Policies

Privacy Policy

Deep Group Ltd ("DEEP", "we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, store and share information when you use our website at deepgroup.co.uk, the DEEP iOS application, and any associated services.

Data controller: Deep Group Ltd, registered in England & Wales. Contact: hello@deepgroup.co.uk

Information We Collect

Account information

When you create an account we collect your name, email address, phone number and password (stored as a secure bcrypt hash). If you sign up via the website or app, we record whether you opted in to marketing communications and the date of that consent.

Identity verification

To protect our equipment and comply with our insurance requirements, we require identity verification before your first hire. This is processed securely by Stripe Identity. You will be asked to photograph a government-issued ID (passport, driving licence or national ID card) and take a selfie. DEEP does not store your identity documents — they are transmitted directly to Stripe and processed under Stripe's Privacy Policy. We only store whether verification was successful and the date it was completed.

Payment information

All payments are processed by Stripe. Your card details are entered directly into Stripe's PCI-DSS Level 1 compliant payment form and never touch our servers. We store a Stripe customer ID, payment intent references and transaction amounts for order management.

Order & hire information

When you place a hire order we collect delivery address, event date, venue details, contact phone number, and any special instructions you provide. This information is necessary to fulfil your booking.

Communications

We store messages exchanged between you and our team via the in-app messaging system and website chat. If you submit a contact enquiry, we store your name, email, phone, event date and message content.

Technical data

We automatically collect your IP address, browser type, device information and pages visited. On the iOS app, we collect a device push notification token (APNs) if you grant permission. We use this to deliver order updates and important notifications.

How We Use Your Information

• Fulfil bookings — process orders, arrange delivery/collection, manage payments
• Verify identity — one-time ID check via Stripe Identity before first hire
• Communicate — order confirmations, delivery updates, return reminders, payment receipts
• Marketing — promotional emails and offers, only with your explicit consent. You can unsubscribe at any time.
• Rewards — track your loyalty stars, credit balance and lifetime spend
• Improve our services — analyse usage patterns, fix bugs, improve the website and app
• Legal obligations — comply with tax, accounting and regulatory requirements

Third-Party Services

Service	Purpose	Data shared
Stripe Payments	Payment processing	Card details (direct to Stripe), email for receipts
Stripe Identity	ID verification	ID document photos, selfie (direct to Stripe)
Brevo (Sendinblue)	Transactional & marketing emails	Email address, name
Apple Push Notification Service	Push notifications (iOS app)	Device token, notification content

We do not sell, rent or trade your personal data to any third party.

Data Security

We implement appropriate technical and organisational measures including encrypted HTTPS connections, bcrypt password hashing, server-side session management and regular security updates. Payment data is handled exclusively by Stripe under PCI-DSS compliance.

Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data via your account settings
• Erasure — request deletion of your data (subject to legal retention requirements)
• Restriction — limit how we process your data
• Portability — receive your data in a structured format
• Object — opt out of marketing communications at any time
• Withdraw consent — where processing is based on consent

You can exercise most of these rights directly in your Account & Privacy settings. To make a formal request, email hello@deepgroup.co.uk.

Data Transfers

Stripe and Brevo may process data outside the UK/EEA under Standard Contractual Clauses or equivalent safeguards approved by the UK ICO.

Children

Our services are not intended for anyone under 18. We do not knowingly collect personal data from children.

Contact

For any privacy-related queries: hello@deepgroup.co.uk

Terms of Service

By accessing or using deepgroup.co.uk, the DEEP iOS app or any services provided by Deep Group Ltd, you agree to these terms.

Eligibility

You must be at least 18 years old to create an account or hire equipment. You must provide accurate registration information and keep it up to date. Identity verification via Stripe Identity is required before your first hire.

Accounts

You are responsible for maintaining the confidentiality of your account credentials and for all activity under your account. We reserve the right to suspend or terminate accounts that violate these terms or are involved in fraudulent activity.

Orders & Payments

All prices are in GBP and include VAT where applicable. Full payment is required at the time of booking via credit/debit card or Apple Pay through Stripe. Payment links may be issued for outstanding balances. A booking is confirmed only after successful payment.

Delivery & Collection

It is your responsibility to ensure the delivery location is accessible, that someone is available to receive equipment, and that items are returned on time and in the condition they were received.

Equipment Care

Hired equipment remains the property of Deep Group Ltd at all times. You agree to use equipment only for its intended purpose and in a safe manner. You are responsible for any loss, damage or theft while equipment is in your possession.

Cancellations & Refunds

Cancellations made more than 7 days before the hire date are eligible for a full refund. Within 7 days, a cancellation fee of up to 50% may apply. No refunds within 48 hours of the hire date or for no-shows.

