, browser type, access times, referring URLs
- Location Data: Important: We collect location information specifically for determining "Lawyer and Barristers Serviceable location" - this is NOT your current location, but rather the geographic areas where legal services are available and where legal professionals can provide services.
2.5 Biometric Information
Important Clarification: We use biometric data (such as fingerprint or facial recognition) ONLY for system validation purposes (e.g., device unlock, app authentication). We do NOT collect, store, or process your actual biometric data. The biometric validation is handled entirely by your device's operating system.
2.6 Payment and Subscription Information
For NG Lawyer App - In-App Subscriptions:
We offer auto-renewable subscriptions for legal professionals through the NG Lawyer app. Payment processing is handled by:
Apple App Store (iOS)
- Payment Processor: Apple Inc.
- Data Collected: Transaction details, subscription status, purchase history
- Data Shared: Apple processes all payment information; we receive subscription status only
- Privacy Policy: https://www.apple.com/legal/privacy/
Google Play Store (Android)
- Payment Processor: Google LLC
- Data Collected: Transaction details, subscription status, purchase history
- Data Shared: Google processes all payment information; we receive subscription status only
- Privacy Policy: https://policies.google.com/privacy
RevenueCat (Subscription Management)
- Purpose: Cross-platform subscription management and analytics
- Data Shared: Subscription status, product identifiers, anonymous user IDs
- Data NOT Shared: Payment card details, billing addresses (handled by Apple/Google only)
- Privacy Policy: https://www.revenuecat.com/privacy
What We Collect:
- Subscription status (active, expired, cancelled)
- Subscription tier and features
- Subscription start and renewal dates
- Purchase platform (iOS or Android)
What We DO NOT Collect:
- Credit card or payment card details
- Billing addresses or payment methods
- Bank account information
- Any financial credentials
Privacy Protection:
- All payment processing is handled by Apple or Google
- We never see or store your payment card information
- Subscription management through secure, GDPR-compliant platforms
- You can manage subscriptions directly through your Apple or Google account
3. How We Use Your Information
3.1 For Legal Professionals (NG Lawyer App):
- Providing and maintaining professional service platform
- Processing service requests and matching with potential clients
- Verifying professional qualifications and credentials
- Managing service area availability and scheduling
- Professional development and platform improvement
- Compliance with legal and regulatory requirements
3.2 For General Public (Not Guilty App):
- Providing and maintaining client service platform
- Processing legal service requests and matching with professionals
- Analysing questionnaire data for service validation and assistance
- Managing case information and communication
- Improving service matching and user experience
- Ensuring compliance with legal aid requirements
3.3 For Both App Types:
- Improving our services and user experience
- Communicating about our services and updates
- Ensuring security and preventing fraud
- Complying with legal obligations
- Providing customer support and technical assistance
4. Information Sharing and Disclosure
4.1 Between App Users
Important: Information sharing between legal professionals and clients is essential for service provision:
- Client to Professional: Case details, personal information, and legal matter specifics are shared with matched legal professionals to enable service provision
- Professional to Client: Professional qualifications, experience, availability, and service areas are shared with potential clients for service selection
- Consent Required: All information sharing requires explicit consent and is limited to what's necessary for service provision
4.2 Third-Party Services
We share information with the following third-party services:
Custom Authentication System
- Purpose: User authentication and account management
- Data Shared: Account credentials, profile information
- GDPR Compliance: Yes, handled internally with custom authentication mechanisms
- Custom Features: Multi-factor authentication, secure token management, custom session handling
- Data Control: Complete control over authentication data and processes
- Security Standards: OAuth 2.0, JWT tokens, secure password hashing
Firebase (Google)
- Purpose: Analytics, crash reporting, and app performance monitoring
- Data Shared: Usage analytics, crash reports, device information
- GDPR Compliance: Yes, Google provides GDPR-compliant data processing
Google Places API
- Purpose: Location-based services for legal professional matching
- Data Shared: Service area information, location preferences
- GDPR Compliance: Yes, Google provides GDPR-compliant data processing
AWS Infrastructure
- Purpose: Data storage, processing, and infrastructure
- Data Shared: Service requests, questionnaire responses, user data
- GDPR Compliance: Yes, AWS provides GDPR-compliant data processing
4.4 Custom Authentication Details
Internal Authentication System
- Purpose: Secure user authentication and account management
- Data Processed: Login credentials, authentication tokens, session data
- Data Location: Stored securely within our infrastructure
- Security Measures: Industry-standard encryption, secure token management
- User Control: Users can manage their authentication preferences and security settings
- Compliance: Built-in GDPR and CCPA compliance with user consent management
4.5 Legal Requirements
We may disclose your information when required by law or to protect our rights and safety.
4.6 Service Providers
We may share information with trusted service providers who assist in operating our platform.
