Spike Map

Spike Map Logo
Get In Touch

Privacy Policy

1. Who We Are

Spike Map is operated by AGLP Event Enterprises CIC, a Community Interest Company registered in England and Wales.

Company name: AGLP Event Enterprises CIC

Registered address: 1078 Warwick Road, Acocks Green, Birmingham, B27 6BH

Email: privacy@getspikemap.com

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, AGLP Event Enterprises CIC is the Data Controller for all personal data collected through the Spike Map mobile application and website (getspikemap.com).

2. What This Policy Covers

This Privacy Policy explains:

  • What personal data we collect
  • How we use your data
  • Our lawful basis for processing
  • How we protect and store your data
  • Who we share data with
  • Your rights under UK GDPR
  • How to contact us

Spike Map is a public-safety application designed to help reduce drink spiking and raise awareness.

We never sell your personal data.

3. Information We Collect

We collect data in the following ways:

A. Information You Provide Directly

    • Account details: email address and password
    • Reports submitted: location of incident, date/time, symptoms, notes, and optional photos
    • Safety contacts: numbers you manually add
    • Messages to us: support requests or feedback

Lawful basis:

  • Contract (account creation & app use)
  • Explicit Consent (incident reports involving health-related information)

B. App Permissions

To provide core safety features, the App may request:

    • Location (GPS)

Used to:

    • Let you file accurate reports
    • Show nearby safety alerts
    • Display local incidents on the heatmap

Lawful basis: Consent (you can withdraw at any time)

    • Phone & SMS (Call / Text Shortcuts)

Used only for:

      • Quick-dial emergency services
      • Quick access to your saved safety contacts
      • Sending safety alerts to your phone (SMS only if you choose)

We do NOT read, store, or access the content of your messages or calls.

Lawful basis: Consent + Legitimate Interests (public safety features)

C. Automatically Collected Data

      • Device type & OS
      • App usage statistics
      • Crash logs (to fix bugs)

Lawful basis: Legitimate Interests (service improvement)

4. How We Use Your Information

We use your information to:

    • Create and manage your account
    • Allow you to submit and view reports
    • Generate anonymised heatmaps of reported incidents
    • Deliver safety alerts based on your area
    • Provide quick-dial access to emergency numbers
    • Improve the App’s stability and performance

We do not use your data for advertising.

5. How We Share Your Information

We never sell your data.

We may share anonymised, aggregated, non-identifiable data (which cannot be linked back to you) with:

    • UK Government bodies
    • Registered NGOs
    • Police and security agencies
    • Academic research organisations

Purpose: public safety, awareness, and statistical reporting only.

We do not share personal data unless required by law (e.g., a lawful police request).

6. Third-Party Service Providers (Processors)

To operate our services, we may use trusted third-party providers, such as:

    • Cloud hosting providers (e.g., AWS, Google Cloud, Azure)
    • Email delivery providers (e.g., SendGrid, Mailgun)
    • Analytics & crash reporting (e.g., Firebase Crashlytics)

These providers process data only on our instructions and must comply with UK GDPR.

We keep a full list available on request.

7. International Data Transfers

Some of our third-party providers may store data outside the UK.

When this happens, we ensure that appropriate safeguards are in place, such as:

  • ICO-approved International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)
  • UK adequacy regulations

This ensures your data remains protected.

8. Data Retention

We only keep your data for as long as necessary.

  • Account data: kept until you delete your account or request removal
  • Reports: stored for 24 months, then anonymised for statistical use
  • Crash logs & analytics: kept for up to 12 months
  • Emails/support messages: kept for up to 12 months

Anonymised data may be kept longer as it cannot identify you.

9. Children’s Privacy

Spike Map is not intended for children under 16.

We do not knowingly collect data from anyone under 16.

If you believe a child has used the App, please contact us to remove their data.

10. Your Rights Under UK GDPR

You have the following rights:

  • Right to access – ask for a copy of your data
  • Right to rectification – correct inaccurate data
  • Right to erasure – request deletion of your personal data
  • Right to withdraw consent – e.g., stop location/SMS permissions
  • Right to object – to certain types of processing
  • Right to data portability – transfer your data elsewhere
  • Right to restrict processing – in certain situations

To exercise your rights, contact us at: privacy@getspikemap.com
If you are unhappy, you may also complain to the ICO: https://ico.org.uk/

11. Data Security

We use strong, modern security measures to protect your data, including:

  • Encrypted data storage
  • Encrypted communication (HTTPS/TLS)
  • Limited internal access
  • Regular security audits
  • Secure authentication

While no system is 100% secure, we follow best practice to minimise risk.

12. Changes to This Policy

We may update this policy occasionally.

If significant changes are made, we will notify you through:

  • The App
  • Email
  • Website notice

13. Contact Us

For questions or requests regarding your data:

AGLP Event Enterprises CIC

1078 Warwick Road

Acocks Green

Birmingham

B27 6BH

United Kingdom

Email: privacy@getspikemap.com