This Privacy Policy explains how Everycast Labs Ltd("we", "us", "our") collects and uses personal data when you use Scout Suite at nimbleape.eu.ngrok.io, create an account, or use our software and related services (the "Service").
Scout Suite is software for UK Scout groups, districts and counties. Groups using the Service may also process personal data about their members, parents and volunteers. In those cases, the scout group (or relevant charity/trust) is usually the data controller for that information, and Scout Suite acts as a data processor on their instructions.
Who we are
Scout Suite is operated by Everycast Labs Ltd, a company registered in England and Wales (company number 13499076). If you have questions about this policy or your data, contact us at privacy@scoutsuite.app.
Data we collect
Depending on how you use Scout Suite, we may process:
- Account data — name, email address, password hash, authentication provider identifiers, passkey credentials, and session information.
- Profile and organisation data — group, district or county details, roles, invitations, and settings you or your administrators provide.
- Member and parent data entered into the Service — on behalf of groups, including contact details, medical and safety information, attendance, badges, finance records, consent and communications. Groups are responsible for having a lawful basis to collect this information.
- Payment and billing data — subscription status, invoices and transaction references. Card and bank details are handled by our payment providers (such as Stripe and GoCardless), not stored directly by us.
- Usage and technical data — IP address, browser type, device information, pages viewed, and product analytics events.
- Communications — support messages, feedback, and emails or SMS sent through the platform.
How we use personal data
We use personal data to:
- provide, secure and improve the Service;
- authenticate users and manage accounts, roles and permissions;
- process subscriptions, invoices and payments;
- send service, security and transactional messages;
- provide support and respond to enquiries;
- monitor performance, fix errors and understand how features are used;
- comply with legal obligations and enforce our terms.
Legal bases (UK GDPR)
We rely on one or more of the following, depending on the processing:
- Contract — to provide the Service you or your organisation signed up for.
- Legitimate interests — to secure the platform, prevent abuse, improve the product and support customers, balanced against your rights.
- Consent — where required, for example certain analytics cookies or optional marketing communications.
- Legal obligation — where we must retain or disclose information by law.
Where we process personal data on behalf of a scout group, that group determines the lawful basis and is responsible for informing members and parents.
Sharing personal data
We may share data with:
- Infrastructure providers — for example Cloudflare (hosting, storage and security).
- Payment providers — such as Stripe and GoCardless for subscriptions and collections.
- Email and SMS providers — to deliver messages you or your group request.
- Analytics providers — such as PostHog to understand product usage (see our Cookie Policy).
- Integrations you enable — such as OAuth apps, API clients or SSO providers configured by a group or administrator.
- Professional advisers and authorities — where required by law or to protect rights and safety.
We do not sell personal data.
International transfers
We aim to store and process data in the UK or EEA where possible. If data is transferred outside the UK, we use appropriate safeguards such as UK International Data Transfer Agreements or equivalent mechanisms.
Retention
We keep personal data only for as long as needed for the purposes above, including while your account or organisation subscription is active and for a reasonable period afterwards for backups, disputes, accounting and legal compliance. Groups can configure some retention settings for operational records within the Service.
Security
We use technical and organisational measures to protect personal data, including access controls, encryption in transit, audit logging and role-based permissions. No online service can guarantee absolute security.
Your rights
Under UK data protection law you may have rights to access, rectify, erase, restrict, object to processing and data portability, and to withdraw consent where processing is based on consent. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
If your data was entered by a scout group, please contact them first. They can usually update or export records directly. We will assist groups with data subject requests where we act as processor.
Children
Scout Suite is not intended for direct use by children under 13. Young people's records are managed by authorised adult leaders and parents through group-controlled workflows. Groups must ensure they have appropriate consent and safeguarding arrangements.
Changes to this policy
We may update this policy from time to time. We will post the new version on this page and update the effective date. For material changes, we may also notify administrators by email or in-product notice.
Contact
Privacy enquiries: privacy@scoutsuite.app
General support: feedback@scoutsuite.app