Privacy Policy — NextCatch

Last Updated: March 21, 2026

The short version: NextCatch collects minimal data. Browsing events requires no account. Remote raid features require an account with your Pokémon GO trainer name and friend code, which are shared only with trainers you match with in raid rooms. We do not track you with ads.

1. Introduction

Borrowed Fire LLC ("we," "us," or "our") built NextCatch ("the App") with privacy as a core principle. This Privacy Policy explains how the App handles your information.

This policy applies specifically to the NextCatch app. For our company-wide practices, see our general Privacy Policy.

2. Information We Collect

2.1 Information Stored on Your Device

The App stores preferences and cached data locally on your device, including:

App settings (appearance, notification preferences, selected play style)
Cached event data for offline access
Subscription status (cached locally)

This local data is not transmitted to us.

2.2 Anonymous Device Identifier

The App generates an anonymous device identifier to enable features like push notifications and preference syncing. This identifier:

Is randomly generated and not linked to your Apple ID, name, or email
Cannot be used to identify you personally
Is stored securely in your device's Keychain

2.3 Push Notification Token

If you enable push notifications, Apple provides a device token that allows us to send notifications. This token:

Is specific to the App and cannot be used to track you across apps
Is stored on our server solely to deliver notifications you requested
Is deleted if you unregister from notifications

2.4 User Preferences (Synced)

If you configure notification preferences or play style settings, these preferences are synced to our server so we can:

Send relevant push notifications based on your selected event types
Personalize event recommendations for subscribers

These preferences contain no personally identifiable information — only settings like "notify me about Raid events" or "play style: Casual."

2.5 Trainer Profile (Raid Features)

If you choose to use remote raid coordination features, you must create an account (via Sign in with Apple) and provide a trainer profile. This includes:

Trainer Name: Your in-game Pokémon GO username
Trainer Code: Your 12-digit Pokémon GO friend code
Team: Your in-game team (Mystic, Valor, or Instinct) — optional
Trainer Level: Your in-game trainer level — optional

How this data is shared: Your trainer code is shared only with other users who join the same raid room as you. It is not publicly visible, not searchable, and is delivered through a secure server-side function — never exposed in client-side queries. Other participants in your raid room can see your trainer name, team, and level.

2.6 Raid Room Activity Data

When you participate in remote raids, we record:

Raid participation stats: Number of raids hosted, joined, and completed
Reliability score: A numeric score based on your raid completion history (e.g., whether you ready up and follow through). This score is visible to other users to promote trust.
Room activity: When you create, join, leave, or complete a raid room

This data is tied to your account and is used to facilitate raid matching and promote reliable behavior within the community.

2.7 Privacy-Focused Analytics

We use TelemetryDeck, a privacy-focused analytics service, to understand how the App is used in aggregate. TelemetryDeck:

Does not collect personally identifiable information
Does not use advertising identifiers
Does not track you across apps or websites
Provides only aggregate, anonymized usage statistics
Is compliant with GDPR, CCPA, and PECR

Examples of what we learn: "50% of users opened the app today" or "Community Day events are viewed most often." We never see individual user behavior.

3. Information We Do NOT Collect

We do not collect, store, or transmit:

Your real name, email address, or personal contact information (Sign in with Apple hides your email by default)
Your Pokémon GO account credentials or login information
Your location data
Advertising identifiers or cross-app tracking data
Browsing history or behavior outside the App
Photos, contacts, or other device data

Note: If you use raid features, your Pokémon GO trainer name and friend code are collected at your request. These are gaming identifiers, not personal contact information.

4. Device Permissions

NextCatch may request the following device permissions:

Notifications: To send event reminders. Free users receive locally scheduled notifications. Subscribers may receive server-sent push notifications for new events and last-minute changes.
Calendar: To add Pokémon GO events to your calendar at your request. We write events to your calendar; we do not read your existing calendar data.

You can revoke any permission at any time through your device's Settings app. The App will continue to function with reduced functionality.

5. Subscriptions

NextCatch offers an optional premium subscription (NextCatch+). All subscription transactions are processed entirely by Apple through the App Store. We do not receive or store your payment information, billing address, or Apple ID.

We only receive confirmation from Apple that a valid subscription exists — nothing more.

