ASAP Safety ← Back to site

Legal

Privacy Policy

Last updated: April 22, 2026

Beta Testing Notice

This version of ASAP Safety is currently in a closed beta testing phase. Access is limited to invited testers only. By participating in the beta, you explicitly agree to this Privacy Policy and the separate Beta Tester Agreement. Data collected during the beta may be used to improve the application prior to public release. You may withdraw from the beta at any time by contacting us at contact@asapsafety.nl.

Internal note (remove before public launch):

This document has been drafted to reflect GDPR compliance requirements and reduce legal risk during the beta phase. It must be reviewed by a qualified legal professional (tech/privacy law) before public App Store launch. Recommended: consult a Dutch privacy attorney or register with a DPO service.

Contents

01Who We Are 02Data We Collect 03Legal Basis for Processing 04How We Use Your Data 05How We Store Your Data 06Third-Party Processors 07Data Sharing 08Data Retention 09Your Rights (GDPR) 10Automated Decision-Making 11Children's Privacy 12Data Breach Procedure 13Deleting Your Account 14Changes to This Policy 15Contact & Complaints

ASAP Safety ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use the ASAP Safety mobile application (iOS & Android). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Dutch UAVG (Uitvoeringswet AVG).

01

Who We Are

ASAP Safety is a personal safety app founded by Yeline Hoogmans. The app helps users, especially women, feel safe by sharing their location with trusted contacts and triggering emergency alerts when needed.

For the purposes of GDPR, ASAP Safety acts as the Data Controller for all personal data processed through the application.

  • Operating name: ASAP Safety
  • Legal entity: ASAP Safety B.V. (in oprichting) — to be registered with the Dutch Chamber of Commerce (KvK)
  • Country of establishment: The Netherlands
  • Email: contact@asapsafety.nl
  • Website: asapsafety.nl

02

Data We Collect

We apply the principle of data minimisation: we only collect data that is strictly necessary to provide the app's safety features.

Account & Profile

  • Phone number — used for authentication via Firebase Phone Auth
  • Name and username — used to set up your profile and identify you to trusted contacts
  • Email address — used for account management and notifications
  • Gender — optional, used only for in-app personalisation; never shared with third parties

Location Data (Sensitive)

  • GPS location (precise) — collected only while an active SOS session or Check-In is running. We do not track your location in the background outside of these active sessions.
  • Location data is never stored permanently. It is transmitted in real-time to your Safety Circle only and is deleted immediately when the session ends.
Location consent: Before activating any location-based feature, you will be shown an explicit in-app consent prompt explaining exactly what data is shared, with whom, and for how long. You can revoke this consent at any time by ending the session or disabling location permissions in your device settings.

Contacts & Safety Circle

  • Contacts you add manually — we store only the phone number and/or username of contacts you explicitly invite to your Safety Circle. We do not access or scan your device's phonebook.
  • Invited contacts are notified when added and can refuse or remove themselves from your Safety Circle at any time.
Note on third-party contacts: When you add a contact to your Safety Circle, that person's phone number is stored in our system. Our legal basis for this is our legitimate interest in providing the core safety functionality. Contacts are informed of this upon receiving an invitation and may request deletion of their data by contacting us directly.

Push Notifications

  • Device push token (FCM) — stored to deliver SOS alerts, check-in updates, and contact requests

App Usage Analytics

  • Firebase Analytics — anonymised usage events (e.g., "SOS started") to help us improve the app. No personally identifiable information is linked to these events.
  • During the beta phase, additional anonymised crash logs and performance data may be collected to identify and fix issues.

