Privacy Policy - NightOwl

1. Introduction

Welcome to NightOwl, a safety monitoring application developed by Daiken. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our mobile application and related services.

🔒 Our Privacy Commitment

NightOwl is designed with privacy by design principles. We collect only the minimum data necessary to provide our safety services, encrypt all sensitive information, and never sell or share your personal data with third parties.

This policy complies with the European Union's General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

Full Name: Used for personalization and emergency notifications
Date of Birth: Used for age verification and personalization
Email Address: Used for account creation and important service communications

2.2 Emergency Contact Information

Phone Numbers: Only phone numbers of your emergency contacts are stored
Contact Names: We do NOT store the names of your emergency contacts
Record IDs: Internal identifiers for managing your contact lists

2.3 Location Data

Real-time Location: Collected only during active safety sessions
Journey Routes: Temporary tracking data for safety monitoring
Destination Information: Your intended destination for arrival verification

2.4 Device and Technical Information

Device Model: Your device type (e.g., iPhone 13, iPhone 14) for compatibility
App Version: For technical support and feature compatibility
Crash Reports: Anonymous technical data when the app encounters errors
Usage Analytics: Anonymous data about app usage patterns

3. How We Use Your Information

3.1 Primary Safety Services

Monitor your journey during active safety sessions
Send SMS alerts to your emergency contacts if you don't arrive on time
Detect when you arrive safely at your destination
Provide personalized safety recommendations

3.2 Service Improvement

Improve app performance and reliability
Develop new safety features
Fix technical issues and bugs
Ensure compatibility across different devices

3.3 Communication

Send important service updates and security notifications
Respond to your support requests
Provide account-related information

4. Data Security and Encryption

🛡️ Industry-Standard Protection

All sensitive data is encrypted using advanced encryption algorithms before being stored on our servers. This means your location data, contact information, and personal details are unreadable even if accessed without authorization.

4.1 Encryption at Rest

All personal data stored on our servers is encrypted at rest using industry-standard encryption algorithms. This includes:

Location data and journey information
Emergency contact phone numbers
Personal information (name, date of birth)
Account credentials and authentication tokens

4.2 Encryption in Transit

All data transmitted between your device and our servers is protected using TLS/SSL encryption protocols.

4.3 Authentication Security

We use secure third-party authentication services to manage user accounts. We do not store or have access to your passwords or other sensitive authentication credentials.

5. Data Storage and Location

5.1 Server Location

Your encrypted data is stored on secure servers hosted on Amazon Web Services (AWS) infrastructure located in Frankfurt, Germany (eu-central-1 region), ensuring compliance with European data protection standards.

5.2 Data Retention

We retain your personal data only as long as necessary to provide our services or as required by law:

Account Data: Retained while your account is active
Location Data: Automatically deleted after safety sessions complete
Emergency Contact Data: Retained until you modify or delete your contacts
Crash Reports: Anonymous technical data retained for up to 12 months

6. Third-Party Services

6.1 SMS Delivery Service

We use Twilio, a trusted third-party service, to deliver SMS alerts to your emergency contacts. When sending an SMS:

Only your first name is included in the message content
No other personal information is shared with Twilio
Emergency contact phone numbers are transmitted securely for delivery only
Twilio does not store your contact information

6.2 Crash Reporting

We use Sentry for anonymous crash reporting to improve app stability. Only technical error data is collected - no personal information is included in crash reports.

6.3 Authentication Services

We use secure third-party authentication services to manage user accounts safely, ensuring we never store or access your passwords.

7. Data Sharing and Disclosure

🚫 No Data Selling or Sharing

We do not sell, rent, or share your personal information with third parties for marketing or commercial purposes. Your data is used solely to provide NightOwl's safety services.

7.1 Emergency Situations

Your location and safety status may be shared with your designated emergency contacts only:

When you don't arrive at your destination on time
When you manually trigger an emergency alert
Only with contacts you have specifically designated

7.2 Legal Requirements

We may disclose personal information if required by law, court order, or to protect the safety of our users or others.

8. Your Rights and Controls

8.1 Account Management

Modify Emergency Contacts: Add, edit, or remove emergency contacts at any time
Adjust Permissions: Control app permissions including location access
Location Sharing Control: Choose whether to share your location with emergency contacts
Delete Account: Permanently delete your account and all associated data

8.2 GDPR Rights

Under GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data
Portability: Receive your data in a structured format
Restriction: Limit how we process your data
Objection: Object to processing of your personal data

8.3 Exercising Your Rights

To exercise any of these rights, contact us at business@kaedin.nl. We will respond to your request within 30 days as required by GDPR.

9. Children's Privacy

NightOwl is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

Posting the updated policy on our website
Sending you an email notification
Displaying a notice in the mobile app

Your continued use of NightOwl after any changes indicates your acceptance of the updated Privacy Policy.

11. International Data Transfers

Your data is processed and stored within the European Union (Frankfurt, Germany) to ensure compliance with GDPR requirements. If we ever need to transfer data outside the EU, we will implement appropriate safeguards as required by GDPR.