Privacy Policy — NextCatch
Last Updated: May 31, 2026
1. Introduction
Borrowed Fire LLC owns and operates NextCatch ("the App"). This Privacy Policy explains how NextCatch handles information on iOS, Android, and the NextCatch web raid companion.
2. Information NextCatch Collects
2.1 Information Stored on Your Device
The App stores preferences and cached data locally on your device, including app settings, cached event data for offline access, and locally cached subscription status.
Some settings may sync to the NextCatch backend when you sign in or enable server-backed features. Cached event data and local display preferences can also remain only on your device.
2.2 Account and Authentication Data
You can browse events without creating an account. If you sign in for raid coordination, syncing, or account-backed preferences, your authentication provider may share a user identifier and email address with Supabase so NextCatch can create and maintain your account. NextCatch supports Apple sign-in and Google sign-in where available.
2.3 Push Notification Token
If you enable push notifications, Apple Push Notification service or Firebase Cloud Messaging provides a device token that allows NextCatch to send notifications you requested. This token is specific to NextCatch and is deactivated or deleted when you unregister from notifications or sign out where supported.
2.4 User Preferences
Notification preferences and play style settings may sync to the NextCatch server so the App can send relevant reminders and personalize subscriber guidance. These preferences contain settings only, not personally identifiable information.
2.5 Trainer Profile and Raid Activity
If you use raid coordination, you create an account and provide a trainer profile: Pokémon GO trainer name, trainer code, optional team, and optional trainer level. Your trainer code is shared only with matched raid room participants through server-side functions. It is not publicly searchable.
Raid room activity, participation records, and reliability signals are used to coordinate rooms and reward reliable hosts and guests.
2.6 Privacy-Focused Analytics
NextCatch uses TelemetryDeck for aggregate, privacy-focused analytics. NextCatch does not use advertising identifiers, sell your data, or track you across apps or websites.
2.7 Subscription and Purchase Status
When you buy or restore NextCatch+, Apple App Store or Google Play processes the transaction. RevenueCat helps validate subscription status and grant NextCatch+ access. Borrowed Fire LLC does not receive your payment card number, billing address, or full store account credentials.
2.8 Raid Screenshot Verification
Hosts may choose a raid screenshot for on-device text recognition before creating a raid room. NextCatch records verification results such as detected boss name, weather boost, status, confidence, and whether the host accepted the risk. Raw screenshots are not uploaded by this verification flow.
3. Information NextCatch Does Not Collect
- Pokémon GO account credentials or login information
- Location data
- Advertising identifiers or cross-app tracking data
- Contacts, messages, or browsing history outside NextCatch
- Payment card numbers or billing credentials
4. Device Permissions
NextCatch may request notification permission for event and raid reminders, calendar permission when you choose to add events to your calendar, and photo-picker access when you choose a raid screenshot for local verification. You can revoke permissions in system settings. Calendar access is used to add or manage NextCatch events you requested, not to profile your existing calendar.
5. Subscriptions
NextCatch+ transactions are processed by Apple through the App Store on iOS and by Google Play on Android. RevenueCat helps validate entitlements across supported platforms. Borrowed Fire LLC does not receive or store payment information, billing addresses, Apple ID credentials, or Google payment credentials.
6. Third-Party Services
NextCatch uses Supabase backend infrastructure, Apple App Store services, Google Play services, RevenueCat subscription validation, Firebase Cloud Messaging for Android push notifications, Google sign-in, Apple sign-in, and TelemetryDeck analytics. External links to official Pokémon GO pages and other community resources are governed by their own privacy policies.
7. Data Security
NextCatch uses HTTPS, platform-provided secure storage where appropriate, and backend row-level access controls. Trainer codes are returned only through server-owned participant flows.
8. Data Retention and Deletion
Deleting the app removes local cached data from that device. If you created a trainer profile or account-backed data, you can request deletion from the app where available or at nextcatchapp.com/account-deletion. Account deletion removes your trainer profile, trainer code, raid room participation records, reliability stats, and account-linked notification tokens, subject to limited operational or legal retention needs.
9. Children's Privacy
Users must be at least 13 years old to use NextCatch. Borrowed Fire LLC does not knowingly collect personal information from children under 13.
10. International Users
NextCatch applies the same privacy standards globally: minimal data collection, no advertising tracking, and the ability to delete account-linked raid data.
11. Your Rights
You may disable notifications, request account deletion, and send privacy questions to [email protected].
12. Changes to This Policy
This Privacy Policy may be updated from time to time. Changes will be reflected by updating the "Last Updated" date above.