Privacy Policy

Effective Date: 22 March 2026 

Last Updated: 22 March 2026 

Privacy Statement for the OuttaBand BCP APP

Publisher: IAM SME LTD (Company No. 16882648)

Overview

OuttaBand BCP is a secure out-of-band communications and alerting platform built for IT and cyber security incident response and business continuity plan execution. We are committed to protecting your privacy and handling your data responsibly. This policy explains what data we collect, how we use it, and your rights.

Data Controller

IAM SME LTD is the data controller for information processed through the OuttaBand BCP app and associated backend services.

Contact: privacy@iam-sme.com

What Data We Collect

Information You Provide

  • Your name — entered during device enrolment to identify you within your organisation.
  • Your role — selected during enrolment to determine your position in the alert escalation chain.
  • Organisation name — entered when creating a new organisation.

Information Generated Automatically

  • Device identifier — a unique identifier generated during enrolment to route push notifications and encrypted messages to the correct device.
  • Apple Push Notification Service (APNs) token — used solely to deliver push notifications to your device.
  • Encryption public keys — your device generates cryptographic key pairs during enrolment. Only the public keys are transmitted to our servers for the purpose of enabling end-to-end encrypted communication. Private keys never leave your device.

Information We Do NOT Collect

  • We do not collect your email address, phone number, or postal address.
  • We do not collect your location data.
  • We do not collect browsing history, search history, or usage analytics.
  • We do not collect financial or payment information (subscriptions are handled entirely by Apple through the App Store).
  • We do not collect biometric data (Face ID / Touch ID authentication is processed entirely on your device by Apple’s Secure Enclave).

End-to-End Encryption

All messages, alerts, and communications sent through OuttaBand BCP are end-to-end encrypted using AES-GCM 256-bit encryption with keys derived via Curve25519 ECDH key agreement. This means:

  • Message content is encrypted on the sender’s device before transmission.
  • Our servers relay encrypted payloads only — we cannot read, access, or decrypt your message content.
  • Only the intended recipient’s device can decrypt the message using their private key, which never leaves the device.
  • Push notification payloads are encrypted before being sent through Apple’s Push Notification Service and are decrypted on-device before display.

We operate a zero-knowledge architecture — our backend infrastructure has no ability to access the plaintext content of your communications.

How We Use Your Data

We use the data we collect solely for the following purposes:

  • Delivering the service — routing encrypted messages and push notifications between enrolled devices within your organisation.
  • Device enrolment — associating your device with your organisation so that alerts and messages reach the correct recipients.
  • Escalation chain — using your role to determine alert routing and escalation paths during incident response.
  • Subscription management — verifying your organisation’s subscription status with the Apple App Store Server API to determine which features are available.

We do not use your data for advertising, profiling, marketing, or any purpose unrelated to the delivery of the OuttaBand BCP service.

Data Storage and Security

On-Device Storage

  • Private encryption keys are stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection, meaning they cannot be extracted via backup or accessed when the device is locked.
  • Signing keys are generated and stored within the Apple Secure Enclave and never leave the hardware security module.
  • Local data (alerts, messages, playbooks) is stored using iOS Data Protection with .completeUnlessOpen file protection, meaning files are encrypted with a key derived from the device passcode and hardware key.

Server-Side Storage

  • Our backend is hosted in the EU (London) region (eu-west-2).
  • Data stored on our servers is limited to: device identifiers, APNs tokens, public encryption keys, organisation metadata, and encrypted message payloads.
  • All data is encrypted at rest using AWS DynamoDB encryption.
  • We cannot access message content as it is end-to-end encrypted.

Transport Security

  • All communication between the app and our servers uses TLS 1.3.
  • Certificate pinning is enforced to prevent man-in-the-middle attacks.

Data Retention

  • Encrypted messages are retained on our servers for a maximum of 7 days for offline delivery purposes, after which they are automatically deleted.
  • Device records are retained for as long as the device is enrolled. When a device is deregistered, its record and associated keys are deleted.
  • Organisation records are retained for as long as the subscription is active. Upon cancellation and expiry, organisation data is deleted within 30 days.
  • On-device data is deleted immediately when a user deregisters their device from within the app.

Data Sharing

We do not sell, rent, or share your personal data with any third parties.

Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request correction of inaccurate data.
  • Right to erasure — you may request deletion of your data. You can also delete all local data at any time by deregistering your device within the app.
  • Right to restrict processing — you may request that we limit how we use your data.
  • Right to data portability — you may request your data in a machine-readable format.
  • Right to object — you may object to our processing of your data.

