1. Information We Collect

1.1 Personal Information

When you create an account or use our services, we may collect:

• Account Information: Full name, email address, phone number, age, gender, profession, workplace, and residence location
• Authentication Data: Login credentials, biometric authentication data (stored locally on your device)
• Profile Information: Work institution, professional details, and user preferences

1.2 Incident Report Data

When you submit incident reports, we collect:

• Report Content: Incident descriptions, incident types, priority levels, and associated tags
• Location Data: Geographic coordinates and addresses (only when you choose to share location)
• Media Attachments: Photos, audio recordings, and documents you voluntarily upload
• Metadata: Report timestamps, device information, and submission source

1.3 Technical Information

• Device Data: Device type, operating system, app version, and unique device identifiers
• Usage Analytics: App usage patterns, feature interactions, and performance metrics
• Network Information: IP address, connection type, and general location (country/region)
• Push Notification Tokens: Firebase Cloud Messaging (FCM) tokens for notifications

2. How We Use Your Information

2.1 Primary Purposes

• Incident Processing: Review, investigate, and respond to reported incidents
• Service Provision: Provide core app functionality, user authentication, and account management
• Communication: Send notifications, updates, and respond to your inquiries
• Safety & Security: Protect users, prevent abuse, and ensure platform integrity

2.2 Secondary Purposes

• Analytics: Generate anonymized statistics and insights about incident trends
• Improvement: Enhance app features, user experience, and service quality
• Legal Compliance: Comply with applicable laws and legal obligations

3. Information Sharing and Disclosure

3.1 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for commercial purposes.

3.2 Limited Sharing Scenarios

• MADA Organization: Internal sharing for incident investigation and organizational purposes
• Service Providers: Trusted third-party services (hosting, analytics, notifications) under strict data protection agreements
• Legal Requirements: When required by law, court orders, or to protect rights and safety
• Anonymous Data: Aggregated, anonymized statistics that cannot identify individuals

3.3 Public Information

Reports marked as "public" may be displayed on the interactive map and in public statistics. You control this setting for each report.

4. Data Security and Protection

4.1 Security Measures

• Encryption: Data transmission using HTTPS/TLS encryption
• Authentication: Secure login with optional biometric authentication
• Access Controls: Role-based access and authorization systems
• Regular Audits: Security assessments and vulnerability testing

4.2 Data Storage

• Secure Servers: Data stored on protected servers with industry-standard security
• Backup Systems: Regular backups with encryption and access controls
• Geographic Location: Primary servers located in secure data centers

5. Your Privacy Rights and Choices

5.1 Access and Control

• Account Access: View and update your profile information anytime
• Data Portability: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data

5.2 Privacy Settings

• Location Sharing: Control when and how location data is collected
• Notification Preferences: Manage push notifications and email communications
• Report Visibility: Choose whether reports are public or private
• Anonymous Reporting: Submit reports without revealing your identity

6. Data Retention

6.1 Retention Periods

• Account Data: Retained while your account is active and for a reasonable period after deletion
• Incident Reports: Retained for investigation purposes and legal requirements (typically 3-7 years)
• Technical Data: Logs and analytics data retained for 12-24 months
• Communications: Message history retained according to legal and operational needs

6.2 Deletion Process

When you delete your account, we will remove your personal information within 30 days, except where retention is required by law or for legitimate business purposes.

7. Third-Party Services

7.1 Integrated Services

• Firebase (Google): Authentication, cloud messaging, and analytics
• Map Services: Location services and geocoding
• Cloud Storage: Secure file storage for media attachments

7.2 Third-Party Privacy

These services have their own privacy policies. We encourage you to review them and understand how they handle your data.

8. International Data Transfers

Your data may be processed and stored in countries other than your residence. We ensure appropriate safeguards are in place to protect your information during international transfers.

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will take steps to delete the information.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes through the app or via email. Your continued use of the service after changes constitutes acceptance of the updated policy.