Limitation of Liability

Deep Group Ltd shall not be liable for any indirect, incidental, special or consequential damages. Our total liability shall not exceed the amount paid for the specific hire in question.

Intellectual Property

All content on deepgroup.co.uk and the DEEP app is owned by or licensed to Deep Group Ltd and protected by intellectual property laws.

Governing Law

These terms are governed by the laws of England and Wales.

Cookie Policy

Our website uses cookies and similar technologies to provide core functionality and improve your experience.

Cookies We Use

Cookie	Type	Purpose	Duration
PHPSESSID	Essential	Maintains your login session and shopping cart	Session
cookie_consent	Essential	Records your cookie preferences	1 year
__stripe_mid / __stripe_sid	Essential	Stripe fraud prevention during checkout	Session / 30 min

We do not use advertising cookies, social media tracking pixels or third-party analytics cookies.

Managing Cookies

Essential cookies cannot be disabled as they are required for the website to function. You can delete cookies at any time through your browser settings.

Acceptable Use Policy

This policy sets out what is and is not permitted when using our website, app and services.

Prohibited Activities

• Use our services for any unlawful purpose
• Provide false identity information or use someone else's identity
• Attempt to gain unauthorised access to our systems or data
• Use automated tools (bots, scrapers) without permission
• Interfere with or disrupt our services
• Use hired equipment for any illegal activity
• Sub-hire or transfer equipment to third parties without consent
• Harass, abuse or threaten our staff or other users
• Submit false or misleading communications

Consequences

Violations may result in immediate account suspension, forfeiture of deposits or credits, reporting to law enforcement, and permanent ban from our services.

Equipment Hire Agreement

By placing a hire order with Deep Group Ltd, you enter into a hire agreement subject to the following conditions.

Hire Period

The hire period begins at the confirmed delivery or collection time and ends at the agreed return time. Late returns may incur additional daily charges at the standard hire rate.

Equipment Condition

Equipment is provided in good working order. You must inspect items upon receipt and report any issues within 2 hours. Equipment must be returned in the same condition, allowing for reasonable wear and tear.

Damage & Loss

You are fully responsible for hired equipment from delivery until return. In the event of damage, loss or theft, you agree to pay the full repair or replacement cost. We recommend arranging your own event insurance.

Setup & Operation

Where DEEP provides setup services, you must ensure the venue is accessible with adequate power supply. For self-setup hires, operating instructions will be provided.

Liability

Deep Group Ltd carries public liability insurance for installation work. We accept no responsibility for damage caused by the hirer's misuse of equipment.

Force Majeure

Neither party shall be liable for failure due to circumstances beyond reasonable control including severe weather, natural disasters, government restrictions or pandemics.

Data Retention Policy

We retain personal data only for as long as necessary or as required by law.

Retention Periods

Data type	Retention	Reason
Account information	Until deletion or 3 years inactivity	Service provision
Order & hire records	7 years	HMRC tax compliance
Payment records	7 years	Financial regulations
Identity verification status	Duration of account	Fraud prevention
Identity documents	Not stored by DEEP	Processed by Stripe
Chat messages	2 years or account deletion	Customer support
Push notification tokens	Until app uninstall	Delivering notifications
Marketing consent	3 years after last interaction	PECR/GDPR compliance
Server logs	90 days	Security monitoring

Account Anonymisation & Deletion

You can anonymise or delete your account at any time via Account & Privacy. Anonymisation permanently removes your name, email, phone and addresses. Order records are preserved in anonymised form for legal compliance. Deletion is not possible while you have active hire orders.

DEEP iOS App — Privacy & Terms

This policy applies specifically to the DEEP iOS application ("the App") available on the Apple App Store, published by Deep Group Ltd. This policy supplements our general Privacy Policy and Terms of Service.

App Description & Purpose

The DEEP App is an equipment hire platform that allows users to browse, reserve and manage hire bookings for professional audio, visual, lighting and event equipment. The App provides account management, order tracking, in-app messaging with our team, push notifications for order updates, and identity verification for first-time hirers.

Data Collection & Use

The App collects the following categories of data, as disclosed in our App Store privacy nutrition label:

Contact Information

Name, email address and phone number — collected during account registration. Used for account identification, order fulfilment, transactional communications and, with explicit opt-in consent, marketing emails. You can update or remove this information at any time via the Account section of the App.

Identifiers

A unique user ID is generated when you create an account. A Stripe customer ID is created when you first make a payment. An APNs device token is stored if you grant push notification permission. These identifiers are used for account management, payment processing and delivering notifications. They are not used for tracking or advertising.

