StaySeen — Privacy Policy

App name: StaySeen

Operator: Becama Holdings Limited ("StaySeen", "we", "us")

Country: United Kingdom

Hosting: Replit (cloud hosting)

Email delivery: Resend (transactional email)

1. What this policy covers

This Privacy Policy explains how StaySeen collects, uses, shares, and protects information when you use our mobile app and related services (the "Service").

StaySeen is designed to enable mutually approved connections with a trusted circle and to send multi-channel alerts in an emergency.

2. Information we collect

We collect the following categories of information:

A. Account information

Email address
Password (stored using secure hashing, not in plain text)
Basic profile details you choose to provide (e.g., name)

B. Trusted Friends network

Trusted contacts' email addresses (to send and accept friend requests)
Friend request status (pending/accepted/blocked/removed)

C. Location information (minimal storage approach)

Panic alert location: when you press the Panic Button, we capture your device's location at that moment and attach it to the alert so your trusted friends can see where you triggered the alert.

Important: We do not store live, continuous, or ongoing location tracking history. The only location stored is the location point tied to each Panic alert.

D. Notifications and communications

Push notification tokens (to deliver alerts)
Transactional email details needed to send panic alerts and safety notifications via Resend

E. Device and usage data

Device type/OS version, app version
IP address (typically for security and service operation)
Log and diagnostic data (e.g., error logs, performance metrics)

3. How we use your information

We use information to:

Provide the Service (account access, trusted friends, alerts and notifications)
Deliver Panic Button alerts and related notifications
Maintain security and prevent fraud/abuse
Troubleshoot issues and improve reliability
Comply with legal obligations where applicable

4. Legal basis for processing (UK GDPR)

Where UK GDPR applies, we process personal data under:

Contract: to provide the Service you request
Consent: for device permissions (e.g., location access) and certain optional communications
Legitimate interests: security, fraud prevention, service improvement
Legal obligation: compliance with applicable law

5. How sharing works (privacy-first design)

Trusted friend connections require mutual approval (requests must be accepted).
You can remove or block trusted friends at any time.
Your trusted friends can only view the information you share through the Service (for example, an alert location tied to a Panic event).

6. Data storage and retention

We keep personal data only as long as needed to operate the Service and meet legal requirements.

Typical retention approach:

Account data and trusted friends data: retained while your account is active
Panic alert locations: retained to support the user's alert record and trusted friends' ability to view where the alert was triggered, then deleted or anonymised when no longer needed
Logs/diagnostics: retained for security and reliability, then deleted or aggregated

Account deletion: You can delete your account at any time from Settings in the app. When you delete your account, we will delete or anonymise personal data associated with your account, except where we must keep certain information for legal, security, or fraud-prevention reasons.

7. When we share information

We share information only as needed to provide the Service:

A. With your trusted friends (you control this)

Panic alerts: your alert status and the location captured at the time you pressed the Panic Button, plus map links and call-to-action messages.

B. With service providers (processors)

We use third-party providers to host and operate the Service and deliver communications. This includes:

Replit (hosting)
Resend (transactional email delivery)
Push notification providers (e.g., Apple/Google notification infrastructure)

These providers process data on our behalf under contractual protections appropriate to their role.

C. Legal and safety reasons

We may disclose information if required by law, to protect rights and safety, or to investigate abuse.

D. No sale of personal data

We do not sell your personal information.

8. International transfers

We are based in the UK, but our service providers may process data outside the UK. Where required, we use appropriate safeguards for international transfers.

9. Security

We use reasonable technical and organisational measures to protect information, such as encryption in transit, access controls, and secure credential storage.

10. Your rights and choices

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or object to processing, and to request portability.

11. Children and family use

StaySeen can be used by families and may be suitable for children to share their location with a parent or guardian.

Where local law requires parental consent, a parent/guardian must provide consent and supervise use.

Parents/guardians are responsible for the child's trusted contacts and how the Service is used.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will update the effective date and, where appropriate, provide notice in the app.