PRIVACY POLICY

(Effective as of Jul 28, 2019)


Epicalsoft S.A.C. respects your privacy. Epicalsoft S.A.C. and its affiliates ("We" or the "Company") offer citizen alertness services, security, mapping, GPS navigation and community based services to users of https://reachsos.com (the "Website") and/or users of Reach's mobile/desktop applications (the "Application") (collectively referred to as the "Services"). When you use our services, you're trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.

This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, and delete your information. This Privacy Policy covers:

This Privacy Policy is incorporated as part of the Reach Terms of Service (the "Terms of Service", "Terms of Use" or the "Terms"). Your use of the Services is subject to the Terms of Use, Copyright Policy and this Privacy Policy and indicates your consent to them.

To use our Services you must be 12 years of age or older. If you are under 12, you may not download or use the Services.

In this Privacy Policy, the term "personal information" means information which you provide to us which personally identifies you, such as your name, email address, phone number, your location and route information or other data which can be reasonably linked to such information by Reach.

User Accounts & Accessing the Services

Please note that when you install the Application on your mobile/desktop device, Reach will not set up an account associated with that device (the "Account" or "Reach Account").

Reach may allow you to use the Reach Mobile Application whether or not you choose to sign up for yourself. If you do so:

  • When using the Mobile Application's emergency services related to police, fireman or other related public entities, the device approximate location will be shared with them.
  • Note that in order to access certain features of the Services (for example report an incident, share locations, add contacts, comment incidents) you will need to sign up with an unique email to identify yourself.

Reach may not allow you to use the Reach Desktop Application if you not choose to sign up for yourself.

If you do set up a Reach account with your email in the Application:

  • Reach will link all of your information with your Account and that email. This includes information received from all mobile devices running the Application on which you have chosen to sign in using your email and password;
  • With the exception described in the bullet below and as explained in the section "Visibility" below, your Account and information associated with your Account (including your unique identifier) will be visible only to Reach; and
  • When using the Application, your approximate location, phone number and other information you may choose to contribute will be visible to other users associated with that email.
  • Reach may also establish and require from time to time additional or different means of identification and authentication for logging in and accessing the Services or for accessing certain features or designated sections of the Services.
  • Your login details are your responsibility. You are fully accountable for any use or misuse of your Account and personal details as a result of conveying your login details to someone else. You must maintain your login details in absolute confidentiality and avoid disclosing them to others. Make sure that you change your password frequently and at least once every six months.

Information that is being collected

We want you to understand the types of information we collect as you use our services

Reach collects information to provide better services to all its users - from figuring out stuff like which are the most dangerous locations, where are your contacts, to more complex things like security insights with resources allocation tips, and notifying you about new relevant incidents. The information Reach collects, and how that information is used, depends on how you choose to use our services and how you manage your privacy controls.

Information you create or provide to us:

  • Account Information: information required when setting up an account, such as your email, name, sex and phone number. Bear in mind that false, incorrect, or out-dated information may impair Reach's ability to provide you with the Services and to contact you when necessary. Reach will explicitly indicate the fields for mandatory completion. If you do not enter the requisite data in these fields, you may not be able to set up an account (but you may still use our Services as explained in the above section "User Accounts & Accessing the Services"); and/or
  • Information that you choose to share with Reach: information that you choose to share with Reach like reports, incident comments, locations, nickname, username, contact info, identity document number and files you have uploaded to the service, including images, audio and video files, if applicable.
  • Communication which you choose to conduct through the Reach Services: if you choose to use Reach to communicate with other Reach users or third parties through the Reach Services, such as comment messages or sending locations on the Reach platform. We may also collect information when you exchange communication with Reach, for example, if you report a platform user abuse to the team.
  • Information from your social networks which you choose to connect to your Reach Account: you may choose to connect your Reach Account to your social network account(s). If you choose to do so, you may choose to share with Reach and/or other users information from your social network accounts, such as your Facebook/Google name, email, profile photo or other personal information shared by you.
  • "Help numbers feature": if you use the "Help numbers" feature, Reach will read all of the phone numbers and associated names which are stored on your device's phone contacts book to help you selecting numbers for emergency situations. Only the selected numbers will be saved locally on your device and collected by Reach. This data will be treated as personal information related to your account and will only be used to alert in emergency situations.

