Last Updated: June 2026
Data at a Glance
A summary of every category of data this app collects — matching Apple App Privacy and Google Play Data Safety categories.
| Category | Collected | Purpose | Shared with 3rd Party | Retention | Optional? |
|---|---|---|---|---|---|
| Contact Info (name, email, phone) |
Yes | Account, bookings, contact form | No | Until account deletion; bookings 12 months | Phone is optional |
| Financial Info (payment method) |
Yes | Membership billing, deposits | Yes — Square | Managed by Square; we store last 4 digits & card brand only | Required for memberships/deposits |
| Identifiers (device push token) |
Yes | Push notifications | Yes — Expo Push | Until opt-out or app uninstall | Optional (opt-in) |
| Loyalty & Membership (points, plan, billing status) |
Yes | Loyalty rewards, member benefits | No | Until account deletion | Only if you join loyalty/membership |
| Usage Data (bookings, order history) |
Yes | Booking management, order history | No | 12 months then anonymised | Required to use booking features |
| Device Preferences (consent, session token) |
Yes | Stay logged in, remember consent choice | No — on-device only | Until cleared or app uninstalled | Session stored if you sign in |
1. Who We Are
The 147 ("we", "us", "our") is the data controller for the personal data processed through this mobile application. We are a snooker venue, bar, and restaurant operating in Bradford, United Kingdom.
For any data protection queries, please contact us via our website: www.the147.co.uk
2. What Data We Collect
We minimise the data we collect to only what is necessary for the purposes below:
- Customer account: Name, email address, phone number (optional), and a securely hashed password. Your password is never stored in readable form.
- Table bookings: Name, email, phone number, booking date/time, table type, party size, and any special requests. Automatically anonymised after 12 months.
- Membership & billing: Membership plan type, start date, billing status (active/cancelled/suspended), renewal date, and Square customer/subscription identifiers. Card details (last 4 digits, brand, expiry) are stored by Square — we do not store full card numbers.
- Loyalty & rewards: Points balance, points transaction history (earned/redeemed), redemption events, and tier status. Retained until account deletion.
- Push notifications: Expo push device token, stored to deliver venue updates and booking reminders. Opt-in only; you can unsubscribe in app settings at any time.
- Contact form: Name, email, optional phone number, subject, and message. Retained for 12 months then automatically deleted.
- Device preferences: Consent choices (analytics/marketing yes/no) stored locally on your device via AsyncStorage. Never transmitted to our servers.
- Food & drink ordering: Handled by OrderTab (ordertab.menu) within the app. Their privacy policy governs those transactions.
- Event tickets: Handled by TicketSource (ticketsource.com). Their privacy policy governs ticket purchases.
3. Membership & Payment Processing
Membership subscriptions are billed monthly via Square (square.com), our payment processor. When you purchase a membership or pay a booking deposit:
- Payment card details are entered directly into Square's secure payment form — we never see or store your full card number.
- Square provides us with a customer identifier, subscription identifier, and truncated card info (last 4 digits, brand, expiry). We store these identifiers to manage your membership status.
- Square's Privacy Policy governs how they handle your payment data: squareup.com/gb/en/legal/general/privacy
4. Push Notifications (Expo)
If you opt in to push notifications, your device push token is registered with Expo's Push Notification Service (expo.dev). Expo routes notifications from our server to your device. Your token is shared with Expo solely for this delivery purpose. Expo's privacy policy: expo.dev/privacy.
5. Legal Basis for Processing
Under UK GDPR, we process data on the following legal bases:
- Contract (Art. 6(1)(b)): Booking data, account data, membership and billing data — necessary to fulfil your reservation and manage your account or subscription.
- Consent (Art. 6(1)(a)): Push notifications, optional analytics and marketing. You may withdraw consent at any time.
- Legitimate interests (Art. 6(1)(f)): Providing venue information, processing contact form enquiries, maintaining loyalty and rewards records.
6. Third-Party Services
When you use these services within the app, their privacy policies apply to those interactions:
7. Delete Your Data
🗑 How to delete your account and all associated data
In the app: Go to My Account → Data & Privacy → Delete My Account. This permanently removes your account, bookings, loyalty points, and all associated personal data from our servers.
By request: Submit a deletion request via www.the147.co.uk. We will action it within 30 days.
Deletion is permanent and irreversible. Residual anonymised booking statistics (no personal identifiers) may be retained for venue capacity planning.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data. To exercise any of them, contact us at www.the147.co.uk or see our full UK GDPR Rights page.
- Right of access (Art. 15): Request a copy of any personal data we hold about you.
- Right to rectification (Art. 16): Ask us to correct any inaccurate data.
- Right to erasure (Art. 17): Ask us to delete your personal data (see Section 7 above).
- Right to restrict processing (Art. 18): Ask us to limit how we use your data.
- Right to data portability (Art. 20): Request your data in a machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time — including by opting out of push notifications in the app.
9. Data Retention
- Customer account & loyalty data: Retained until you delete your account.
- Membership & billing identifiers: Retained for up to 7 years for tax and accounting purposes after subscription ends (UK law requirement). Payment card data is held by Square only.
- Booking data: Retained for 12 months after the booking date, then automatically anonymised.
- Contact form messages: Retained for 12 months after submission, then automatically deleted.
- Push notification tokens: Retained until you unsubscribe or the token is invalidated by your device.
- Device preferences & consent: Stored locally on your device until you clear them or uninstall the app.
10. Data Security
We implement appropriate technical and organisational measures to protect your data (Art. 32 UK GDPR):
- Encrypted connections (HTTPS/TLS) for all data transfers
- Field-level encryption (AES-256-GCM) for booking personal data at rest
- Secure password hashing (scrypt) — your password is never stored in readable form
- Payment card processing via Square's PCI-DSS certified infrastructure
- Local-only storage of app preferences and consent choices
11. Children's Privacy
This app is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately via www.the147.co.uk.
12. International Transfers
Our servers are located in the United Kingdom or European Economic Area. Some third-party services (Square, Expo) operate globally and may process data outside the UK. These transfers are covered by appropriate safeguards as required under UK GDPR.
13. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
14. Changes to This Policy
We may update this privacy policy from time to time. Any material changes will be communicated to registered customers by email before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.