SafeLoop

Legal

Privacy Policy

Effective: 2026-07-12 · Last updated: 2026-07-12

1. Who we are

SafeLoop (“SafeLoop”, “we”, “us”) is a family-safety app operated from Bangalore, India. This Privacy Policy explains what personal information we collect when you use the SafeLoop mobile app or visit safeloop.one, why we collect it, who we share it with, and how you can control it.

If you have questions about this policy, contact us at support@safeloop.one.

2. The short version

  • What: profile info, location while you’re sharing it, your check-ins and trips, and the names + numbers of people you choose to include in your circle or designate as your emergency contact.
  • Why: to power location sharing, check-ins, group trips, and emergency alerts — features you intentionally use.
  • Who we share it with: people you’ve added to your circle (and only them); technical sub-processors that store and deliver the data (Firebase, Apple, Google, RevenueCat, Expo); nobody else. We never send SMS on your behalf — the SOS button opens your own phone’s text app for you to send.
  • How long: while your account is active. You can delete everything yourself in Settings → Delete account, and we don’t keep a backup.
  • Selling data: we don’t sell your personal data. Ever.

The rest of this document is the long version.

3. What we collect

3.1 Account information

When you sign in (using your Apple ID or Google account), we receive:

  • Your email address (from the sign-in provider)
  • Your phone number (from the sign-in provider, if available)
  • A unique user ID that identifies you within SafeLoop

When you complete profile setup, you provide:

  • Your display name
  • A profile photo (optional)
  • Confirmation that you are 13 years of age or older

3.2 Location data

SafeLoop is a location-sharing app. With your permission, we collect:

  • While the app is open (“foreground location”) — your latitude, longitude, speed, accuracy, and movement state. Used to show your position on the Track map for the people in your circle and to calculate ETAs during group trips.
  • While the app is closed (“background location”) — same data points, only if you have enabled background-location permission and have at least one saved place with auto check-in turned on. Used to detect when you arrive at or leave a saved place (geofence) and to refresh your location during an active trip.
  • Saved places — names, latitudes, longitudes, and radii for places you add to your account (e.g., “Home”, “Office”). Stored only on your account.

You can stop location sharing at any time by toggling Sharing off in the Track tab, by removing background-location permission in your device settings, or by deleting your account.

3.3 Activity data

  • Check-ins, mood, and status — the mood and optional one-line status you share with your circle. We retain a 7-day mood history; status texts expire after 12 hours.
  • Current place — the saved place you’ve checked in at, either manually or automatically via geofence.
  • Streaks — count of consecutive days you’ve checked in.
  • Trips — destination, route, members, and status of group trips you create or join. Includes ETAs and arrival timestamps.
  • Invites — codes you’ve sent or claimed, the names you’ve labelled invites with, and the relationship label between you and each circle member.

3.4 Device and diagnostic data

  • Push notification token — a device identifier (Expo push token) used to deliver SafeLoop notifications to your phone. Cannot be used to identify you outside of SafeLoop.
  • Battery state — battery level and charging status, written every 15 minutes when sharing is active. Used to send your circle a low-battery alert if the device dies and you’re out.
  • Permission state — whether you’ve granted location, background-location, and notification permissions. Used to surface “permission degraded” alerts to circle members who opted into them.
  • Operating system + app version — collected only when you submit feedback or report a bug, included in the feedback record.

3.5 Emergency contact

When you set an emergency contact, we store the name, phone number, and country code you provide. This number stays on your device and in your account record. When you tap SOS, SafeLoop opens your phone’s native text app with a prefilled message to this contact — you tap Send. SafeLoop itself never sends SMS on your behalf, and the number is never transmitted to any third-party SMS service.

3.6 Subscription state

If you upgrade to a paid plan, RevenueCat (our subscription processor) records your trial start date, current entitlement status, and renewal status. Apple/Google handle billing directly — we never see your payment card details.

3.7 What we do NOT collect

  • Your contacts list — we never read your phone’s address book.
  • Your photos beyond the single profile photo you upload.
  • Your messages or call logs.
  • Your browsing history or app usage outside SafeLoop.
  • Advertising identifiers (IDFA / GAID).

4. How we use it

We use the data above to:

  • Show your location to people in your circle, when sharing is on.
  • Power group trip navigation, ETAs, and arrival detection.
  • Send “I’m OK” check-ins and pulse alerts when you go quiet.
  • Detect arrival/departure at saved places (geofencing).
  • Send push notifications to your circle. (Emergency-contact SMS is composed by SafeLoop and sent by you from your own phone’s text app.)
  • Sync your data across devices so you can sign in fresh anywhere.
  • Diagnose bugs you report and improve the app.
  • Honor your data-rights requests (see Section 7).

We do not use your data to:

  • Build advertising profiles
  • Sell to data brokers
  • Train machine-learning models
  • Show targeted ads — there are no ads in SafeLoop

5. Who we share it with

5.1 Your circle

The whole point of SafeLoop is to share with the people you’ve added to your circle. They see your name, photo, location (while sharing is on), mood, status, current place, and check-in history. You control who is in your circle (Settings → Circle), and you can remove anyone at any time.