6. Third-Party Services

6.1 Apple App Store

Subscription purchases are handled by Apple and governed by Apple's Privacy Policy.

6.2 TelemetryDeck

Anonymous, aggregate analytics are processed by TelemetryDeck. See TelemetryDeck's Privacy Policy for details.

6.3 Supabase

Our backend infrastructure runs on Supabase, which stores event data, anonymous device identifiers, and notification preferences. Supabase data is encrypted in transit and at rest. See Supabase's Privacy Policy.

6.4 External Links

The App contains links to external websites such as official Pokémon GO event pages and LeekDuck.com. We are not responsible for the privacy practices of those sites.

7. Data Security

Your data is protected by:

Device Keychain: The anonymous device identifier and push token are stored in the iOS Keychain, encrypted by the device
HTTPS: All network communication uses encrypted HTTPS connections
Minimal data: We store only what is necessary to provide the service — no personal information

8. Data Retention and Deletion

Deleting the App from your device removes all local data, including cached events and preferences.

Server-side data associated with your anonymous device identifier (notification preferences, push token) will be automatically cleaned up when the push token expires or becomes invalid.

Raid data: If you created a trainer profile, you can delete it at any time from the App's settings. Deleting your trainer profile removes your trainer code, name, team, level, all raid room history, participation records, and reliability stats. Deleting your account removes all data, including raid data, via cascading deletion.

9. Children's Privacy

NextCatch's core features (browsing events) do not require an account or collect personal information. Raid coordination features require an account via Sign in with Apple and a trainer profile. Users must be at least 13 years of age to use the App (see our Terms of Service). We do not knowingly collect personal information from children under 13.

10. International Users

NextCatch is available worldwide. Event data and anonymous preferences are stored on servers in the United States. All data is encrypted in transit (HTTPS) and at rest. Since we do not collect personally identifiable information, international data transfer regulations regarding personal data do not apply in practice. However, we are committed to respecting privacy laws in every region where the App is available.

10.1 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

For users in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply. Our legal bases for processing are:

Legitimate interest: Privacy-focused, aggregate analytics via TelemetryDeck to improve the App (no individual user data is processed)
Consent: Push notifications are only sent if you explicitly enable them
Contract performance: Processing anonymous device identifiers and preferences to provide the service you requested

Because we do not collect personal data that identifies you, most GDPR rights (access, rectification, portability) are satisfied by design. You may delete all server-side data associated with your anonymous device identifier at any time using the "Delete Account" option in the App's settings, which satisfies the right to erasure (Article 17).

10.2 Brazil (LGPD)

For users in Brazil, the Lei Geral de Proteção de Dados (LGPD) applies. NextCatch's minimal data collection — anonymous device identifiers, notification preferences, and aggregate analytics — means no personally identifiable data is processed. The same deletion mechanism described above is available to exercise your rights under LGPD.

10.3 South Korea (PIPA)

For users in South Korea, the Personal Information Protection Act (PIPA) applies. NextCatch does not collect personal information as defined by PIPA. No name, contact details, or identification numbers are collected or stored.

10.4 Other Jurisdictions

Regardless of your location, NextCatch applies the same privacy standards globally: no personal data collection, no tracking, anonymous authentication, and the ability to delete all server-side data at any time.

11. Your Rights

No matter where you are located, you have the following rights:

Right to know: This Privacy Policy describes all data we process. We do not collect personally identifiable information.
Right to deletion: Use the "Delete Account" option in the App's settings to remove all server-side data (anonymous device identifier, push token, notification preferences, and authentication record). Local data is removed by deleting the App from your device.
Right to opt out: Disable push notifications at any time through your device's Settings. Analytics are anonymous and cannot be linked to you individually.
Right to access and portability: Since we do not store personal data that identifies you, there is no personal data to access or export.

For data protection inquiries from any jurisdiction, contact us at admin@borrowedfire.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date above. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to make a data protection inquiry, please contact us at:

Borrowed Fire LLC

Email: admin@borrowedfire.com

Website: https://nextcatchapp.com

For data protection inquiries (GDPR, LGPD, PIPA, or other privacy regulations): admin@borrowedfire.com

By using NextCatch, you acknowledge that you have read and understood this Privacy Policy.