Financial Information

Payment card details are entered directly into Stripe's PCI-DSS Level 1 compliant payment sheet within the App. Card numbers, expiry dates and CVVs are transmitted directly to Stripe and are never stored on, processed by, or accessible to DEEP's servers or the App's local storage. We store only Stripe payment intent references and transaction amounts for order management.

Sensitive Information — Identity Verification

The App uses Stripe Identity for one-time identity verification. When triggered, the Stripe Identity SDK presents a camera interface to capture images of a government-issued ID document (front and back) and a selfie. These images are transmitted directly from the device to Stripe's servers via the Stripe Identity SDK. DEEP does not receive, process, store or have access to these images at any time. We store only a boolean verification status (verified/not verified) and the date of verification. Stripe retains and processes identity data under their own Privacy Policy.

User Content

Messages sent via the in-app chat system, contact form enquiries, and order notes are stored on our servers for customer support and order fulfilment purposes.

Usage Data

We do not use any third-party analytics SDKs, advertising frameworks or tracking libraries. We do not collect device identifiers (IDFA), browsing history, search history, or app interaction analytics beyond basic server access logs for security purposes.

Camera Usage

The App requests camera access for two purposes:

• Identity verification — to capture photos of your ID document and selfie via the Stripe Identity SDK. Images go directly to Stripe.
• Profile photo — to take or select a profile avatar image, stored on our servers.

Camera access is requested only when you initiate one of these actions. It is never accessed in the background. You can revoke camera permission at any time via iOS Settings.

Push Notifications

The App uses Apple Push Notification Service (APNs) to deliver order status updates, booking confirmations, delivery notifications, return reminders, identity verification results, payment confirmations, and messages from the DEEP team. Push notification permission is requested during onboarding and can be managed at any time via iOS Settings or the App's notification preferences screen. We use a .p8 key-based APNs authentication method. We do not send promotional push notifications without consent.

Network & API Communication

All communication between the App and our servers occurs over encrypted HTTPS connections. The App communicates with the following endpoints:

• deepgroup.co.uk/app-api/ — DEEP's authenticated API for account, orders, messaging and notifications
• Stripe SDK — payment processing and identity verification (direct device-to-Stripe communication)
• Apple APNs — push notification delivery

No data is transmitted to any advertising networks, analytics providers or other third parties.

Data Storage & Security

Authentication tokens are stored securely in the iOS Keychain. The App does not store personal data in UserDefaults, local databases or unencrypted files. Session tokens are refreshed automatically and invalidated on logout. All API requests require a valid Bearer token.

Third-Party SDKs

SDK	Purpose	Data access
StripePaymentSheet	Secure card payment processing	Card details (direct to Stripe, never touches our servers)
StripeIdentity	ID document + selfie verification	Camera images (direct to Stripe, never touches our servers)
StripeApplePay	Apple Pay integration	Payment token (direct to Stripe)

No advertising SDKs, analytics SDKs (Firebase, Mixpanel, Amplitude, etc.), social media SDKs, or crash reporting SDKs are included in the App.

Account Deletion

In compliance with Apple's App Store Review Guidelines (section 5.1.1), users can delete their account directly within the App via Account → Help & Support → Delete Account, or via the website at deepgroup.co.uk/account. Account deletion:

• Permanently anonymises all personal data (name, email, phone, addresses)
• Disables login and invalidates all session tokens
• Removes chat messages and notification history
• Preserves anonymised order records for legal/financial compliance (HMRC 7-year requirement)
• Cannot be reversed once completed
• Is not available while active hire orders are in progress

You will be notified that the action is permanent and irreversible before confirmation.

Children's Privacy

The App is rated 17+ and is not intended for use by anyone under 18. We do not knowingly collect personal data from children. The App includes financial transactions and identity verification which require users to be legal adults.

Advertising & Tracking

The App does not contain any advertising. We do not use the App Tracking Transparency framework because we do not track users. We do not collect the IDFA (Identifier for Advertisers). We do not share any data with advertising networks or data brokers.

In-App Purchases & Subscriptions

The App does not offer in-app purchases or auto-renewable subscriptions. All payments are for physical equipment hire services processed through Stripe, not through Apple's In-App Purchase system, in accordance with Apple's guidelines for physical goods and services.

Offline Functionality

The App requires an internet connection to function. Cached data is limited to the current session and is cleared on logout.

Updates to This Policy

We may update this policy to reflect changes in the App's functionality or regulatory requirements. Users will be notified of material changes via push notification or in-app notice. Continued use of the App after changes constitutes acceptance.

Contact

For any questions about the App or this policy:

• Email: hello@deepgroup.co.uk
• In-app: Messages section
• Web: deepgroup.co.uk/contact

Deep Group Ltd, registered in England & Wales.