top of page

Privacy Policy — Mumbles Life Operator

Last updated: 24 April 2026

This privacy policy explains how Mumbles Life Ltd ("we", "us", "our") handles information when you use the Mumbles Life Operator app ("the app"). The Operator app is used by authorised venue staff and partners to validate Mumbles Life membership cards by scanning QR codes.

We are the data controller for the purposes of UK GDPR. You can contact us at hello@mumbles.life.

What the app does

The Operator app is used by our venue partners to verify that a customer presenting a Mumbles Life membership is a genuine, active member. When an operator scans a membership QR code, the app checks the code against our records and displays a simple valid or invalid result.

Information we collect

When you use the app as an operator, we process the following:

Operator account information. To sign in, you use an email address and password managed through Firebase Authentication (a service provided by Google). We store your email address, an encrypted authentication token, and the venue you are assigned to. We do not store your password in readable form.

Scan activity. Each time you scan a membership QR code, we record which member was scanned, the date and time, the result of the scan, and which operator account performed the scan. This audit information is used to prevent fraud, investigate disputes, and provide venues with accurate usage records.

Device and diagnostic information. We use Firebase Crashlytics and Firebase Analytics to understand how the app is performing and to identify crashes or errors. This includes your device type, operating system version, app version, and anonymised usage events. We do not collect your precise location, contacts, photos, or any personal content from your device.

Push notifications. If you enable notifications, we use Firebase Cloud Messaging to send you operational messages (for example, shift reminders or important updates). You can disable notifications at any time in your device settings.

Camera permission

The app requests access to your device camera for one purpose only: to scan membership QR codes. The camera is only active while you are on the scan screen. We do not capture, store, or transmit any photographs or video. No images ever leave your device.

Why we process this information

We process your information on the following lawful bases under UK GDPR:

Contract. Processing is necessary to provide you with the Operator app and to fulfil our agreement with the venue that employs or engages you.

Legitimate interests. We have a legitimate interest in keeping the Mumbles Life membership scheme secure, preventing fraudulent use of membership cards, and ensuring the app runs reliably.

Consent. Where applicable, for example for optional analytics or push notifications, we rely on your consent, which you can withdraw at any time.

Who we share information with

We share information only with the following parties:

Google (Firebase). Our backend is hosted on Google Firebase. Google processes this data on our behalf as a data processor and is bound by the terms of the Google Cloud Data Processing Addendum.

Your venue. Venues receive reports of scan activity performed by their own operators and at their own premises.

Law enforcement or regulators. Where legally required, we may disclose information to UK authorities.

We do not sell your personal information to anyone, ever. We do not share your information with advertisers.

International transfers

Firebase services may process data in data centres located outside the United Kingdom, including within the European Economic Area and the United States. Where data is transferred outside the UK, we rely on the UK International Data Transfer Addendum and the European Commission's Standard Contractual Clauses to ensure appropriate safeguards are in place.

How long we keep your information

We retain operator account information for as long as your account is active, plus 12 months after deactivation for audit purposes. Scan activity logs are retained for 24 months. Crash and analytics data is retained for up to 14 months in line with Firebase defaults.

Your rights

Under UK GDPR you have the right to:

  • Request a copy of the personal information we hold about you

  • Ask us to correct inaccurate information

  • Ask us to delete your information (subject to legal and contractual obligations)

  • Object to or restrict certain processing

  • Withdraw consent where processing is based on consent

  • Complain to the Information Commissioner's Office at ico.org.uk

To exercise any of these rights, contact us at hello@mumbles.life. We will respond within one month.

Children

The Operator app is intended solely for use by adult staff at authorised venues. It is not directed at or intended for use by children.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of the page will reflect any changes. Significant changes will be communicated to active operators directly.

Contact us

Mumbles Life Ltd Email: hello@mumbles.life

bottom of page