🛡️ Privacy Policy

2.1 Primary Purposes

We use your information exclusively to:

• Provide the service: Display real-time locations on the family map.
• Safety alerts: Notify you when someone enters or leaves a safe zone (geofence).
• Route history: Allow you to review the last 30 days of locations.
• SOS button: Process emergency alerts and notify designated contacts.
• Communication: Send you important alerts about your account or service.

2.2 Secondary Purposes

• Security: Detect and prevent unauthorized access to your account.
• Service improvement: Analyze aggregated usage patterns (never individual) to improve the app.
• Technical support: Diagnose issues when you contact us.
• Legal compliance: Respond to valid legal requests.

2.3 What We DON'T Do with Your Data

2.4 Legal Basis for Processing

Under applicable laws, we process your data based on:

• Explicit consent: You voluntarily activate location monitoring.
• Contract execution: To provide the service you requested.
• Legitimate interests: For security and fraud prevention.
• Legal obligation: When the law requires us to retain certain data.

3.1 Sharing WITHIN Your Family Group

Your location is visible to family group members you authorize. You control who can see your location.

3.2 Service Providers (Under Strict Contract)

We work with essential providers who only process data according to our instructions:

• Cloud infrastructure: Secure servers to store encrypted data.
• Payment processor: To securely handle transactions (we never see your full card).
• Email service: To send you alerts and notifications.
• Maps: To display locations (we only send coordinates, not identity).

All our providers sign data processing agreements that prohibit them from using your information for their own purposes.

3.3 Authorities (Only with Valid Legal Process)

We may disclose information if we receive:

• Valid court order
• Legal subpoena
• Emergency request to prevent imminent harm to a person

We will notify the affected user before disclosure unless the law prohibits it or there's a safety risk.

3.4 Who We NEVER Share With

This is a fundamental difference from other family tracking services. We never monetize your location data.

4.1 Specific Retention Periods

4.2 Automatic Deletion

Our systems automatically delete location history after 30 days. No action required from you.

4.3 Deletion Upon Request

You can request deletion of all your data at any time. We'll process your request within:

• California (CCPA): 45 days
• European Union (GDPR): 30 days
• Brazil (LGPD): 15 days

4.4 Inactive Account

If your account remains inactive for 24 months, we'll notify you before deleting your data.

5.1 Encryption

• In transit: All communication uses TLS 1.3 (the most secure standard available).
• At rest: Your location data is stored encrypted with AES-256.
• Passwords: Hashed with bcrypt, never stored in plain text.

5.2 Access Controls

• Two-factor authentication (2FA) available for all accounts.
• Sessions expire automatically after inactivity.
• Login notifications from new devices.
• Account lockout after failed attempts.

5.3 Infrastructure

• Servers in SOC 2 Type II certified data centers.
• 24/7 security monitoring.
• Encrypted backups.
• No data access without documented authorization.

5.4 Breach Notification

In case of a security breach affecting your data:

• Arizona: Notification within 45 days.
• California: Notification within 30 days.
• Florida/Connecticut (if includes location): Notification within 30-60 days.

We'll inform you what data was affected and what steps to take to protect yourself.

Depending on your location, you have different rights over your data. We respect the broadest rights for all our users, regardless of location.

6.1 Rights by Jurisdiction

6.2 Right to Limit Use of Sensitive Information (CPRA)

6.3 Global Privacy Control (GPC)

We respect the Global Privacy Control (GPC) signal from your browser. If your browser sends a GPC signal, we automatically:

• Won't share your data with third parties for advertising (though we already don't).
• Treat the signal as an opt-out request under CCPA.

GPC is mandatory in 12+ U.S. states. Learn more at globalprivacycontrol.org.

6.4 How to Exercise Your Rights

You can exercise any privacy right:

1. From the app: Go to Settings → Privacy → My Data.
2. By email: Write to legal@algoritmos.io
3. By mail: Efficient AI Algorithms, Maricopa County, Arizona, USA

We'll verify your identity before processing sensitive requests, using the email associated with your account.

6.5 Authorized Agents

You may designate an authorized agent to exercise rights on your behalf. The agent must provide:

• Written authorization signed by you, or
• Valid power of attorney

ProtectTrack complies with the U.S. Children's Online Privacy Protection Act (COPPA), including the 2025 amendments effective April 22, 2026.

7.1 Verifiable Parental Consent (VPC)

Before a parent can activate monitoring of a child under 13, we require verifiable parental consent using one of these FTC-approved methods:

• Credit card verification: A small charge during subscription.
• Identity verification: Government ID with photo comparison.
• "Text plus" verification: Text message plus additional confirmatory step.

7.2 Information We Collect from Children

For devices of children under 13, we only collect:

• GPS location (primary purpose of the service)
• Name or nickname (assigned by parent)
• Device identifier

We DO NOT collect email, phone, or other personal data directly from children.