5.2 Technical sub-processors

We use the following third parties to operate SafeLoop. Each acts as a “data processor” — they handle data on our behalf under contract.

Processor What they do What they receive
Google Firebase (Auth, Firestore, Cloud Functions, Storage) Stores and syncs your account data; runs server-side logic All account data described in Section 3
Apple Sign In with Apple Verifies your Apple ID at sign-in Apple’s auth tokens; we receive your email + a unique ID
Google Sign-In Verifies your Google account at sign-in Google’s auth tokens; we receive your email + a unique ID
Expo Push Service Delivers push notifications to your device Your Expo push token + the notification payload
RevenueCat Manages subscription state and entitlements Your user ID, trial/subscription status
Google Maps + Directions API Renders maps and computes routes during trips Origin, destination, and waypoint coordinates

Data is stored on Firebase servers in the us-central1 region (Iowa, USA).

5.3 We do NOT share with

  • Advertising networks
  • Data brokers
  • Insurance companies
  • Employers, schools, or governments — except as required by law (Section 5.4)

We may disclose information if compelled by a valid legal process (court order, subpoena, or equivalent). We will notify you of any such request unless prohibited by law.

6. How long we keep it

Data Retention
Account profile, circle, saved places While your account is active
Real-time location Last known position only — overwritten on every update; not retained as a history
Mood history Rolling 7 days
Status text 12 hours from posting
Trip records Active + pending trips: until ended; completed trips: retained as a history with you and other members named
Invite records Until claimed, expired, or 7 days, whichever first
Feedback / bug reports Until manually purged or 12 months
Emergency-alert dedup tokens 24 hours
Pulse / battery / offline alert dedup 6 hours
Backups We do not maintain user-recoverable backups. Once deleted, data is gone.

7. Your rights

7.1 Access and portability

Most of your data is visible in the app. To request a machine-readable export of everything we hold about you, email support@safeloop.one with the subject line “Data export request” from the email associated with your account. We aim to respond within 30 days.

7.2 Correction

You can edit your profile, emergency contact, and saved places directly in the app under Settings.

7.3 Deletion

In the app: Settings → Delete account. Type DELETE to confirm. The deletion is immediate and irreversible. Specifically:

  • Your users/{uid} document, profile photo, and all activity logs are permanently removed.
  • Your name and identifier are removed from every other circle member’s account, from all pending invites, and from any active or pending trips.
  • Completed trips you participated in retain a historical record of your participation (your name and uid stay in the trip’s member list) for the benefit of other participants. If you want this scrubbed too, email us.
  • Your Firebase Auth record is deleted.
  • If you have a paid subscription, you must cancel it separately in the App Store or Play Store. Apple and Google handle subscription billing — SafeLoop cannot cancel it for you.

7.4 Object / restrict

You can disable individual data flows: turn sharing off, revoke background-location permission, mute notifications. To object to a specific processing activity, email us.

7.5 EU residents (GDPR)

You have the rights above plus the right to lodge a complaint with your local data-protection authority. Our legal basis for processing is your consent (you opted into the app and each permission), the necessity of performance of the service you requested (we can’t share your location with your family if we don’t process it), and our legitimate interest in preventing abuse and operating the app.

7.6 California residents (CCPA / CPRA)

You have the rights above. We do not sell or share your personal information as those terms are defined under the CCPA. You may designate an authorized agent to make a request on your behalf — contact us at the email above.

7.7 Indian residents (DPDP Act 2023)

You have the rights above. SafeLoop is the data fiduciary. Our Data Protection Officer is reachable at support@safeloop.one.

8. Children

SafeLoop is not for users under 13 years of age. During profile setup, every user must confirm they are at least 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has created an account, email us and we will delete it.

If you are between 13 and 18 (or the equivalent age of majority in your jurisdiction), you should review this policy with a parent or guardian.

9. International transfers

Your data is stored on Google Firebase servers in the United States (us-central1). If you access SafeLoop from outside the United States, your data is transferred to and processed in the United States. Firebase complies with the EU-U.S. Data Privacy Framework. By using SafeLoop, you consent to this transfer.

10. Security

We use TLS (HTTPS) for data in transit and Firebase’s at-rest encryption for data on disk. Access to production systems is restricted to authorized personnel. We do not store your passwords — sign-in is delegated to Apple and Google.

No system is perfectly secure. If you suspect your account has been compromised, sign out of all sessions and email us immediately.

11. Changes to this policy

We may update this policy as SafeLoop evolves. When we do, we will:

  • Update the “Effective date” at the top.
  • Post a prominent notice in the app for material changes.
  • For changes that expand our use of your data beyond what’s described here, request your renewed consent.

The current version of this policy is always available at safeloop.one/privacy and within the app under Settings → Privacy & sharing → Privacy policy.

12. Contact us

For any privacy question, request, or complaint:

Email: support@safeloop.one