Last updated: 12 February 2026
1. Who we are
Pothole Reporter (“the App”) is operated by Quantum Pivot (“we”, “us”, “our”), a company based in the United Kingdom. We are the data controller for the personal data we process through the App.
If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at: privacy@quantumpivot.dev
2. What data we collect
We collect the following categories of personal data when you use the App:
| Data | When collected | Purpose |
|---|---|---|
| Name | Registration | Account identification |
| Email address | Registration | Account management and communications |
| Precise GPS location | Reporting a pothole | Geotagging pothole reports on the map |
| Photos | Reporting a pothole | Visual evidence of potholes |
| Pothole descriptions and severity ratings | Reporting a pothole | Categorising reports |
| Device information | App usage | App functionality and debugging |
3. How we collect your data
- Directly from you — when you create an account, submit a pothole report, upload a photo, or contact us.
- Automatically from your device — we collect basic device information (such as device model, operating system version, and app version) to ensure the App functions correctly.
- From third-party sign-in providers — if you choose to sign in using Apple or Google, we receive your name and email address from the relevant provider.
4. Why we collect your data and our lawful basis
Under UK GDPR, we must have a valid lawful basis for processing your personal data:
| Processing activity | Purpose | Lawful basis |
|---|---|---|
| Account creation (name, email) | Create and maintain your account | Contract performance — Article 6(1)(b) |
| Pothole reports (descriptions, severity) | Improving road safety | Legitimate interests — Article 6(1)(f) |
| Precise GPS location | Geotagging pothole reports | Consent — Article 6(1)(a) |
| Photos | Visual evidence of potholes | Consent — Article 6(1)(a) |
| Device information | App functionality and debugging | Legitimate interests — Article 6(1)(f) |
Where we rely on legitimate interests, we have conducted a legitimate interests assessment and concluded that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests (see section 9).
Where we rely on consent, you may withdraw your consent at any time by adjusting the relevant permissions in your device settings.
5. How we use your data
- To create, authenticate, and manage your user account.
- To allow you to submit pothole reports, including attaching photos and location data.
- To display pothole reports on the App's map for other users to view.
- To communicate with you about your account or reports, where necessary.
- To maintain, improve, and debug the App's functionality.
- To comply with our legal obligations.
6. Who we share your data with
We share your data with the following third-party processors, each of which processes data on our behalf under a data processing agreement:
| Service | Purpose | Country | Safeguard |
|---|---|---|---|
| Supabase | Authentication and user management | United States | SCCs / IDTA |
| Backblaze B2 | Photo storage | United States | SCCs / IDTA |
| MongoDB Atlas | Database hosting | United States | SCCs / IDTA |
| Heroku (Salesforce) | API hosting | United States | SCCs / IDTA |
| Apple | Sign in with Apple | United States | Adequacy decision (partial) |
| Sign in with Google | United States | SCCs / IDTA |
We do not sell your personal data to any third party. We do not share your personal data with any third parties for their own marketing purposes.
7. International data transfers
Some of the third-party services we use are based in the United States. This means your personal data may be transferred from the United Kingdom to the United States. Where we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR, relying on the International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCCs) approved by the ICO.
You can request a copy of the relevant safeguard documentation by contacting us at privacy@quantumpivot.dev.
8. Data retention
| Data category | Retention period |
|---|---|
| Account data (name, email) | Retained while your account is active. Deleted within 30 days of account deletion. |
| Pothole reports and photos | Retained for 3 years from submission, then deleted. |
| Authentication logs | 12 months from the date of the log entry. |
| Anonymised and aggregated data | May be retained indefinitely, as this data can no longer identify you. |
9. Your rights under UK GDPR
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:
- Right to be informed — You have the right to be told how your personal data is being collected and used. This Privacy Policy fulfils that obligation.
- Right of access (Subject Access Request) — You have the right to request a copy of the personal data we hold about you. We will provide this free of charge within one calendar month.
- Right to rectification — You have the right to request that we correct any personal data that is inaccurate or incomplete.
- Right to erasure (“right to be forgotten”) — You have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it.
- Right to restrict processing — You have the right to request that we limit how we use your personal data in certain circumstances.
- Right to data portability — You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.
- Right to object — You have the right to object to our processing of your personal data where we rely on legitimate interests as our lawful basis.
- Rights related to automated decision-making — We do not carry out any automated decision-making or profiling using your personal data.
To exercise any of your rights, please contact us at privacy@quantumpivot.dev. We will respond within one calendar month.
10. How to delete your account
You can delete your account directly within the App by navigating to the Profile screen and selecting the account deletion option. Once you confirm deletion, we will remove your account data within 30 days. Alternatively, you can request account deletion by emailing us at privacy@quantumpivot.dev.
11. Cookies and tracking
The App does not use cookies, tracking technologies, or analytics services. We do not track your activity across other apps or websites.
12. Children's privacy
The App is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that data as soon as reasonably practicable.
13. Data security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit, secure authentication mechanisms, and access controls. While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by publishing the updated policy within the App and updating the “Last updated” date at the top of this page.
15. Disclaimer
Pothole reports displayed in the App are user-generated and we do not verify their accuracy, completeness, or reliability. We accept no responsibility for the accuracy of any pothole report submitted by users.
We are not responsible for any actions taken or not taken by local authorities or any other party based on reports submitted through the App. We are not responsible for road conditions, accidents, vehicle damage, personal injury, or any other consequences arising from the use of, or reliance on, information provided in the App.
Use of the App and its content is entirely at your own risk.
16. How to complain
If you are unhappy with how we have handled your personal data, we would appreciate the opportunity to address your concerns before you approach the regulator. Please contact us at privacy@quantumpivot.dev.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
- Website: https://ico.org.uk/make-a-complaint/
17. Contact us
If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us:
- Email: privacy@quantumpivot.dev
- Data controller: Quantum Pivot, United Kingdom