Safeo24 Data Security Policy

Safeo24, owned and operated by Sarvang Infotech India Limited (“Company”), is committed to protecting the confidentiality, integrity, and availability of the data collected, processed, and stored within the application. This Data Security Policy outlines the measures implemented to safeguard user data from unauthorized access, breaches, and misuse.

1. Scope and Applicability
  • 1.1. Coverage

    This policy applies to all data processed through the Safeo24 application, including but not limited to:

    • User-provided information (e.g., personal details, emergency contacts).
    • Location data shared during app usage.
    • Logs and analytics data collected for app performance.
  • 1.2. Applicability

    The policy covers all employees, contractors, and third-party service providers involved in the development, maintenance, and operation of Safeo24.

2. Data Collection and Usage
  • 2.1. Types of Data Collected
    • Personal Data: Name, email address, phone number, and emergency contact details.
    • Location Data: Real-time GPS coordinates for SOS, Follow Me, and related features.
    • Device Data: Device identifiers, operating system details, and app usage statistics.
  • 2.2. Purpose of Collection

    The data is collected solely to provide, enhance, and maintain the functionality of Safeo24. Examples include:

    • Triggering SOS alerts.
    • Sharing real-time location with trusted contacts.
    • Monitoring app performance and improving user experience.
  • 2.3. Data Minimization

    Safeo24 adheres to the principle of data minimization, collecting only what is necessary to deliver its services effectively.

3. Data Security Measures
  • 3.1. Encryption
    • Data in Transit: All data transmitted between the app, servers, and third-party systems is encrypted using industry-standard SSL/TLS protocols.
    • Data at Rest: Sensitive data is stored in an encrypted format using AES-256 encryption.
  • 3.2. Access Control
    • Access to user data is restricted to authorized personnel only, based on role-based access controls (RBAC).
    • Multi-factor authentication (MFA) is implemented for internal systems handling sensitive data.
  • 3.3. Anonymization and Pseudonymization

    Where feasible, user data is anonymized or pseudonymized to reduce the risk of identification in the event of a data breach.

  • 3.4. Regular Security Audits
    • Internal and external audits are conducted regularly to identify and address vulnerabilities in the system.
    • Penetration testing is performed to simulate potential attack scenarios.
  • 3.5. Monitoring and Incident Response
    • A real-time monitoring system is in place to detect unauthorized access attempts or anomalies.
    • An Incident Response Plan ensures timely mitigation and communication in the event of a data breach.
4. Third-Party Services and Data Sharing
  • 4.1. Third-Party Integrations
    • Safeo24 integrates with third-party services such as SMS gateways, GPS providers, and payment processors. These services are vetted for compliance with data protection regulations.
  • 4.2. Data Sharing
    • User data is shared with third parties only to the extent necessary for providing the app’s core functionalities.
    • No data is sold, rented, or shared with advertisers or unauthorized third parties.
  • 4.3. Data Processing Agreements

    The Company maintains Data Processing Agreements (DPAs) with all third-party service providers to ensure compliance with applicable laws.

5. User Rights
  • 5.1. Access and Portability

    Users can request access to their personal data or obtain a copy in a machine-readable format.

  • 5.2. Correction and Deletion

    Users can update or request the deletion of their data, subject to legal or regulatory obligations requiring retention.

  • 5.3. Consent Withdrawal

    Users may withdraw consent for specific data processing activities, which may limit the functionality of certain features.

6. Data Retention
  • 6.1. Retention Period

    Data is retained only for as long as necessary to fulfill the purposes outlined in the app’s functionality or as required by law.

  • 6.2. Secure Disposal

    Data that is no longer needed is securely deleted or destroyed using industry best practices.

7. Compliance and Legal Requirements
  • 7.1. Regulatory Framework:

    Safeo24 complies with applicable data protection laws, including but not limited to:

    • India: Information Technology Act, 2000, and related rules.
    • Global: GDPR, CCPA, and other relevant international regulations.
  • 7.2. Data Protection Officer (DPO)

    The Company has appointed a DPO to oversee compliance with this policy and address user concerns regarding data security.

8. Updates to the Policy

The Company reserves the right to update this Data Security Policy to reflect changes in technology, legal requirements, or app functionality. Users will be notified of significant changes.

Contact Information

For questions or concerns about data security, please contact:
Legal Department, Sarvang Infotech India Limited
Email:legal@sarvang.com