Privacy Policy

Last updated: June 24, 2026

1. Data Controller

The Data Controller for your personal data is:

Safekept
Individual Developer
Italy
Email: privacy@safekept.app

Under Regulation (EU) 2016/679 (GDPR), the Controller is responsible for decisions regarding the purposes and means of processing of personal data of users of the Safekept application.

2. Scope

This Privacy Policy applies to the processing of personal data through:

  • The Safekept mobile application for iOS
  • The companion application for Apple Watch
  • The safekept.app website
  • Related backend services

3. Personal Data We Collect

3.1 Data you provide directly

  • 1.
    Email address: registration, authentication, service communications. Sign-in is via email and password or “Sign in with Apple” (in which case Apple may provide an anonymous relay email address). Legal basis: contractual performance (Art. 6.1.b GDPR).
  • 2.
    Phone number: registration, sending SMS to guardians, identity verification. Legal basis: contractual performance (Art. 6.1.b GDPR).
  • 3.
    Display name: identification within the app and in communications to guardians. Legal basis: contractual performance (Art. 6.1.b GDPR).
  • 4.
    Guardian contacts (name, email/phone): sending notifications and safety alerts to designated contacts. Legal basis: user consent (Art. 6.1.a GDPR) and legitimate interest (Art. 6.1.f GDPR).

3.2 Data collected automatically

  • 1.
    Precise GPS location, including in the background: during an active session, location is collected and shared with guardians even when the app is in the background or the screen is locked, to ensure continuous monitoring until the session ends. Collection stops when the session ends. Legal basis: explicit consent (Art. 6.1.a and Art. 9.2.a GDPR).
  • 2.
    Device token (APNs): push notification delivery for check-ins and alerts. Legal basis: contractual performance (Art. 6.1.b GDPR).
  • 3.
    Session metadata (start time, end time, status): service operation and reliability. Legal basis: contractual performance (Art. 6.1.b GDPR).
  • 4.
    Diagnostic and crash data (technical errors, session lifecycle logs without identifying data): detecting and fixing malfunctions, service security and reliability. Legal basis: legitimate interest (Art. 6.1.f GDPR). This data does not contain GPS coordinates, guardian contacts, tokens, or free text.

3.3 Data we do NOT collect

  • Location history after sessions end
  • Behavioral profiles or movement patterns
  • Audio, video, photos, or other media from your device
  • Contacts beyond those you explicitly add as guardians
  • Advertising identifiers (IDFA, GAID)
  • Browsing data, profiling cookies, or third-party trackers
  • Biometric data
  • Health-related data

4. Purposes and Legal Bases

4.1 Service delivery (Art. 6.1.b GDPR)

  • User account creation and management
  • Sending periodic check-ins during active sessions
  • Triggering escalation and notifying guardians when check-ins are missed
  • Sending service communications (confirmations, technical notices)

4.2 Location sharing (Art. 6.1.a GDPR)

Collection and transmission of GPS coordinates to designated guardians during active sessions. Consent is explicitly requested when enabling location services and can be revoked at any time.

The permission requested is “Always” / “Allow Always” location access, required so that sharing continues while the app is not in the foreground. Without this permission, the service operates in a limited way.

4.3 Service security and integrity (Art. 6.1.f GDPR)

Prevention of abuse, fraud, and unlawful use of the service. Infrastructure security maintenance.

4.4 Legal obligations (Art. 6.1.c GDPR)

Compliance with judicial authority requests. Fulfilment of tax and accounting obligations.

5. Data Sharing

5.1 User-designated guardians

During active sessions, data is shared exclusively with guardians you have explicitly designated, and only during the active session. Shared data includes: real-time GPS position, session status, last confirmed check-in time, and any notes you left.

5.2 Service providers (Data Processors)

  • Amazon Web Services (AWS): infrastructure hosting, database, processing. Location: eu-south-1 (Milan, Italy). Safeguards: DPA per Art. 28 GDPR, ISO 27001, SOC 2.
  • Amazon Web Services (AWS) – SNS: sending push notifications (via APNs) and SMS to guardians. Recipients' phone numbers are transmitted to AWS SNS solely to send the message. Region: eu-west-1 (Ireland) for SMS; eu-south-1 (Milan) for push notifications. Safeguards: DPA per Art. 28 GDPR.
  • Apple Push Notification Service (APNs): push notification delivery on iOS and Apple Watch. Safeguards: Apple DPA, Standard Contractual Clauses.
  • Sentry (Sentry GmbH): collection of error/crash reports and diagnostic logs for service stability. Data location: EU region (Germany). Safeguards: DPA per Art. 28 GDPR; diagnostic data free of personally identifiable information.