7.3 Parental Rights

Parents can at any time:

• ✅ Review their child's location data
• ✅ Delete their child's data
• ✅ Revoke consent and deactivate monitoring
• ✅ Refuse to allow future collection

7.4 We Don't Share Children's Data with Third Parties

7.5 Retention and Deletion

Children's data is deleted:

• Automatically after 30 days (location history)
• Immediately if parent revokes consent
• When the child turns 13 (parent decides whether to continue)

7.6 Teenagers (13-17 years)

For teenagers between 13 and 17 years old:

• 13-15 years: Parents maintain control, but the teenager receives visible notification that they're being monitored.
• 16-17 years: The teenager can request to limit certain features, with notification to parent.

ProtectTrack serves different groups of monitored individuals, each with special considerations.

8.1 Elderly Adults with Alzheimer's or Dementia

Monitoring people with cognitive conditions requires special ethical considerations:

• Advance consent: We recommend the monitoring decision be made while the person still has decision-making capacity.
• Legal representative: If the person cannot consent, we require documentation of:
• Court-appointed guardianship, or
• Power of attorney for healthcare decisions
• Dignity: Monitoring should be as minimally invasive as possible while fulfilling its safety purpose.

8.2 Employees (Business Use)

For fleet and field team monitoring:

• Required notification: Employees must be informed in writing before activating monitoring.
• Consent: We require explicit consent for employee personal devices.
• Work hours: We recommend monitoring be automatically suspended outside work hours.
• Company vehicles: Monitoring company vehicles is generally legal with proper notification.

8.3 Rights of All Monitored Individuals

Every monitored adult has the right to:

• Know they're being monitored (visible indicator required)
• Access their own location data
• Request a copy of their data
• Request deletion of their data

9.1 Layers of Consent

We implement a three-layer consent model:

1. Account creation: Acceptance of Terms of Service and this Privacy Policy.
2. Location activation: Explicit operating system permission to access GPS.
3. Group sharing: Specific authorization of who can see your location.

9.2 Device Permissions

ProtectTrack requests these permissions, each with its purpose:

• Location (always): Required for continuous monitoring. You can choose "only while using the app" for less frequency.
• Notifications: For geofence and SOS alerts. You can disable them.
• Background: For monitoring to work when the app is closed.

9.3 How to Withdraw Consent

You can withdraw your consent at any time:

• Pause monitoring: From the app, without deleting your account.
• Revoke permissions: From your device settings.
• Delete account: Permanently deletes all your data.

9.4 Available Controls

We recognize that family tracking apps can be misused for unwanted surveillance or domestic violence. We take this very seriously.

10.1 Visible Tracking Indicator

Every monitored device displays a permanent, non-hideable indicator that tracking is active. This is mandatory and cannot be disabled by the administrator.

10.2 Independent Exit for Adults

Any monitored adult can:

• Pause their own monitoring at any time
• Leave a family group without administrator approval
• Delete their data independently

The administrator will receive a notification, but cannot prevent these actions.

10.3 Help Resources

10.4 Report Abuse

If you suspect ProtectTrack is being used to harass or control someone:

• Confidential email: legal@algoritmos.io
• We'll investigate and may suspend accounts that violate our policies
• We cooperate with authorities when there's evidence of crime

10.5 Proactive Detection

We monitor for patterns that could indicate abusive use, such as:

• Attempts to hide that tracking is active
• Monitoring adults without their apparent knowledge
• Coercive control patterns

11.1 Server Location

Our primary servers are located in the United States. If you access ProtectTrack from outside the U.S., your data will be transferred to the U.S.

11.2 Safeguards for EU Users

For users in the European Economic Area (EEA), United Kingdom, and Switzerland:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission.
• We implement supplementary technical measures, including end-to-end encryption.
• Your GDPR rights are respected regardless of where data is processed.

11.3 Safeguards for Brazilian Users

For Brazilian users protected by LGPD:

• Transfers based on explicit consent or standard contractual clauses.
• You have the right to request information about who we share your data with internationally.

11.4 Equivalent Privacy

Regardless of where you live, we grant you the same privacy rights that the most protective laws (GDPR and LGPD) guarantee their citizens.

12.1 How We'll Notify You

If we make material changes to this policy:

• We'll send you an email at least 30 days in advance
• We'll display a prominent notice in the app
• We'll update the "last updated" date at the top

12.2 Material Changes

We consider "material changes" to be:

• New categories of data we collect
• New purposes for using your data
• Changes in who we share data with
• Changes to your privacy rights
• Changes in retention periods

12.3 Your Consent for Changes

If changes affect how we use data we've already collected, we'll require your explicit consent before applying changes to your existing data.

12.4 Version History

• Version 1.0 (February 2026): Initial version