Evidence Chain Privacy Policy

Effective Date: 25-11-2025

1. Introduction

Evidence Chain ("we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our mobile application and services (the "Services").

We are the "Data Controller" for the personal data you provide to us. Our Service is intended for users located in the United Kingdom and other jurisdictions where our app is available, provided the user is 18 years of age or older.

2. Information We Collect

We collect data specifically to create an immutable chain of custody for your evidence.

A. Information You Provide

  • Account Information: Email address and password (hashed) to create your account.
  • Content: The photos and videos you capture using the Services.
  • Support Data: Information you provide when you contact us for support.

B. Information Collected Automatically (Metadata & Device Fingerprinting)

To fulfill the core function of the Service—verifying the authenticity of evidence—we automatically collect the following when you capture Content:

  • Location Data: Precise geolocation (Latitude/Longitude) derived from GPS, Wi-Fi, and cell towers. We only access this when the app is open and being used (Foreground).
  • Temporal Data: Precise UTC date and time stamps.
  • Device Fingerprint: Technical details used to generate a unique hash for the evidence, including device model, operating system version, battery level, and sensor data (e.g., accelerometer readings at the moment of capture).
  • Usage Data: Crash logs and performance data via Google Firebase to help us fix bugs and improve stability.

3. How We Use Your Information

We process your data under the following legal bases:

  • Contractual Necessity: To provide the Service (capturing, hashing, and storing evidence).
  • Legitimate Interests: To prevent fraud, ensure the security of the app, and maintain the integrity of the evidence chain.
  • Consent: You explicitly consent to our access to your Camera, Microphone, and Location services via your device operating system. You can revoke this consent at any time, but the Service will not function without them.

4. Where We Store Your Data (International Transfers)

Our servers and cloud storage providers (AWS) are located in the United States. By using the Services, you acknowledge that your data will be transferred to and processed in the United States. We take appropriate steps to ensure your data is treated securely and in accordance with this Privacy Policy and UK data protection laws (UK GDPR), utilizing standard contractual clauses or adequate safeguards for international data transfers.

5. Data Retention and Deletion

  • Active Accounts: We retain your Content as long as your account has active Credits covering the storage period.
  • Credit Expiry: If your credits expire, we hold your data for a "Grace Period" of [Insert Number, e.g., 30] days to allow you to renew. After this period, the Content is permanently deleted from our servers.
  • User Deletion: You may request the deletion of your account or specific Content at any time. Once verified, we will remove the data from our systems.
  • Note on Shared Links: If you have shared a unique URL with third parties, the link will stop working immediately upon deletion. However, we cannot delete copies that may have been cached by third-party browsers or saved offline by individuals you shared the link with.

6. Sharing Your Information

We do not sell your personal data or Content. We share data only in the following circumstances:

  • Service Providers: We use trusted third parties to operate the Service:
    • Hosting: Amazon Web Services (AWS) - for secure storage.
    • Analytics: Google Firebase - for app performance and crash reporting.
    • Email Services: for sending account notifications.
  • Payment Processors: We do not process or store financial information. All payments are handled directly by Apple (App Store) or Google (Play Store). We only receive a confirmation token that a purchase was successful.
  • Legal Requirements: We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or search warrant).
  • With Your Consent: We generate a unique URL for your Content. This Content is only accessible to individuals with whom you choose to share that URL.

7. Your Rights

Under the UK GDPR, you have the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate data (note: this does not apply to Evidence Metadata, which is immutable by design).
  • Right to Erasure: You can ask us to delete your data.
  • Right to Portability: You can request your data in a structured, commonly used format.

To exercise these rights, please contact us at support@evidencechain.org.

8. Children’s Privacy

Our Services are strictly for individuals aged 18 and over. We do not knowingly collect data from anyone under 18. If we become aware that a minor has created an account, we will delete it and the associated data immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date."

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: support@evidencechain.org