5.3 We never share data with

  • Third-party data buyers
  • Advertising networks
  • Data brokers or analytics companies
  • Third-party marketers

6. International Data Transfers

Personal data is primarily stored in the AWS eu-south-1 region (Milan, Italy), within the European Economic Area. For push notification delivery via Apple (APNs), minimal technical data may transit through US-based servers. SMS to guardians are sent via AWS SNS in the eu-west-1 region (Ireland), within the European Union. These transfers are protected by Standard Contractual Clauses (SCC), Data Processing Agreements, and supplementary technical measures (encryption in transit (TLS)).

7. Data Retention

  • GPS location data: deleted immediately and permanently when the session ends.
  • Session metadata and events (no location data): retained for the lifetime of the account for service reliability and to allow full export of your data (Art. 20 GDPR). The visibility of session history in the app depends on your active plan (e.g. last 7 days on the free plan, 365 days on higher plans); the data is nonetheless included in full in the export and is deleted when the account is deleted.
  • Account data (email, phone, name): retained while account is active, deleted within 30 days of deletion request.
  • Device tokens: until revoked or replaced by user.
  • Security logs: 90 days.

8. Data Security

  • Encryption in transit: TLS 1.3 for all communications
  • Encryption at rest: AES-256 for all stored data
  • Secure authentication: short-lived access tokens (15 minutes) with rotating refresh tokens
  • Least privilege principle: data access limited to strictly necessary context
  • EU infrastructure: servers in AWS Milan region (eu-south-1)
  • No real-time location data access by the Controller
  • Automatic deletion: location data removed automatically when session ends

9. Your Rights

Under Articles 15-22 of the GDPR, you have the right to:

  • Access (Art. 15): Obtain confirmation of processing and access your personal data.
  • Rectification (Art. 16): Correct inaccurate data or complete incomplete data.
  • Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Restriction (Art. 18): Restrict processing in cases provided by law.
  • Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Object (Art. 21): Object to processing based on legitimate interest.
  • Withdraw consent (Art. 7.3): Withdraw consent for geolocation at any time.

To exercise your rights: privacy@safekept.app. We respond within 30 days (Art. 12.3 GDPR).

Supervisory Authority: You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it.

10. Cookies and Tracking Technologies

The safekept.app website uses only strictly necessary technical cookies (language preference and your cookie choice). We do not use profiling cookies, third-party advertising cookies, tracking pixels, or behavioral or advertising analytics tools; we use only technical diagnostic tools (see §5.2). The full list of cookies and consent management is described in our Cookie Policy.

The mobile application does not use cookies. Technical information is stored in the device's secure storage (Keychain on iOS).

11. Children

Safekept is not intended for users under 16 years of age. We do not knowingly collect personal data from individuals under 16. If we become aware that we have collected data from a minor without verifiable parental consent, we will immediately delete such data. Contact us at privacy@safekept.app if you believe a child has provided us with personal data.

12. Apple Watch

The Apple Watch companion app syncs active session state with the iPhone, does not collect additional data, does not transmit data directly to servers (communication happens through the paired iPhone), and data synced between Apple Watch and iPhone transits via Apple's WatchConnectivity framework, protected by device encryption.

13. Communications to Guardians

Guardians receive communications via push notifications (if they have the app), SMS (during escalation or if they don't have the app), and email (for invitations and non-urgent communications). Guardians receive only information strictly necessary for the safety function.

The legal bases for guardian communications differ by purpose:

  • Informational communications (invitation, session-start notice, non-urgent messages): the guardian's consent (Art. 6.1.a GDPR), freely and specifically given by accepting the invitation received. The moment of acceptance is recorded with a consent timestamp.
  • Emergency alerts (escalation with real-time location): the vital interests of the user or another natural person (Art. 6.1.d GDPR and, for any location data, Art. 9.2.c GDPR), as these communications are strictly necessary to protect the person's safety.

Information to guardians (Art. 14 GDPR): a guardian's contact data (name, phone, or email) is collected through the user who designates them. The guardian receives this notice at first contact (at the foot of the invitation) and may exercise the rights in Section 9 at any time, including access, objection, and erasure, by writing to privacy@safekept.app.

13.1 How to stop messages (opt-out)

A guardian can stop receiving messages at any time by: declining the invitation via the link they received; replying STOP to any Safekept SMS; or asking the user who added them to remove them. In every case the stop is immediate and covers all channels (push, SMS, email). Non-urgent emails also carry an unsubscribe link. Life-safety emergency messages are strictly transactional and tied to a relationship the recipient accepted; they end when the guardian is removed. Requests: privacy@safekept.app.

14. Changes to This Policy

We will notify you of material changes via email and in-app notification at least 30 days before they take effect. Continued use after changes take effect constitutes acceptance.

15. Contact

For any questions regarding personal data processing:

Safekept
Email: privacy@safekept.app

This Privacy Policy is drafted in compliance with Regulation (EU) 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and the guidelines of the Italian Data Protection Authority.