Radio Bravo — Privacy Policy
Station: Ithaca Ventures LTD · Last updated: 18 July 2026.
Radio Bravo ("the App") is operated by Ithaca Ventures LTD, a company registered in England & Wales, which incubates Radio Bravo. We are the data controller for the limited personal data described below, under UK data protection law (UK GDPR and the Data Protection Act 2018).
Signal check
Radio Bravo runs on one rule: we keep no custody. We operate no server of our own. Your messages are sealed — end-to-end encrypted — on your device and live only in your own iCloud, across the private and shared zones the App uses, never on anything we control. We cannot read, recover, or hand over your transmissions. The little that exists about you, the operator, is set out below — and the things you would most expect us to hold, we never receive.
What reaches us
- Sign-in — handled on your device. You sign in with Apple. On your first sign-in, Apple returns your account identifier and, if you allow it, your email address and name to the App on your device, where they are stored locally so the App can recognise your station. Because we run no server, that information stays on your device and never reaches us.
- What we can actually see. The only trace of you on our side is an opaque, app-scoped identifier inside our Apple-hosted CloudKit container — a random tag we cannot tie to your real-world identity — together with aggregate, non-personal usage figures Apple provides. We never see your email, your name, or your messages.
- Your transmissions — we never see them. Message content and attachments are sealed on your device and live in your own iCloud (private and shared zones). We hold no copy and cannot read, recover, or produce them.
- Invite links. If you open an invite link in a browser before the App is installed, our website host logs standard request data, including the link's full address — which can include an email address carried in the invite. That log sits with our host under its own policy.
Why we are allowed to hold it (lawful basis)
We rely on two lawful bases under UK GDPR. We process the Apple account identifier because it is necessary to perform our contract with you — to provide the App and recognise your station (Article 6(1)(b)). Where you choose to share your email address or name on first sign-in, that receipt happens on your device; to the extent any such data were ever processed by us, we would rely on your consent (Article 6(1)(a)), which you may withdraw at any time. We hold no special-category data.
Standing orders — what we never do
- We do not store or read your messages.
- We do not sell or share your personal data.
- We do not run advertising or third-party tracking.
- We do not operate our own analytics stations, and the App contains no third-party analytics or crash-reporting software.
Other stations on the net
- Apple provides sign-in (Sign in with Apple) and the iCloud / CloudKit storage your transmissions live in. Apple handles that data as its own controller under its own privacy policy.
- Our website host may log standard request information (such as the address of the page or invite link you open) if you open a link in a browser before the App is installed, under its own policy.
International transfers. We hold almost no data, and what little exists sits within Apple's infrastructure. To the extent any limited personal data is processed outside the United Kingdom, it is handled within Apple's infrastructure under Apple's own international-transfer safeguards, which include the UK Extension to the EU–US Data Privacy Framework where applicable. We do not share your personal data with analytics providers, advertising networks, or other third-party SDKs.
Your rights — you give the orders
Your rights depend on where you operate, but they all point at the same small pile of data — the sign-in identifier above — because we hold nothing else.
- UK / EU (UK & EU GDPR): access, correct, erase, restrict, port, and object to the data we hold; withdraw any consent you have given; and complain to your data-protection authority (in the UK, the Information Commissioner's Office — ICO).
- United States (including California, CCPA/CPRA): know what we hold, access it, delete it, and correct it. We do not sell or share your personal data, so there is nothing to opt out of.
- Anywhere else: the same — tell us what you want done with the limited data we hold.
We aim to respond to any request within one month. Because we hold no message content, we can only ever act on that sign-in data. To make a request, raise us at legal@radiobravo.io.
How long we hold
We keep the limited sign-in data only while your account is active, and we delete it when you delete your account. Your transmissions are governed by the self-destruct (sweep) timer you set and live in your own iCloud — not with us.
Standing down — deleting your account
You can sign out at any time, which clears your session and the in-app message view from your device. To delete your account and the limited sign-in data we hold, use Delete Account in the app (Settings → Danger Zone), or raise us at legal@radiobravo.io and we will action it. Your transmissions are not ours to delete — they live in your own iCloud and self-destruct on the timer you set; deleting your account does not pull back messages already delivered to a recipient.
Children
Radio Bravo is intended only for adults aged 18 or over, in line with our Terms. It is not directed to children, and we do not knowingly collect any personal data from anyone under 18.
Changes to this frequency
We may update this policy as Radio Bravo develops; we will change the "last updated" date above and, where a change is material, bring it to your attention in the App. Raise us any time: Ithaca Ventures LTD, legal@radiobravo.io.