Privacy Policy
INeedHelp Privacy Policy
This Privacy Policy explains how INeedHelp collects, uses, stores, shares, and deletes personal data when you use the INeedHelp mobile applications, websites, APIs, and related services (collectively, the "Service").
Please read this Privacy Policy together with our Terms of Service.
1. Who we are
For the purposes of applicable data protection law, including the General Data Protection Regulation (GDPR), the controller of your personal data is:
Siarhei Kananovich
ul. Grudziądzka 12, lok. 8
80-414 Gdańsk, Poland
Email: ineedhelpkonon@gmail.com
Phone: +48 518 161 165
2. What data we collect
Depending on how you use the Service, we may collect the following categories of personal data:
- Account data, such as your email address, username, profile name, and account status.
- Authentication and security data, such as password hashes, verification codes, sign-in events, refresh tokens, failed login attempts, and security logs.
- Profile and group data, such as your role, group memberships, invitations, owner/member status, and related settings.
- Incident and communication data, such as incident descriptions, incident status, messages, comments, acknowledgements, delivery status, and other content you submit.
- Location data, such as your last known location, incident coordinates, and geolocation-based routing data, but only where location services are enabled and permission is granted by you.
- Attachments and media, such as photos, audio, video, or documents you upload or send through the Service, if such functionality is enabled.
- Technical and device data, such as push notification tokens, app version, device type, operating system, IP address, timestamps, API logs, MQTT session metadata, and diagnostic logs.
- Support and correspondence data, such as emails and other communications you send to us.
3. Data we do not intentionally collect
We do not intentionally collect personal data that is not reasonably necessary for the current functionality of the Service. We do not sell your personal data.
4. Why we process your data
We process personal data for the following purposes:
- to create and manage user accounts;
- to authenticate users and secure the Service;
- to send login verification codes, password reset emails, and account-related notifications;
- to create, route, deliver, and manage incidents and assistance requests;
- to provide geolocation-based matching, nearby awareness, and notification features;
- to support groups, invitations, assignments, and realtime communication;
- to operate, maintain, monitor, troubleshoot, and improve the Service;
- to prevent abuse, spam, fraud, unauthorized access, and misuse of the Service;
- to comply with legal, tax, accounting, and regulatory obligations;
- to respond to your requests, complaints, and support inquiries.
5. Legal bases for processing
Where the GDPR or similar laws apply, we process your personal data on one or more of the following legal bases:
- Performance of a contract — where processing is necessary to provide the Service, create and manage your account, enable core app features, and respond to your requests.
- Legitimate interests — where processing is necessary to secure, maintain, monitor, improve, and administer the Service, prevent abuse, and defend legal claims, provided that such interests are not overridden by your rights.
- Consent — where required by law or platform rules, including for certain permissions or optional features such as device location, camera, microphone, or notifications.
- Legal obligation — where processing is necessary to comply with applicable laws, lawful requests, court orders, tax obligations, accounting requirements, or law enforcement requests.
6. Location data
Location data is especially important to the Service. We process location data only when location functionality is enabled by you and your device permission has been granted.
You can disable location permissions at any time in your device settings. If you do, location-dependent features may be limited or unavailable.
Location data may be used to create incidents, notify relevant users, match nearby responders, and display or process location-based events.
7. Who we share data with
We may share personal data only where necessary with the following categories of recipients:
- Infrastructure and hosting providers, such as hosting, database, caching, and networking providers.
- Email and notification providers, such as providers used to send verification emails, security messages, and app notifications.
- Push, messaging, and realtime providers, where relevant for delivery of notifications and realtime events.
- Map, geolocation, and geocoding providers, where such services are used.
- Administrative or operational users, coordinators, or authorized group members, only to the extent necessary for the Service to function.
- Professional advisers and authorities, including lawyers, accountants, regulators, courts, or law enforcement where legally required or reasonably necessary.
We do not sell personal data to third parties for advertising or data-broker purposes.
8. International data transfers
We are based in Poland. Depending on the technical services used to operate the Service, some personal data may be processed outside your country of residence and, in some cases, outside the European Economic Area.
Where required by applicable law, we will rely on appropriate safeguards for such transfers, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
9. Data retention
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Account data is retained while your account remains active and for a reasonable period afterwards where needed for security, legal compliance, fraud prevention, or dispute resolution.
- Incident history may be retained for up to 1 year, or longer where required for legal, security, auditing, or operational reasons, unless deleted earlier under our policies or by a valid deletion request.
- Authentication, security, and technical logs may be retained for a limited period needed to detect abuse, investigate incidents, and maintain service integrity.
- Support correspondence may be retained for as long as reasonably necessary to address your request and document our communications.
10. Account deletion and deletion requests
If your account was created in the app, you may request deletion of your account and associated personal data through the in-app account deletion flow and, where available, through our web-based deletion request method.
Deletion of your account will generally result in deletion or anonymization of associated personal data, except where we are required or permitted to retain certain records for legal, tax, accounting, security, fraud-prevention, audit, or dispute-resolution purposes.
11. How we protect data
We take reasonable technical and organizational measures designed to protect personal data against unauthorized or unlawful access, loss, misuse, alteration, disclosure, or destruction.
These measures may include access controls, authentication protections, encryption in transit where applicable, logging, backups, segregation of services, and security monitoring. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Your rights
Depending on your location and applicable law, you may have the right to:
- request access to your personal data;
- request correction of inaccurate or incomplete data;
- request deletion of your personal data;
- request restriction of processing;
- object to certain processing based on legitimate interests;
- request portability of the data you provided to us, where applicable;
- withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing;
- lodge a complaint with a competent supervisory authority.
To exercise your rights, contact us at ineedhelpkonon@gmail.com.
13. Supervisory authority
If you are in the European Union or your data is otherwise subject to the GDPR, you have the right to lodge a complaint with a supervisory authority. In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (UODO).
14. Whether you must provide data
Some personal data is necessary to create an account, authenticate users, and provide core app functionality. If you do not provide certain data, or if you deny certain device permissions, some parts of the Service may not function properly or may be unavailable.
15. Automated decision-making
We may use rules-based logic and automated processing to route incidents, match nearby users, deliver notifications, or prioritize operational actions. At the date of this Privacy Policy, we do not intentionally make solely automated decisions producing legal effects or similarly significant effects on users within the meaning of Article 22 GDPR.
16. Children
The Service is not intended for use by children where such use would be unlawful without parental or guardian authorization under applicable law. If you believe a child has provided personal data in breach of applicable law, contact us so that we can take appropriate action.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the app, by email, on our website, or by other reasonable means.
The updated version will become effective on the date shown at the top of this page.
18. Contact
If you have questions, requests, or complaints about this Privacy Policy or our data handling practices, contact us at ineedhelpkonon@gmail.com or by phone at +48 518 161 165.