GDPR Compliance
Last updated: February 27, 2026
1. Data Controller
SafeWalk acts as the data controller for personal data processed through the SafeWalk mobile application. For questions about how your data is handled, contact:
- Email: anadelta.greece@gmail.com
2. Legal Basis for Processing
We process your personal data under the following legal bases as defined in Article 6 of the GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing the Service (routing, incident display) | Performance of contract (Art. 6(1)(b)) |
| Location tracking for route planning | Consent (Art. 6(1)(a)) |
| Safety Circles & Follow Me (live location sharing) | Consent (Art. 6(1)(a)) |
| Processing subscription payments | Performance of contract (Art. 6(1)(b)) |
| Sending safety-related push notifications | Legitimate interest (Art. 6(1)(f)) |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
3. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights:
3.1 Right of Access (Art. 15)
You can request a copy of all personal data we hold about you.
3.2 Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data.
3.3 Right to Erasure (Art. 17)
You can request deletion of your personal data ("right to be forgotten"). We will delete your data unless we have a legal obligation to retain it.
3.4 Right to Restrict Processing (Art. 18)
You can request that we limit how we use your data in certain circumstances.
3.5 Right to Data Portability (Art. 20)
You can request your data in a structured, commonly used, machine-readable format (JSON or CSV).
3.6 Right to Object (Art. 21)
You can object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds.
3.7 Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent (e.g., location tracking), you can withdraw consent at any time through the app settings or your device's location permissions.
4. How to Exercise Your Rights
To exercise any of the above rights, contact us at anadelta.greece@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.
5. Data Processing Details
5.1 Categories of Data
- Identity data: Name, email, profile photo.
- Location data: GPS coordinates during active app use and Follow Me sessions. During active Safety Circle sharing or Follow Me sessions, your last known position is stored server-side and shared with circle members or the session recipient until the session ends.
- Usage data: Routes requested, features used, incidents reported.
- Technical data: Device type, OS version, push token, IP address.
- Financial data: Subscription status (payment details handled by Apple/Google).
5.2 Data Retention Periods
- Account data: Retained while your account is active, deleted within 30 days of account deletion request.
- Location data: Walk history retained for up to 12 months, then automatically deleted.
- Incident reports: Retained for 24 months for safety analysis, then anonymized.
- Security audit logs: Retained for 365 days for security and legal accountability purposes.
- Technical/application logs: Retained for 90 days for debugging purposes.
5.3 International Data Transfers
Your data may be processed on servers located within the EU/EEA. If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Sub-processors
We use the following third-party sub-processors. Each is bound by a data processing agreement and may only process your data for the specified purpose:
- Cloud hosting provider: Hosts the application servers and database within the EU/EEA.
- Google Maps Platform (Google LLC): Used to display maps, render routes, and generate location links in SOS alerts. Your location coordinates are transmitted to Google when using map features. Google's privacy policy applies: policies.google.com/privacy.
- GraphHopper (GraphHopper GmbH) or equivalent routing engine: Used to calculate safe walking routes. Origin and destination coordinates are sent to the routing service to compute paths.
- Email / SMTP provider: Processes email addresses to deliver transactional emails (verification codes, password resets, SOS notifications).
- Apple App Store / Google Play Store: Handle payment processing for premium subscriptions. We do not store payment card details.
- Error tracking service: Receives anonymized crash reports and error logs to monitor app stability.
7. Privacy Contact
For data protection inquiries, contact us at anadelta.greece@gmail.com. We aim to respond to all privacy-related requests within 30 days.
8. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority. In Greece, this is the Hellenic Data Protection Authority (HDPA): www.dpa.gr.
9. Cookies
The SafeWalk website uses essential cookies required for the site to function (e.g., session management). We may also use analytics cookies (Google Analytics) to understand how visitors use the site. Analytics cookies are only loaded after you provide explicit consent via the cookie banner. You can withdraw consent at any time by clearing your browser storage. Our mobile app does not use cookies.
10. Data Breach Notification
In accordance with GDPR Articles 33 and 34, in the event of a personal data breach:
- We will notify the relevant supervisory authority (Hellenic Data Protection Authority) within 72 hours of becoming aware of the breach, where feasible.
- If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, describing the nature of the breach, the likely consequences, and the measures taken or proposed to address it.
- We maintain internal records of all data breaches, including their effects and the remedial actions taken.
11. Updates to This Notice
We review and update this GDPR notice periodically. Material changes will be communicated through the app and email.