03

Legal Basis for Processing

Under GDPR Article 13, we are required to inform you of the legal basis for each processing activity. The table below sets out our legal bases:

Processing Activity Data Used Legal Basis (GDPR Art. 6)
Creating and managing your accountPhone number, name, emailArt. 6(1)(b) — Contract
Necessary to provide the service
Sharing live location during SOS / Check-inGPS location (real-time)Art. 6(1)(a) — Consent
Explicit in-app consent per session
Storing Safety Circle contactsPhone number, usernameArt. 6(1)(b) — Contract
Core feature of the service
Sending push notificationsDevice push tokenArt. 6(1)(a) — Consent
Via device permission prompt
Anonymised analytics to improve the appAnonymised usage eventsArt. 6(1)(f) — Legitimate Interest
Improving app safety features
Storing third-party contact data (Safety Circle members)Phone number of invited contactsArt. 6(1)(f) — Legitimate Interest
Core safety functionality; contacts are notified
Responding to legal requestsAccount data as requiredArt. 6(1)(c) — Legal Obligation
Beta testing crash logs and performance dataAnonymised technical logsArt. 6(1)(f) — Legitimate Interest
Ensuring app stability and safety

Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Where we rely on legitimate interest, you have the right to object. We have conducted a balancing test in each case and determined that our interests do not override your fundamental rights.

04

How We Use Your Data

We use your personal data solely for the purposes described below. We do not use your data for advertising, profiling, or any purpose unrelated to app functionality.

PurposeData Used
Authenticate your accountPhone number
Display your profile to trusted contactsName, username, profile photo
Share your location during SOS / Check-In (active sessions only)GPS location
Send safety alerts and notificationsPush token, contact list
Improve the app and fix bugsAnonymised analytics and crash logs
Comply with legal obligationsAccount data as required by law

05

How We Store Your Data

All data is stored in Google Firebase (Firestore), with servers located in europe-west1 (Belgium). This means all data remains within the European Economic Area (EEA) and is subject to EU data protection law.

We apply Firebase Security Rules so that users can only access their own data and the data of contacts they have an active trusted relationship with.

Security Measures

  • All data is encrypted in transit using TLS 1.2 or higher
  • All data is encrypted at rest using AES-256 encryption (provided by Google Firebase)
  • Authentication is enforced via Firebase Phone Auth with rate limiting
  • Access to production data is restricted to authorised personnel only
  • Location data is transmitted in real-time and is never written to persistent storage
Data minimisation in practice: Real-time location is streamed directly between devices during active sessions only. It is never stored in our database. When a session ends, location data is immediately discarded.

06

Third-Party Processors & Data Processing Agreements

We engage the following third-party processors to operate our service. Each processor has been selected for GDPR compliance, and we have entered into (or rely on) a Data Processing Agreement (DPA) with each party as required under GDPR Article 28.

ProcessorPurposeData SharedDPA / Reference
Google Firebase (Google LLC)Database, authentication, push notifications, analyticsAccount data, push tokens, anonymised eventsGoogle DPA
Apple (TestFlight)Beta distribution (iOS)Email address of beta testersApple Privacy Policy
Google Play (Internal Testing)Beta distribution (Android)Google account of beta testersGoogle Privacy Policy

We do not sell, rent, or otherwise transfer personal data to any other third parties. We will update this section if additional processors are engaged.

Standard Contractual Clauses (SCCs): Google LLC is a US-based company. Data transfers to Google are governed by the EU Standard Contractual Clauses and Google's adherence to the EU-US Data Privacy Framework, ensuring an adequate level of protection for your data.

07

Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

  • With your trusted contacts — when you start an SOS session or check-in, your name and real-time location are shared with the contacts in your Safety Circle, and only for the duration of the session
  • With Google (Firebase / FCM) — for authentication, database storage, and push notifications, as described above
  • If required by law — we may disclose data if required by applicable law, court order, or legal process. Where permitted, we will notify you before disclosing your data
  • In the event of a business transfer — if ASAP Safety is acquired or merges with another entity, your data may be transferred as part of that transaction. You will be notified in advance and given the opportunity to delete your account

08

Data Retention

We retain personal data only for as long as necessary to provide the service or as required by law.