5. Data Security
We implement appropriate security measures to protect your information, including:
- Encryption of data in transit and at rest
- Regular security assessments
- Access controls and authentication
- Secure data centers and infrastructure
- Professional data handling protocols for legal information
Additional Security Measures:
- Data Minimization: We collect only necessary information in structured categories
- Consent Management: All data collection requires explicit user consent
- Content Warnings: Mandatory acknowledgments for sensitive content
- Support Resources: Direct access to relevant support organisations
- Professional Standards: Legal industry best practices for data handling
6. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw consent for data processing
Additional Rights Under Our Data Minimization Policy:
- Right to Data Categories: Request information about what data categories we collect
- Right to Support Resources: Access to relevant support organisations and helplines
- Right to Content Warnings: Clear information about sensitive content before access
- Right to Consent Management: Control over all consent mechanisms
6.1 Account Deletion Feature
Important: You can delete your account through multiple methods.
Method 1: In-App Deletion (Immediate)
In-App Deletion: Go to your profile settings in the app
Delete Option: Select "Delete Account" or "Delete Data" option
Confirmation: Confirm your deletion request
Immediate Effect: Your account will be permanently deleted
Method 2: External Deletion Request (Team Processed)
Website Request: Visit https://notguiltyapp.co.uk/#/delete-account
Submit Request: Fill out the account deletion request form
Team Review: Our team will review and process your request
Confirmation: You will be contacted for verification and confirmation
Processing Time: Account deletion processed within 30 days
What Happens When You Delete Your Account:
- Account Removal: Your account is permanently removed from our systems
- Data Erasure: All your personal data is permanently deleted from our servers
- Service Termination: You will no longer have access to our services
- Professional Matching: Any ongoing legal service matches will be terminated
- Documentation: All uploaded documents and case information will be permanently deleted
Data Retention After Deletion:
- Account Data: Permanently deleted immediately (in-app) or within 30 days (external request)
- Legal Requirements: Some data may be retained if required by law or legal proceedings
- Professional Records: Legal professional verification records may be retained for regulatory compliance
- Audit Trails: Minimal audit information may be retained for security purposes
Recovery After Deletion:
- No Recovery: Account deletion is permanent and cannot be undone
- New Account: You can create a new account if needed
- Data Loss: All previous data and case information will be lost permanently
To exercise these rights, contact us at legal@notguiltyapp.co.uk.
For Account Deletion:
- Preferred Method: Use the in-app deletion feature for immediate effect
- Alternative Method: Use https://notguiltyapp.co.uk/#/delete-account for external requests
- Email Support: Contact us at legal@notguiltyapp.co.uk if you need assistance
- Response Time: In-app deletion is immediate; external requests processed within 30 days
7. Data Retention
We retain your information for as long as necessary to:
- Provide our services
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
Special Considerations:
- Legal Case Data: Retained for service validation and legal compliance requirements
- Professional Information: Retained for service verification and professional record-keeping
- Questionnaire Data: Retained for service validation and may be kept longer for legal compliance
Data Minimization Benefits:
- Reduced Storage: Less personal data means reduced storage requirements
- Lower Risk: Categorized data reduces privacy and security risks
- Faster Processing: Structured data enables efficient service provision
- Better Compliance: Meets strict app store and regulatory requirements
8. International Data Transfers
Your information may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers.
9. Children's Privacy
Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13.
Child Information Protection:
- We collect only age groups and categories, never specific names or dates
- All child-related data collection requires explicit consent
- Support resources are provided for child protection cases
- Data is minimized to essential categories only
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy in the app and updating the "Last Updated" date.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Not Guilty App Ltd
Email: legal@notguiltyapp.co.uk
Address: Bedford - MK42 7RP, United Kingdom (GB)
12. ICO Registration and Data Protection Officer
12.1 ICO Registration
Not Guilty is officially registered with the Information Commissioner's Office (ICO)
ICO Registration Details:
- Registration Number: ZB971336
- Registration Date: 28 August 2025
- Registration Status: Active and Compliant
- Data Controller: Not Guilty
- ICO Verification: https://ico.org.uk/ESD/search
What This Means for You:
- Your data is protected under official UK data protection supervision
- We are legally required to maintain the highest data protection standards
- You have additional rights and protections under ICO oversight
- Any data protection concerns can be escalated to the ICO
12.2 Data Protection Officer
For GDPR and data protection inquiries, contact our Data Protection Officer at:
Data Protection Officer
Email: legal@notguiltyapp.co.uk
Address: Bedford - MK42 7RP, United Kingdom (GB)
ICO Registration: ZB971336
12.3 ICO Contact Information
If you have concerns about our data handling that we cannot resolve, you can contact the ICO directly:
Information Commissioner's Office
Website: https://ico.org.uk/
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
---
*This Privacy Policy is compliant with GDPR, UK GDPR, and other applicable data protection regulations. Not Guilty® is officially registered with the ICO (Registration Number: ZB971336) and applies to both NG Lawyer and Not Guilty® applications.*