Privacy Policy

Effective Date: November 20, 2024

Last Updated: November 20, 2024

1. Introduction

Welcome to C-LAP (Community-Led Action Platform). This privacy policy explains how we collect, use, store, and protect your personal information when you use our mobile application and services. C-LAP is a multi-tenant survey platform designed for government field data collection operations.

By using C-LAP, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

Phone Number: Used for OTP-based authentication via Firebase
User Profile: Name, role (admin, enumerator, client), and organization/tenant information
Device Information: Device ID for one-device policy enforcement for enumerators

2.2 Location Data

GPS Coordinates: Collected when you capture geo-tagged photos during surveys
Location Permissions: Required for geo-tagging functionality

2.3 Media Content

Photos/Images: Captured during survey data collection
Camera Access: Required for survey photo capture
Photo Library: Access for uploading existing images

2.4 Survey Data

Survey Responses: Form data, multiple-choice answers, text responses, and numeric data
Question Instances: Individual responses to survey questions
Metadata: Timestamps, submission status, and sync information

2.5 Technical Data

App Usage: Features used, offline sync operations
Log Data: Error logs and debugging information
Network Information: Connection status for offline-first functionality

3. How We Use Your Information

We use the collected information for the following purposes:

Authentication: Verify user identity through OTP verification
Survey Operations: Enable field data collection and survey management
Data Isolation: Maintain multi-tenant architecture with separate data per organization/state
Offline Functionality: Support offline-first capabilities with background synchronization
Security: Enforce one-device policy for enumerators and role-based access control
Service Improvement: Analyze usage patterns to enhance app functionality
Communication: Send important updates about surveys and system status

4. Data Storage and Security

4.1 Storage Locations

Cloud Storage: Primary data stored on secure Heroku-hosted PostgreSQL databases
Local Storage: Offline data temporarily stored on device using SQLite
Media Storage: Photos and images stored securely with appropriate access controls

4.2 Security Measures

End-to-end encryption for data transmission
Secure JWT token-based authentication
Firebase Authentication for OTP verification
Role-based access control (RBAC)
Database-level tenant isolation
Regular security audits and updates

4.3 Data Retention

We retain your data as follows:

Survey Data: Retained as required by government regulations and organizational policies, or until deleted by authorized administrators
User Accounts: Active until account deletion is requested or the tenant terminates service
Device Data: Maintained while the user is actively using the application
Local Offline Data: Automatically deleted after successful synchronization with the server

5. Third-Party Services

We use the following third-party services that may collect information:

5.1 Firebase (Google)

Purpose: User authentication via OTP
Data Shared: Phone numbers for authentication
Privacy Policy: Firebase Privacy Policy

5.2 Heroku (Salesforce)

Purpose: Backend API hosting and database management
Data Shared: All application data stored on Heroku infrastructure
Privacy Policy: Heroku Privacy Policy

5.3 Netlify

Purpose: Web application hosting
Data Shared: Web application assets and user access logs
Privacy Policy: Netlify Privacy Policy

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

Within Your Organization: Data is shared with authorized users within your tenant/organization based on role permissions
Government Authorities: When required by law, regulation, or valid legal process
Service Providers: With trusted third-party services (listed in Section 5) necessary for app functionality
Business Transfer: In the event of a merger, acquisition, or sale of assets (users will be notified)

7. Your Rights and Choices

You have the following rights regarding your personal data:

Access: Request access to your personal data stored in the system
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
Data Portability: Request export of your survey data in a structured format
Withdrawal of Consent: Revoke permissions for location, camera, or photo library access (may limit functionality)
Opt-out: Decline optional data collection features

To exercise these rights, please contact us at clap.nitc@gmail.com.

8. Children's Privacy

C-LAP is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. Permissions Required

The app requires the following device permissions:

Location (Always/When in Use): For geo-tagging survey photos with GPS coordinates
Camera: To capture photos during survey data collection
Photo Library: To upload existing images for surveys
Background Fetch: For offline data synchronization
Network Access: To sync data with the server

You can manage these permissions in your device settings. Note that disabling certain permissions may limit app functionality.

10. International Data Transfers

Your data may be transferred to and maintained on servers located outside your country of residence. By using C-LAP, you consent to the transfer of your information to countries that may have different data protection laws than your country.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Posting the new privacy policy in the app
Updating the "Last Updated" date at the top of this policy
Sending notifications through the app or email for material changes

Your continued use of C-LAP after changes are posted constitutes acceptance of the updated policy.

12. Government App Compliance

C-LAP is designed for government field data collection operations. We comply with applicable government data protection regulations and requirements for handling sensitive survey data. Data collected through C-LAP is subject to the data governance policies of the respective government organizations and tenants using the platform.

13. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: clap.nitc@gmail.com

Application Name: C-LAP (Community-Led Action Platform)

Website: c-lap.netlify.app

Backend API: clap-c41a95560890.herokuapp.com

14. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

Consent: You have given clear consent for specific processing purposes
Contractual Necessity: Processing is necessary to provide the survey services you requested
Legal Obligation: Processing is required to comply with legal obligations
Legitimate Interests: Processing is necessary for our legitimate interests in providing and improving services

15. Cookies and Tracking

The mobile app does not use cookies. However, our web application may use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.