Data TypeRetention PeriodReason
Account data (name, phone, email)Until account deletion, then deleted within 30 daysService provision
Real-time location dataNot stored — discarded immediately after session endsData minimisation
SOS session historyStored in your account until you delete it or your accountUser reference
Check-in historyStored in your account until you delete it or your accountUser reference
Push tokensUntil account deletion or token refreshNotification delivery
Anonymised analyticsUp to 14 months (Google Analytics standard)App improvement
Beta test logs (crash/performance)Deleted within 90 days of beta phase endBug fixing
Safety Circle contact dataUntil removed from circle or account deletedService provision

When you delete your account, all personal data associated with your account is permanently removed from our systems within 30 days, except where retention is required by law.

09

Your Rights (GDPR)

If you are located in the European Union or EEA, you have the following rights under GDPR. We will respond to all requests within 30 days.

Right of Access (Art. 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your account and all associated data.

Right to Restriction (Art. 18)

Request that we restrict processing of your data in certain circumstances.

Right to Data Portability (Art. 20)

Receive your data in a machine-readable format (JSON or CSV).

Right to Object (Art. 21)

Object to processing based on legitimate interest at any time.

Right to Withdraw Consent

Withdraw consent for location sharing or push notifications at any time via device settings.

Right to Lodge a Complaint

File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise any of these rights, contact us at contact@asapsafety.nl. We may ask you to verify your identity before processing your request.

Autoriteit Persoonsgegevens (Dutch DPA): You have the right to lodge a complaint with the Dutch supervisory authority at any time.
Website: autoriteitpersoonsgegevens.nl · Tel: 0900-2001201

10

Automated Decision-Making & Profiling

ASAP Safety does not engage in any automated decision-making or profiling as defined under GDPR Article 22. No decisions that produce legal or similarly significant effects are made about you solely on the basis of automated processing.

We do not use your data to build behavioural profiles, target advertising, or make inferences about your characteristics, preferences, or behaviour beyond what is strictly necessary to provide the safety features of the app.

11

Children's Privacy

ASAP Safety is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13.

Age verification during beta: All beta testers are required to confirm they are 13 years of age or older during the registration process. Invited testers are screened before being granted access.

If you believe a child under 13 has provided us with personal information without parental consent, please contact us immediately at contact@asapsafety.nl. We will promptly delete the relevant data.

For users between the ages of 13 and 16 who are located in the Netherlands or other EEA member states where a higher minimum age applies, parental or guardian consent may be required. Please contact us if you have questions about this.

12

Data Breach Procedure

We take data security seriously. In the event of a personal data breach, we will follow the procedure below in accordance with GDPR Articles 33 and 34:

  1. Detection & containment: We will immediately contain the breach and assess its scope and severity.
  2. Notification to the AP: If the breach is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of the breach.
  3. Notification to you: If the breach is likely to result in a high risk to your rights and freedoms (e.g., exposure of location data or contact information), we will notify you directly without undue delay via email or in-app notification.
  4. Documentation: All breaches, regardless of severity, will be documented internally in our breach register.

To report a potential security vulnerability, contact us at contact@asapsafety.nl.

13

Deleting Your Account

You can delete your account directly from the app. Please see our How to Delete Your Account page for step-by-step instructions.

Upon deletion:

  • All personal data associated with your account will be permanently deleted within 30 days
  • Your phone number will be removed from the Safety Circles of any contacts who have added you
  • Anonymised analytics data (which cannot be linked back to you) may be retained
  • Any legal holds or retention obligations will be communicated to you at the time of your request

14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via in-app notification or email at least 14 days before the changes take effect
  • Where changes require new consent, prompt you to provide it before continuing to use the app

Continued use of the app after the effective date constitutes acceptance of the updated policy.

15

Contact & Complaints

If you have questions about this Privacy Policy, or wish to exercise any of your rights, please contact us:

ASAP Safety

Email: contact@asapsafety.nl

Website: asapsafety.nl

Response time: within 30 days for all GDPR requests.

You also have the right to lodge a complaint directly with the Dutch Data Protection Authority:
autoriteitpersoonsgegevens.nl · 0900-2001201