Ursidae App Privacy Policy

Last updated: May 19, 2026

This privacy policy explains what personal data NatureSpy ("the App") collects when you use it, why we process that data, who we share it with, where it is stored, and what rights you have. It applies to both the iOS and Android versions of the App and is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR).

Data Controller

The data controller responsible for your personal data is:

NatureSpy
Unit 82A, James Carter Road
Mildenhall
Suffolk IP28 7DE
United Kingdom
Email: support@naturespy.org

If you have any questions about this policy or about how your data is handled, please contact us at the email above.

Overview

NatureSpy is a wildlife camera control app for use with Helarctos trail cameras. The App requires a user account to operate. When you sign in, your camera configurations, location records, and operational history are synced to our cloud backend so that they are available across your devices and can optionally be shared with people you invite. You retain control of this data and can edit or delete it at any time.

We design the App to collect only the data needed to make these features work. Camera video and photo files are never sent to our servers — they stay on the camera's SD card and on your device when you choose to download them.

What Data We Process and Why

The table below summarises the categories of personal data we process, the purpose, and the lawful basis under UK GDPR / EU GDPR Article 6.

Data Purpose Lawful basis
Email address, sign-in identifier, optional display name Create and authenticate your account; identify you to people you share cameras with Performance of a contract (Article 6(1)(b))
Camera records (name, MAC address, Bluetooth name, serial number, camera-generated WiFi SSID and password, optional admin passcode, streaming protocol, last-connected time) Operate the App: pair, reconnect to, and control your cameras Performance of a contract (Article 6(1)(b))
Camera location (GPS coordinates of the phone at the time of connection, accuracy, timestamp, optional what3words address) Show where each camera is located and how it has moved over time Performance of a contract (Article 6(1)(b))
Battery and storage history (daily readings) Show camera health trends and warn you when battery or storage is low Performance of a contract (Article 6(1)(b))
Camera location history (positions and date ranges) Show how a camera has been moved over time Performance of a contract (Article 6(1)(b))
Sharing records (recipient email addresses, invite status, accepted-share entries) Allow you to share access to a camera with another user; allow them to accept or decline Performance of a contract (Article 6(1)(b))
Anonymous usage analytics (screen views, feature usage, session duration, device model, OS version, app version) Understand how the App is used and improve it Legitimate interests (Article 6(1)(f))
Crash reports (stack traces, device model, OS version, app state at the time of crash) Identify and fix bugs to keep the App stable Legitimate interests (Article 6(1)(f))

You can object to processing carried out on the basis of legitimate interests; see "Your Rights" below.

How Data Is Collected

Account Information

To use the App you must create an account or sign in with an existing one. Supported sign-in methods are:

  • Email and password — your email address and a password you choose
  • Sign in with Google (iOS and Android) — Google shares your name, email address, and Google account identifier with us
  • Sign in with Apple (iOS only) — Apple shares your Apple account identifier and (optionally) your name and an anonymous relay email with us

You can change your display name in the App's account settings at any time.

Camera Data

When you pair and use a camera, the App stores the following information about each camera both on your device and in our cloud backend:

  • A camera name you choose
  • The camera's MAC address, Bluetooth advertisement name, and serial number
  • The camera's WiFi network name (SSID) and password — this is the password the camera generates for its own local hotspot, not your home WiFi password
  • An optional admin passcode that some camera models require
  • The streaming protocol the camera uses (RTSP or HTTP)
  • The date and time of your last connection
  • The GPS coordinates of your phone at the time of connection, used as the camera's location
  • A what3words address corresponding to the camera's location, either auto-looked-up from coordinates or entered manually
  • Daily battery level and charging state
  • Daily SD card storage usage
  • Camera location history showing where the camera has been placed over time

This data is used to display your camera list, show real-time and historical status, support reconnecting to saved cameras, and (if enabled) share access with people you invite.

Location Data

The App requests permission to access your device's location while in use. Your location is used for two purposes:

  • Connecting to your camera's WiFi network — required by the operating system in order to identify and join the camera's local hotspot
  • Recording where each camera is located — when you connect to a camera, the App captures your phone's current GPS coordinates and stores them as that camera's location

We do not use your phone's GPS to track your movements over time. We only capture coordinates at the moment you connect to a camera, and we store them as that camera's location, not as your location history. You can edit or remove a camera's stored location at any time from within the App.

If a what3words address has not yet been recorded for a camera, the camera's coordinates may be sent to what3words to look up the corresponding three-word address. See "Third-Party Services" below.

Camera Sharing

If you choose to share access to one of your cameras with another user, the App stores the following in our cloud backend:

  • The email address of the person you are inviting
  • A record of which cameras you have shared with which users
  • The status of each invite (pending, accepted, or revoked)

The recipient's email address is used solely to deliver the invite and to identify them when they accept it. You can revoke shared access at any time, which removes both the invite record and the shared-access entry from our backend.

Photos and Videos

The App can save photos and videos downloaded from your wildlife camera to your device's media library. This happens only when you explicitly choose to download a file. The App does not access your existing photo library and does not upload photos or videos from your camera to any external server — downloaded media is saved locally on your device only.

Bluetooth

The App uses Bluetooth to discover and pair with compatible wildlife cameras nearby. Bluetooth advertisement data is used solely for device discovery during the pairing flow and is not stored or transmitted externally.

