Privacy Policy

1. Who we are

HTM Central is a platform for Heelwork to Music (HTM / canine freestyle) competitors and show organisers in the United Kingdom. We are the data controller for the personal data described in this policy. You can contact us at [email protected]. We comply with the UK GDPR as retained in UK law by the Data Protection Act 2018.

2. What personal data we collect

We collect data in several ways depending on how you use the service.

• From you, at signup: your name and email address, via our authentication provider, Clerk.
• From you, on your profile: date of birth, location (latitude/longitude and a location label), phone number, profile picture, a profile_picture_blurhash (a small placeholder image used while the real photo loads), and name_changed_at (when you last changed your name, used to rate-limit name changes).
• From you, as you use the service: the dogs you add (name, breed, date of birth, discipline, level, and claimed_at — when you claimed each dog), the show entries you submit, results recorded against your dogs by judges, and organisations you belong to and your role within them.
• Your 'not me' dismissals — when you dismiss a suggested dog match as not yours, we record the dismissal (which dog, when) so we don't suggest it again.
• Automatically, with your consent (or under legitimate interest on the mobile app): anonymised crash and error reports via Sentry, to help us fix bugs. We configure Sentry not to send personal data in error payloads, and we sample 10% of traces (a small fraction of requests, used for performance monitoring) in production.

3. Why we use it and on what basis

We only use your data for specific, lawful purposes.

• To run the service (account, entries, results, organiser tools) — because that's the contract you've signed up for (UK GDPR Article 6(1)(b)).
• To send anonymised crash reports — because you've said yes on the web (Article 6(1)(a)), or because keeping the app reliable is a legitimate interest (i.e. we have a good reason that doesn't unfairly affect you) on iOS/Android (Article 6(1)(f)), with an opt-out available under Profile → Privacy & data.
• To comply with the law when we have to (Article 6(1)(c)).

We never use your data for advertising or sell it to third parties.

4. Who we share it with

We use a small number of trusted sub-processors. We do not share your data with anyone else.

• Clerk Inc. (United States) — handles your sign-in, password, and multi-factor authentication.
• Functional Software, Inc. dba Sentry (United States) — error reporting, only with your consent on the web, or under legitimate interest on the app.
• Google LLC — the Maps Static API generates small map thumbnails for show venues. Only the public venue coordinates are sent; your location is not.
• Our hosting provider — runs the servers and database that power HTM Central.

5. International transfers

Clerk and Sentry are based in the United States. Where data leaves the UK, we rely on the UK International Data Transfer Addendum (UK IDTA) — a standard agreement approved by the UK government that requires the recipient to protect your data to UK standards.

Google may also receive map-thumbnail requests in the United States; this is covered by Google's own transfer mechanisms, including the UK IDTA where applicable.

6. How long we keep it

• We have no automatic deletion period for live accounts — if you continue to use the service, we continue to hold your data. If you'd like us to stop, see section 7.
• When you delete your account, we remove your personal information from our database immediately (name, email, phone, location, profile picture, blurhash, date of birth, and your 'not me' history). We also ask our authentication provider Clerk to delete your identity record; this is best-effort — if Clerk is unavailable at the moment of deletion, we log the failure and complete the local deletion anyway. Your dogs are demoted to the unclaimed pool with the handler name you used kept on each record so historical entries and results remain attributable. Strictly, this is pseudonymisation rather than full anonymisation — the handler name persists. We keep these historical competition records indefinitely, on the basis of the legitimate interest in maintaining accurate competition history for the sport.
• Sentry retains anonymised error reports for up to 90 days.

7. Your rights

Under UK GDPR you have the right to:

• Access your data — see what we hold about you.
• Rectify inaccurate data — correct what is wrong.
• Restrict processing — ask us to stop using your data while we look into a complaint.
• Erase your data — delete your account.
• Portability — download a copy of your data.
• Object to processing — including opting out of crash reports.
• Withdraw consent at any time, without affecting processing that happened before.
• Not be subject to automated decision-making — HTM Central does not make automated decisions about you that have legal or significant effects. If we ever introduce such processing, we will update this policy first.

You can do most of this yourself. Visit Profile → Privacy & data to download a copy of everything we hold about you, change your crash-report preference, or delete your account. For anything else, email [email protected].

8. Right to complain

If you believe we have mishandled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first.

9. Children

HTM Central is not directed at children under 13. We design the service with the principles of the ICO's Age Appropriate Design Code in mind. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app and on the website before they take effect.

11. Contact

Privacy questions: [email protected].

See also: our Cookies page for what's stored on your device and how to change your preferences.