Privacy Policy

GLOBEIR ("we", "us", "our", or "the Company") is committed to protecting the privacy and personal data of our clients, users, and survey respondents. This Privacy Policy explains how we collect, process, store, share, and safeguard information when you use our websites, mobile applications, geotagging tools, location-tracking services, and survey platforms (collectively, the "Services").

By using our Services, you consent to the practices described in this Policy. This Policy is compliant with:

• India's Digital Personal Data Protection Act, 2023 (DPDP Act)
• The EU General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act (CCPA)
• Google Play Store Developer Program Policies (including Location Permissions and Data Safety requirements)
• Apple App Store App Privacy guidelines

2.1 Information You Provide Directly

• Name, email address, phone number, and organization
• Account credentials (encrypted passwords)
• Survey responses and field-collected data
• Communications you send to our support team

2.2 Location Data SENSITIVE / PERSONAL

Our location-tracking and geotagging applications (including but not limited to GLOBEIR Survey, GLOBEIR Tracker, and any GLOBEIR-published Android/iOS application) collect precise location data as defined under Google Play's Location Permissions policy.

What we collect:

• Precise location: GPS coordinates accurate to within ~3 metres (latitude, longitude, altitude, horizontal & vertical accuracy)
• Movement metadata: bearing/heading, speed, and timestamp of each fix
• Approximate location: coarse location derived from network/Wi-Fi (used only when GPS is unavailable)

Why we collect it:

• To geotag survey responses, photos, and field observations to a specific point on the map
• To record the route a field worker travels during a survey or asset-inspection task
• To enable real-time location sharing with the supervisor/organization that deployed the worker (only when your organization has enabled this feature)
• To provide proof-of-presence for audit, compliance, and quality-control purposes for our enterprise/government clients

Foreground vs. Background collection:

• Foreground location (app open and visible): collected only while you are actively running a survey session or geotagging task. The app shows a persistent on-screen indicator while location is being read.
• Background location (app closed or in background): collected only if (a) you have explicitly enabled the “Continuous Tracking” or “Field-Worker Check-In” mode AND (b) you have granted the ACCESS_BACKGROUND_LOCATION permission via the in-app prominent disclosure prompt. A persistent foreground notification with a map-pin icon is displayed throughout any background-collection session so you always know when the app is reading your location.

Frequency of collection:

• Foreground (active survey): typically one location fix every 5–10 seconds, or when a user manually taps “Capture Point”
• Background (continuous tracking): typically one location fix every 30–60 seconds, or once every 25–50 metres of displacement, whichever comes first
• Geofence events: a single fix when entering or leaving a pre-defined survey area
• Frequency may be reduced automatically to preserve battery (adaptive sampling)

Prominent in-app disclosure (required by Google Play):

Before requesting ACCESS_FINE_LOCATION or ACCESS_BACKGROUND_LOCATION, our app shows a full-screen disclosure stating exactly:

You can decline, grant only foreground access, or grant background access. Location-dependent features will be limited or disabled accordingly.

Revoking permission:

You may revoke location permission at any time via:

• Android: Settings → Apps → [GLOBEIR App] → Permissions → Location → Deny / Allow only while using app
• iOS: Settings → Privacy & Security → Location Services → [GLOBEIR App] → Never / While Using
• In-app: App Settings → Location & Tracking → toggle OFF

Revocation stops future collection immediately. Previously collected data is retained per the schedule in Section 6 unless you submit a deletion request (Section 7).

2.3 Device & Technical Information

• Device model, OS version, unique device identifiers (Android Advertising ID where applicable)
• IP address, language preference, time zone
• App version, crash reports, and performance diagnostics
• Network connection type (Wi-Fi, mobile data)

2.4 Photographs & Media (if enabled)

If your survey workflow captures photos, our app accesses your camera/storage only when you actively initiate a capture. EXIF metadata (including timestamp and location) may be embedded for geotagging.

2.5 What We Do NOT Collect

• We do not collect contacts, SMS, call logs, or browsing history.
• We do not access your microphone unless explicitly required by a feature you enable.
• We do not collect biometric data.

We use collected data for the following legitimate purposes only:

• To deliver the survey, mapping, or location-tracking service you signed up for
• To geotag survey responses and synchronize field data to your organization's dashboard
• To authenticate you and secure your account
• To provide customer support and respond to inquiries
• To improve app performance through anonymized analytics
• To comply with legal obligations and respond to lawful requests
• To detect and prevent fraud, abuse, or security incidents

We do not use your data for advertising, profiling, or sale to data brokers.

We share personal data — including location data — only in the limited, named circumstances below. We never sell, rent, or trade your data, and we do not share location data with advertising networks, data brokers, or analytics providers for advertising purposes.

4.1 Recipients of your data:

• Your organization: If you use a GLOBEIR app as an employee or field worker for a deploying organization, your survey responses, geotagged points, route logs, and check-in events are visible to your organization's admin dashboard.
• Service providers (data processors): The following named third-party services may process your data on our behalf under signed Data Processing Agreements:
  • Amazon Web Services (AWS) — cloud hosting, data storage (Mumbai region)
  • Google Cloud Platform — backup hosting, Firebase Authentication
  • Google Firebase Crashlytics — crash reporting (anonymized, no precise location attached)
  • Google Maps Platform — map tile rendering and reverse geocoding (location is sent to Google only to convert coordinates to a place name)
  • Mapbox — alternative map tile rendering (where used)
  • Sentry — error monitoring (no precise location attached)
• Legal compliance: Government authorities, regulators, or law enforcement when required by valid Indian law, court order, or to protect the rights, property, or safety of GLOBEIR, our users, or the public.
• Business transfers: A successor entity in the event of a merger, acquisition, restructuring, or asset sale. You will be notified at least 30 days before any such transfer, and your data will continue to be protected under this Policy.