Local Network

The App communicates with your wildlife camera over a local WiFi network using HTTP. The protocol commands sent to the camera (such as "start recording" or "list files") and the responses received from it stay entirely on the local network between your phone and the camera. The camera itself does not send data to our servers.

Camera-related metadata such as the camera's name, MAC address, WiFi credentials, and battery, storage and location history is separately synced to our cloud backend as described above. Live video, photos, and video files captured by the camera are never sent to our servers.

Analytics Data

The App uses Google Firebase Analytics to collect anonymous usage data such as screen views, feature usage patterns, and session duration. Analytics events are linked to a Firebase-generated installation identifier, not to your name or email address.

Crash Reports

The App uses Google Firebase Crashlytics to collect crash reports and diagnostic data when the App encounters an error. This includes device model, operating system version, stack traces, and app state at the time of the crash. Crash data is used solely to identify and fix bugs and is not linked to your name or email address.

Where Your Data Is Stored

  • On your device — camera configurations, history, your active session, and any media you have downloaded are stored locally using the operating system's standard storage facilities.
  • In our cloud backend — your account record, camera records, battery, storage, and location history, and sharing relationships are stored in Google Firebase Firestore. Our Firestore database is hosted in Google Cloud's eur3 multi-region, which replicates data across Google Cloud's europe-west1 (Belgium) and europe-west4 (Netherlands) regions inside the European Economic Area. All transmission to and from the backend uses HTTPS, and Firebase encrypts data at rest by default.
  • At Google Firebase — analytics events, crash reports, and authentication metadata are processed by Google Firebase under the data processing terms linked below.

International Data Transfers

We use Google Firebase as our cloud platform. Your primary user-data store (Firebase Firestore) is hosted entirely within the European Economic Area (eur3 multi-region — Belgium and the Netherlands), so no transfer of camera records, history, or sharing data outside the UK / EEA takes place during normal operation.

Some other Firebase services — including Firebase Authentication, Firebase Analytics, and Firebase Crashlytics — are processed by Google globally and may involve transfers of personal data to the United States or other countries outside the UK and the EEA. Google relies on the UK Addendum to the EU Standard Contractual Clauses and equivalent safeguards under Article 46 UK GDPR / EU GDPR for these transfers. You can review Google's transfer safeguards in the Firebase Data Processing and Security Terms and the Google Cloud Cross-Border Data Transfers documentation.

The what3words API is provided by What3Words Limited, a UK company. Any coordinates we send to it are processed in the UK.

Third-Party Services

The App uses the following third-party services. Each is a separate data controller or processor as described in their own privacy notice.

Data Retention

  • Local data on your device — retained until you sign out, delete your account, or uninstall the App
  • Cloud data (camera records, history, sharing relationships) — retained until you delete the camera, revoke the share, or delete your account
  • Analytics data at Google Firebase — 14 months
  • Crash report data at Google Firebase — 90 days
  • Account record at Google Firebase Authentication — until you delete your account

When you delete your account, all of your cloud data and your authentication record are deleted promptly. Backup copies held by Google may persist for a short period in line with Google's standard backup retention before being purged.

Inactive Accounts

If you have not signed in to the App for 24 months, we will treat your account as dormant. We will email you at the address registered to your account to let you know, and if you have not signed in within 30 days of that email, we will delete your account and all associated data permanently. Signing in to the App at any time before then will reset the dormancy clock.

Your Rights

Under the UK GDPR and the EU GDPR you have the following rights in relation to your personal data. You can exercise most of them directly inside the App; for anything you cannot do in-app, contact us at the email above.

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct any inaccurate or incomplete data. You can edit camera names, locations, and your display name in-app
  • Erasure ("right to be forgotten") — delete your data. You can delete individual cameras, revoke shares, or delete your entire account in-app, which deletes all of your cloud data
  • Restrict processing — ask us to limit how we use your data while a query is being resolved
  • Data portability — receive your data in a structured, commonly used format
  • Object — object to processing carried out on the basis of legitimate interests, including analytics and crash reporting
  • Withdraw consent — where we rely on consent for any processing, withdraw it at any time
  • Avoid solely automated decision-making — we do not make decisions about you based solely on automated processing

We will respond to any request within one calendar month. If your request is complex we may extend this by a further two months and will let you know.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the data protection regulator in your country.

In the UK, this is the Information Commissioner's Office (ICO):

In the EU, you can contact the data protection authority of the country in which you live, work, or where you believe an issue arose. A list is available on the European Data Protection Board website.

We would appreciate the opportunity to address your concerns directly before you contact the regulator — please get in touch with us first if you can.

Children's Privacy

The App is not directed to children. Under the Data Protection Act 2018 in the UK, children aged 13 and over can consent to the processing of their personal data by online services. In some EU member states the age is set higher (up to 16). We do not knowingly process the personal data of children below the applicable age in their country. If you believe a child has provided us with personal data, please contact us so we can delete it.

Cookies and Similar Technologies

The App is not a website and does not use HTTP cookies. The Firebase SDKs used by the App write small amounts of data to your device's local storage to maintain your sign-in session, queue offline writes, and identify your installation for analytics. This data is needed for the App to function and to provide the services described above.

Changes to This Policy

We may update this privacy policy from time to time. Any material changes will be reflected in the "Last updated" date above and, where the changes are significant, surfaced inside the App so you have a chance to review them.

Contact

If you have questions about this privacy policy or wish to exercise any of your rights, please contact us at support@naturespy.org.