Tirith ("we", "us", "our") operates the Tirith mobile applications for iOS and Android (each the "App"). This policy describes what data we collect, why we collect it, and how it is handled. Where behaviour differs between platforms, that is noted inline.
1. Data We Collect
When you use the App, we collect the following information:
Precise location — latitude, longitude, and reverse-geocoded place names (country, region, city). Collected both while the App is in the foreground and in the background.
Device identifier — the platform device identifier (Apple UDID on iOS, an Android device identifier on Android) associated with your device during MDM enrolment, plus a Firebase Cloud Messaging (FCM) push token on Android. Stored locally on the device after pairing and reported to the Tirith server.
Installed application inventory (Android only) — the list of application package names installed on your device. This is reported to the customer's MDM administrator for posture assessment, so that the administrator can identify unsanctioned or compromised apps on enrolled devices. This mirrors Apple MDM's InstalledApplicationList query on iOS, which is performed by Apple's MDM framework rather than by the App itself.
Network and security telemetry — DNS query statistics, VPN connection status, and bandwidth usage retrieved from the Tirith server for display within the App.
We do not collect your name, email address, payment information, contacts, photos, or any content from your device.
2. Why We Collect It
We use the data listed above for the following purposes:
Threat assessment — your location is compared against government travel advisories, local crime data, and administrator-defined security zones to compute a real-time threat level for your current area.
Security advisories — when your device enters or is near a geographic area with an active advisory, the App displays a notification.
Device management — the device identifier links the App to the correct MDM enrolment record so that security status, VPN configuration, and DNS protection data can be displayed.
Posture assessment (Android only) — the installed application inventory allows the customer's MDM administrator to identify apps that may compromise device security, and to recommend or require remediation.
3. Background Location
The App uses background location services to continuously monitor your threat environment. This allows the App to assess risk levels and deliver advisories even when the App is not actively open. Background location updates occur approximately every 15 minutes or when you move more than 500 metres. You can disable background location at any time:
iOS: Settings > Tirith > Location.
Android: Settings > Apps > Tirith > Permissions > Location. When background location is active, Android displays a persistent foreground-service notification ("Tirith — Monitoring threat levels in your area") in the notification shade.
4. Device Administration (Android)
On Android, the App can be enabled as a Device Administrator. This is opt-in and shown to you in a system confirmation sheet during setup. When enabled, the customer's MDM administrator may issue remote lock or wipe commands to the device if it is reported lost or stolen. Commands are authenticated server-side using a per-device HMAC key and delivered through Firebase Cloud Messaging; the App rejects unsigned or replayed commands. You can revoke Device Administrator status at any time via Settings > Security > Device admin apps, which will prevent further lock/wipe commands but does not affect other App features.
iOS does not use Device Administrator. On iOS, equivalent remote management is provided by the Apple MDM framework itself, configured during enrolment.
5. Where Data Is Processed
Location data is sent to the Tirith server, a self-hosted system operated by us. The server is located in the United Kingdom. We do not transfer your personal data to any third-party analytics, advertising, or data broker services.
6. Third-Party Services
The App and its infrastructure rely on the following third-party services:
Cloudflare — network proxy and access control. Cloudflare processes network traffic but does not receive your location data. See Cloudflare's privacy policy.
Apple (iOS) — MDM enrolment, push notifications (APNs), and on-device reverse geocoding are provided by Apple platform services. See Apple's privacy policy.
Google (Android) — push notifications are delivered via Firebase Cloud Messaging (FCM). Google receives a device push token and message payload metadata to route notifications; it does not receive your location data. See Google's privacy policy.
Pusher — used for in-app messaging (Trinity chat) and signed administrator command delivery. Pusher receives channel routing data but not your location. See Pusher's privacy policy.
We do not use any advertising SDKs, analytics frameworks, or tracking technologies.
7. Data Retention
Location history is retained on the Tirith server for as long as the device is enrolled. When a device is removed from the MDM system, its associated location history and telemetry data are deleted. The locally stored device identifier is removed when you delete the App or unpair from the Tirith server.
8. Your Rights
You may:
Disable location services for the App at any time via iOS Settings or Android Settings (see Section 3).
Revoke Device Administrator status on Android via Settings > Security > Device admin apps (see Section 4).
Request deletion of your data by contacting us at the address below.
Delete the App to remove all locally stored data, including the device pairing identifier.
9. Tracking
The App does not track you across other companies' apps or websites. We do not participate in any advertising identifier programme. On iOS, NSPrivacyTracking is set to false in our privacy manifest. On Android, no advertising or analytics SDKs are included in the App.
10. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this policy from time to time. The effective date at the top of this page indicates when the policy was last revised. Continued use of the App after a change constitutes acceptance of the updated policy.
Contact
For questions about this privacy policy or to exercise your data rights, contact us at: privacy@tirith.co.uk