4.2 What we do NOT do:

• We do not sell your personal data to data brokers or any commercial buyer.
• We do not share precise location with advertising networks (AdMob, Meta, etc.).
• We do not use precise location to build advertising profiles.
• We do not share data with social media platforms for targeting.

We implement industry-standard technical and organizational safeguards to protect your data:

• Encryption in transit: TLS 1.2 or higher for all client-server communication
• Encryption at rest: AES-256 encryption for stored data on our servers
• Access controls: Role-based access; only authorized personnel can access raw data
• Audit logs: All data access is logged and monitored
• Secure hosting: Data is hosted on ISO 27001 / SOC 2-certified cloud infrastructure
• Regular security audits: Annual third-party security assessments and penetration testing
• Incident response: Documented breach-notification procedures (notification within 72 hours where required by law)

Data is primarily stored on servers located in India. Where data is transferred internationally, we use Standard Contractual Clauses and equivalent safeguards.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods:

• Account data (name, email, credentials): retained for as long as your account is active. Deleted within 30 days of account closure or deletion request.
• Precise location logs (raw GPS fixes): retained for the duration of the active project/survey, then either:
  • handed over to your organization (raw export) and deleted from our servers within 90 days of project closure, OR
  • deleted within 180 days if no organization-level retention policy applies, whichever comes first
• Geotagged survey responses & photos: retained per your organization's data-retention policy (typically 1–7 years for compliance / audit purposes). Default fallback: 2 years from collection date.
• Aggregated / anonymized location summaries (e.g., heat maps, route statistics with all PII stripped): may be retained indefinitely for research and product improvement.
• Crash logs & diagnostics: retained for 90 days, then anonymized or deleted.
• Encrypted backups: retained for up to 90 days for disaster recovery, then automatically purged.
• Legal hold: Data may be retained longer if required by valid law, regulation, court order, or active legal proceedings — only for the period required, and then deleted.

You may request earlier deletion at any time via the procedure in Section 7 below.

7.1 Your statutory rights

Under the DPDP Act 2023, GDPR, CCPA, and Google Play Data Safety requirements, you have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and all associated personal data (“right to be forgotten”)
• Restrict or object to certain processing
• Port your data to another service in a machine-readable format (JSON / CSV)
• Withdraw consent for location collection or any other processing at any time
• Opt out of any non-essential data collection
• Lodge a complaint with India's Data Protection Board or your local supervisory authority

7.2 Account & data deletion procedure

You can request deletion of your account and all associated personal data through any of the following channels. We confirm receipt within 72 hours and complete deletion within 30 days.

Option A — In-app deletion (fastest):

1. Open the GLOBEIR app
2. Go to Settings → Account
3. Tap “Delete My Account”
4. Confirm by entering your password
5. Your account, profile, location history, photos, and survey data are queued for deletion
6. Deletion is completed within 30 days; you receive a confirmation email

Option B — Web request form:

Visit www.globeir.com/contact → select “Data Deletion Request” → enter your registered email and details. We will verify your identity and process within 30 days.

Option C — Email request:

Send an email to privacy@globeir.com from your registered email address with the subject line “Data Deletion Request”. Include:

• Your full name
• The email address linked to your account
• The app name (e.g., GLOBEIR Survey)
• Whether you want partial deletion (e.g., only location history) or full account deletion

7.3 What gets deleted

• Your user account, profile, and authentication credentials
• All precise location logs and historical GPS data tied to your account
• Geotagged photos and survey responses you authored (unless your organization has a legal/contractual retention obligation, in which case the data is anonymized — your name and identifiers are removed but the geotagged record is retained)
• Crash logs, diagnostic data, and device identifiers
• Communication records with our support team

7.4 What may be retained (and why)

• Anonymized aggregated data (no longer personal data — cannot be linked back to you)
• Records required by law (e.g., financial transaction records under Indian tax law: 7 years)
• Backup data in encrypted backups for up to 90 days, then permanently purged
• Survey data your organization has independent ownership of — you must contact your deploying organization directly to request deletion of records they own

For all rights-related requests, email privacy@globeir.com. We respond within 30 days as required by the DPDP Act and GDPR.

Our Services are not directed at children under 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected data from a child, we will delete it promptly. Parents/guardians may contact us to request review or deletion of any such data.

Our mobile applications integrate the following third-party Software Development Kits (SDKs). Each operates under its own privacy policy. Click any link to review:

• Google Firebase (Authentication, Crashlytics, Cloud Messaging) — Privacy Policy
• Google Maps SDK (map rendering, geocoding) — Privacy Policy
• Mapbox SDK (alternative map rendering) — Privacy Policy
• Amazon Web Services (AWS) SDK (cloud sync, S3 storage) — Privacy Policy
• Sentry / Crashlytics (error monitoring — anonymized, no precise location attached)

We disable advertising identifiers, do not enable personalized ads in any analytics configuration, and have configured Firebase to not collect Android Advertising ID (AAID). We do not include any advertising-network SDKs (AdMob, Meta Audience Network, Unity Ads, etc.) in apps that collect location data.

Our website uses essential cookies for authentication and session management. We do not use third-party advertising cookies. You can disable cookies in your browser settings, though some site features may not function correctly.

We may update this Policy from time to time. Material changes will be communicated via in-app notification, email, or a prominent notice on our website at least 30 days before taking effect. Continued use of our Services after the effective date constitutes acceptance.

For any privacy-related questions, concerns, or requests, contact our Data Protection Officer: