Privacy Policy

Last updated: May 11, 2026
Version: 10

1. Introduction

This Privacy Policy explains how the Optima application (the “App” or “Service”) collects, uses, stores, and protects users’ personal information. By using the App, you consent to this Policy.

The App is intended exclusively for volunteer community safety team members and civilian emergency response teams in Israeli settlements, by personal invitation from a settlement administrator. The App is not available for public sign-up.

2. Information We Collect

2.1 Personal Information

• Full name — provided by the settlement administrator upon account creation
• Email address — for login and communication
• Phone number — for voice calls between team members
• Unique User ID — generated automatically by the system

2.2 Precise Location — User-Initiated Sharing Only (Manual & SOS)

The App does not transmit location continuously or automatically. Location is shared only when the user explicitly starts one of two controlled broadcast modes:

2.2.1 Manual Broadcast

• The user taps the share-location icon in the app header and chooses a duration: 1 hour, 4 hours, 8 hours, or a custom value — capped at 8 hours maximum per session.
• A persistent OS notification is shown throughout the entire session, so the user always knows the App is actively broadcasting location.
• The user can stop the session at any time — from the in-app banner, an action on the OS notification, or the Settings screen.
• The session auto-stops when the chosen duration expires, even without further user interaction.

2.2.2 SOS Broadcast

• Activated by a 1.5-second long-press on the SOS button followed by a confirmation dialog — to prevent accidental activation.
• The user stops the SOS broadcast via the “Stop SOS” button in the red banner that appears at the top of the App while SOS is active.
• A persistent OS notification is shown for the entire SOS session.

2.2.3 Privacy Invariant

When no Manual session and no SOS session is active, the App transmits zero location data — neither in the foreground nor in the background. There is no passive collection, no continuous tracking, and no movement history broadcasting.

2.2.4 Sharing Scope

• Manual broadcast — location is visible only to dispatchers and commanders within the same settlement.
• SOS broadcast— location is visible to responders within the same settlement and within chained settlements (Interconnectivity), per the organization’s configuration.
• Location data is never shared with advertisers, data brokers, or any third party that is not a strictly necessary infrastructure provider.

2.2.5 Retention & Deletion

• Location pings are retained for up to 30 days, then automatically purged.
• Immediate deletion of your location history can be requested via Settings > Privacy in the App, or by emailing [email protected].
• A direct API endpoint is also available: /api/location/me/erase.

2.3 User-Generated Content

• Chat messages — end-to-end encrypted (AES-256-GCM, PBKDF2)
• Photos — attached to incident and event reports
• Event documentation — text, time, location

2.4 App Activity

• Usage history — for audit and investigation purposes
• Taps and screens viewed

2.5 App Performance

• Crash reports — for bug fixing
• Diagnostics — performance, response times

2.6 Device Identifiers

• Device ID — for fraud prevention and unauthorized access prevention
• OS version, device model

3. How We Use Your Information

The collected information is used solely for the following purposes:

• Operating the service (map display, chat, events, patrols)
• User identification and management
• Communication between team members
• Event documentation and investigation
• Diagnostics and bug fixing
• Security and abuse prevention

We do not use data for marketing, advertising, or sale to third parties.

4. Sharing Data With Third Parties

4.1 Service Providers

We use infrastructure providers that process data on our behalf only:

• Mapbox (USA) — map display. Mapbox telemetry is fully disabled.
• Firebase Cloud Messaging (Google, USA) — push notification delivery
• Sentry (USA) — crash reporting and error diagnostics
• Expo Updates (USA) — over-the-air software updates
• DigitalOcean (Frankfurt, Germany) — server and database hosting

These providers are contractually obligated to protect the information and use it solely for our management purposes.

4.2 Settlement Administrators

Your settlement administrator can view your profile, your activity in the App, and your location data only while a Manual or SOS broadcast session is active. This is necessary for operational coordination.

4.3 No Advertising and No Data Brokers

• No advertising in the App
• No sale or transfer of information to marketing entities, data brokers, or any other third party
• No use of Advertising ID

5. Data Retention

• Active account — data is retained as long as the account is active
• Account deletion — personally identifiable data is anonymized immediately after a deletion request
• Location pings — up to 30 days, then automatically purged
• Crash reports — retained for up to 90 days
• Activity logs — retained for up to 12 months for audit purposes

6. Your Rights

Under privacy protection laws, you have the right to:

• Access — request a copy of your data
• Correction — request an update of incorrect information
• Deletion— fully delete your account: Settings > Profile > Delete Account, or at https://optima-shield.app/delete-account/
• Location-history deletion— Settings > Privacy in the App, or via the /api/location/me/erase endpoint
• Objection — object to certain processing
• Portability — receive data in a structured format

To exercise any of these rights, contact us at [email protected].

7. Data Security

Our protection measures:

• Encryption in transit (TLS 1.2+) for all communication
• Password storage hashed (bcrypt) — not in plaintext
• Authentication tokens (JWT) in HttpOnly cookies
• End-to-end encrypted chat using standard algorithms (AES-256-GCM, PBKDF2)
• Rate limiting to prevent attacks
• Audit logs for every sensitive action

No system is 100% secure. We take reasonable measures to protect your information.

8. Children’s Privacy

The App is intended for users 18 years of age and older only. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and discovered that your child provided us with information, contact us and we will delete it.

9. Cookies and Tracking Technologies

• The App uses technical cookies only (session, CSRF) — essential for service operation
• No advertising, tracking, or third-party analytics cookies
• No cross-site tracking

10. International Transfers

Our servers are located in Frankfurt, Germany (EU/GDPR). Some service providers (Mapbox, Firebase, Sentry) operate in the USA. These transfers are made on the basis of appropriate safeguards such as Standard Contractual Clauses (SCCs).

11. Changes to This Policy

We may update this policy from time to time. Material changes will be brought to your attention via in-app notification or email. Continued use of the App after an update constitutes consent to the updated policy.

12. Contact Us

For privacy questions, access, correction, or deletion requests:

• Email: [email protected]
• Website: https://optima-shield.app

Service operator: Optima.