Privacy Policy
Last updated: March 2026
Who We Are
HerCircle is a personal safety app built for women by Ingenious Digital, based in Addis Ababa, Ethiopia. It lets you share your real-time location with a trusted circle of people during journeys, check-ins, and emergencies — and alerts them when something feels wrong.
Safety depends on trust. We collect only what the app needs to function, we keep it only as long as necessary, and we never sell or share it with advertisers.
1. What We Collect and Why
Account Information
| Data | Why We Collect It |
|---|---|
| Email address | Authentication. We use email OTP (one-time passcodes) — no passwords are stored. |
| Full name | Displayed to your circle members so they know who is safe. |
| Phone number | Optional. Used for emergency contact information only. |
Location Data
Location is the core of what HerCircle does. We collect it precisely, but only during active safety features.
| Data | When It's Collected | Where It's Stored |
|---|---|---|
| Precise GPS coordinates | During active journeys (every 10 seconds), SOS alerts (streaming), and check-ins (single point) | journey_locations, checkins, alerts tables |
Location is not collected passively in the background when you are not using a safety feature. Once a journey ends or an alert resolves, location collection stops.
Device and App State
| Data | Why We Collect It |
|---|---|
| FCM device token | To send you push notifications from Firebase Cloud Messaging |
| Battery level | Shared with your circle members during active journeys so they know if your phone may go offline |
Optional Check-In Data
| Data | Why We Collect It |
|---|---|
| Mood and tags | Voluntary. Helps your circle understand context during a check-in |
What We Do Not Collect
- Advertising identifiers (IDFA, GAID)
- Browsing history or app usage analytics
- Contacts, photos, or files from your device
- Passwords (we use email OTP — there are no passwords)
- Any data through third-party tracking or analytics SDKs
2. How We Use Your Data
We use your data only to operate the app's safety features:
- Authentication — Your email verifies your identity via one-time passcode.
- Your safety circle — Your name, location, battery level, and check-in information are shared with people you have explicitly added to your circle.
- Alerts and SOS — When you trigger an alert, your location streams to your circle members in real time so they can respond.
- Push notifications — Your FCM token lets us notify you when a circle member sends a check-in, starts a journey, or triggers an alert.
- Discreet emergencies — Panic codes let you signal distress without alerting a threat. This uses the same infrastructure as regular alerts.
We do not use your data for advertising, profiling, or any purpose unrelated to your safety.
3. Who Can See Your Data
Your Trusted Circle
Circle members you have added can see:
- Your name and profile
- Your real-time location during active journeys and SOS alerts
- Your check-in points and mood tags
- Your battery level during active journeys
They cannot see your location at any other time.
Third-Party Service Providers
We use a small number of infrastructure providers to operate the app. They process data on our behalf and are bound by their own security standards.
| Service | What They Handle | Privacy Reference |
|---|---|---|
| Supabase | Database, authentication, realtime sync | supabase.com/privacy |
| Firebase Cloud Messaging | Push notifications (device token only) | firebase.google.com/support/privacy |
| OpenStreetMap / Nominatim | Map tiles and address lookup (no user data transmitted) | openstreetmap.org/privacy |
| OSRM | Route calculation (no user data transmitted) | — |
No data is sold or shared with advertisers, data brokers, or any party not listed here.
Legal Requirements
We may disclose data if required by applicable law, court order, or to protect against imminent harm. We will notify you of any such request if legally permitted to do so.
4. Data Retention
| Data Type | Retention |
|---|---|
| Account profile (email, name, phone) | Until account is deleted |
| Journey locations | Until account is deleted |
| Check-ins | Until account is deleted |
| Alerts and alert locations | Until account is deleted |
| Feed events and notifications | Until account is deleted |
| Saved places and user settings | Until account is deleted |
Safety audit exception: When an SOS alert has been resolved, an anonymized record may be retained for up to 30 days as a safety audit trail. This record contains no name, email, or other personally identifiable information. After 30 days, it is permanently deleted.
FCM device tokens are invalidated when you log out or delete your account.
5. Account Deletion
You can delete your account at any time from within the app:
Settings > Account > Delete Account
Deletion removes your profile, circle memberships, journeys, locations, alerts, check-ins, notifications, saved places, and settings. The 30-day anonymized safety audit trail described above may be retained before permanent deletion.
You may also request deletion by emailing support@ingeniousdigital.com. We will process the request within 30 days.
For the complete step-by-step deletion guide, see the Account Deletion page.
6. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate information in your profile
- Delete your account and all associated data
- Export your data (contact us at the email below)
- Withdraw consent for optional data (mood tags, phone number) by removing it from your profile at any time
To exercise any of these rights, contact support@ingeniousdigital.com.
7. Children's Privacy
HerCircle is not designed for or directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have done so, we will delete it promptly. If you believe a child under 13 has created an account, contact us at support@ingeniousdigital.com.
8. Security
We take the security of your data seriously, because for our users it is not just a compliance matter — it is a personal safety matter.
- All data is encrypted in transit using HTTPS and secure WebSocket connections (WSS).
- Our database uses Row Level Security (RLS) on every table. Database queries are enforced at the row level — you can only read records you are authorized to see.
- Location data is shared with circle members through SECURITY DEFINER database functions that validate circle membership before returning any data.
- No passwords are stored. Authentication uses email one-time passcodes only.
- Panic codes allow you to signal distress discreetly without alerting a person who may be watching your phone.
No system is perfectly secure. If you discover a security issue, please disclose it responsibly to support@ingeniousdigital.com.
9. Changes to This Policy
If we make material changes to this policy, we will notify you through the app or by email before the changes take effect. The effective date at the top of this document will be updated.
Continued use of HerCircle after the effective date constitutes acceptance of the updated policy.
10. Contact
For questions about this privacy policy or HerCircle's data practices:
- Email: support@ingeniousdigital.com
- Web: ingeniousdigital.com
For privacy-specific requests, write "Privacy Request" in the subject line.
Your safety is personal. Your data should be too.