To exercise any of these rights, contact us at privacy@iam-sme.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.

Children’s Privacy

OuttaBand BCP is a business-to-business application designed for IT security professionals and executive leadership. It is not intended for use by children under the age of 16. We do not knowingly collect data from children.

Subscriptions

OuttaBand BCP is offered as a subscription service with multiple tiers. All subscription purchases and billing are handled entirely by Apple through the App Store. We do not collect or store any payment information. For information about Apple’s billing practices, refer to Apple’s Privacy Policy at apple.com/legal/privacy.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Contact

If you have any questions about this privacy policy or our data practices, please contact:

IAM SME LTD Email: privacy@iam-sme.com Website: iam-sme.com Company Registration: 16882648 (England and Wales)

Absolutely — here’s the updated version with your privacy@iam-sme.com address cleanly integrated. I’ve kept the tone tight, transparent, and governance‑ready.

Privacy Statement for The Tracing Room

Last updated: March 2026

Overview

The Tracing Room is an iOS application designed to support structured learning and memorisation. We respect your privacy and have deliberately designed the app so that it does not collect, store, transmit, or process any personal data.

This Privacy Statement explains what the app does — and what it does not do — in relation to your information.

No Personal Data Collected

The Tracing Room does not:

  • Collect personal information
  • Create or require user accounts
  • Track behaviour or usage
  • Send data to external servers
  • Share data with third parties
  • Use analytics, advertising, or profiling technologies

All processing happens locally on your device.

Device Permissions

The Tracing Room requests access to the following iOS features solely to provide core functionality:

Camera Access

Used only to allow you to scan text using the device camera for OCR (optical character recognition). Images captured for scanning are processed on your device and are not transmitted or stored by us.

Photo Library Access

Used only when you choose to import an existing image for OCR scanning. Imported images remain on your device and are not uploaded, transmitted, or analysed beyond the OCR operation you initiate.

The app does not request access to:

  • Contacts
  • Location
  • Microphone
  • Calendars
  • Health data
  • Motion data

If future features require additional permissions, they will be clearly explained and optional.

Data Storage

All data created or generated within the app remains on your device only. Nothing is transmitted to us or to any external service.

If you use Apple’s iCloud backup features, your data may be backed up under your own Apple account, governed by Apple’s privacy policies.

Data Sharing

Because we do not collect any data, we do not — and cannot — share any data with anyone.

Your Rights

As no personal data is collected or processed, there is no data for us to access, correct, delete, or export. If you uninstall the app, all locally stored data is removed from your device.

Contact

If you have questions about this Privacy Statement, you can contact:

IAM‑SME Data Protection Lead Email: privacy@iam-sme.com Website: https://iam-sme/privacy

Changes to This Statement

If the app’s functionality changes in a way that affects privacy, this statement will be updated and a new “Last updated” date will be shown.

Privacy Statement for the 4KE/B Channel Strip Trainer APP


Last updated: February 2026

Overview

4KE/B Channel Strip Trainer is an offline educational app that helps audio engineers and producers build muscle memory for the classic 4000 E/B series channel strip. Your privacy matters to us and this policy explains how we handle your data — in short, we don’t collect any.

Data We Collect

None. This app does not collect, store, process, or transmit any personal data whatsoever. There are no user accounts, no login, no analytics, no tracking pixels, no cookies, and no third-party SDKs that gather information about you.

Data Storage

All app data — including your drill progress and settings — is stored locally on your device only. Nothing is sent to our servers or any third party. If you delete the app, all locally stored data is removed with it.

Third-Party Services

This app does not integrate with any third-party services, advertising networks, analytics platforms, or social media trackers. No data is shared with any external party.

Children’s Privacy

This app does not knowingly collect any information from anyone, including children under the age of 13. Since no personal data is collected from any user, the app is compliant with the Children’s Online Privacy Protection Act (COPPA) and equivalent regulations.

Your Rights

Since we do not collect or store any personal data, there is no data to access, correct, or delete. If you have any concerns about your privacy in relation to this app, please contact us and we will be happy to assist.

Changes to This Policy

If we ever update this privacy policy, the revised version will be posted on this page with an updated date. As the app does not collect data, we do not anticipate significant changes.

Contact

If you have any questions about this privacy policy or the app, please contact us:

Email: 4KE@IAM-SME.com
Website: www.iam-sme.com

IAM SME LTD · UK Company No. 16882648

© 2026 IAM SME LTD · All rights reserved