Information we collect as you use our services:

We collect information about your activity in the Services, which we use to provide you with the Services of Reach, including features which are meant to personalize your experience. This includes things like showing notifications about incidents and propose the safe route. The activity information we collect may include:

  • Detailed location, travel and route information: location and route information is collected for example in the form of GPS signals (combined with a time-stamp) and other information sent by your mobile device on which the Application is installed and activated. The types of location data we collect depends in part on your device and account settings. For example, depending on your selected device settings and/or your account settings we may collect information about your location and travel (or lack thereof) also while you are not using the app, in order to be able to notify you about new incidents in your area.
  • Your views and interactions with incident reports.
  • Communication or other content you chose to share with any third party, including Reach users through the Services;
  • Your activity on third-party sites and apps that you chose to link to your Reach account or that you interact with through the Service.

Meta-data (information about your device, browser and app use):

Once you install the Application, Reach collects information about the use of the Services and information from the device you have Reach installed on. For example:

  • Reach may collect and record how often you use the app and for how long, your device type, operating system type & version, the fact that you used the Services to communicate with other users and the fact that you used third parties application/services via Reach to communicate with third parties.
  • We temporary store the Internet Protocol (IP) address and the name of the domain that serves you to access the Services to prevent and track computer attacks against Reach.
  • We also collect information about the interaction of your devices with our Services, including, error and crash reports.

Why Reach collects data

Reach may use information collected from or provided by you for the following purposes:

Provide our services

We use your information to deliver our services. For example:

  • Use your location and route information to provide nearby incidents information, navigation services, best route choices, alerts and to provide information about sites; and
  • (If you have opted in to the "help contacts" or "help number" features), use your approximate location and contact info to connect you with who may help and take care of you.
  • To share your submissions with other users of the Services and to facilitate communication between you, Reach and other users.

Maintain & improve our services

  • We also use your information to ensure our services are working as intended, such as tracking outages or troubleshooting issues you report to us. And we use your information to improve the service or to develop new features or services.

Communicate with you

  • We also use your information to send you updates, notices, announcements, and additional information related to the Services;
  • We may also use your information to conduct surveys and questionnaires; And if you contact Reach we may keep a record of your request in order to help solve any issues you might be facing.
  • Subject to your prior indication of consent (to the extent required under applicable law), we may also use the email address that you provided to send you promotional and/or marketing materials. At any time you may choose not to receive such materials by clicking on the "Unsubscribe" link in the email messages that we may send to you. In any case, Reach will not share your contact details with any advertiser, unless explicitly permitted or required by law.

To protect Reach, our users, the public and for Legal reasons

We may also use and process your information and content, using different technologies to the following purposes:

  • To enforce the Terms of Use or Privacy Policy;
  • To contact you when Reach believes it to be necessary;
  • To comply with any applicable law and assist law enforcement agencies under any applicable law, when Reach has a good faith belief that Reach's cooperation with the law enforcement agencies is legally mandated or meets the applicable legal standards and procedures;
  • To detect abuse and illegal activity; to detect and prevent fraud, misappropriation, infringements, identity theft and other illegal activities and misuse of the Services;
  • To handle breakdowns and malfunctions;
  • To take any action in any case of dispute, or legal proceeding of any kind between you and the Services, or between you and other users or third parties with respect to, or in relation with the Services;
  • For purposes provided under this Privacy Policy and Terms of Use;
  • To help improve the safety and reliability of our Services. This includes detecting, preventing, and responding to security risks, and technical issues that could harm Reach, our users, or the public;
  • To create aggregated and/or anonymous data (where such data does not enable the identification of a specific user). See How does Reach use aggregated information", below;

We'll ask for your consent before using your information for a purpose that isn't covered in this Privacy Policy.

Sharing your information

Personal information that you share

The Services are based on a community of users publicly sharing information with Reach and with other members of that community.

In particular, users may choose to share personal information such as name, age, sex, picture, their location information, reports and other files. This information may be shared either directly to the Services and to all users, such as in the case of incident reports, or just to your friends on Reach. This information may also be shared via third party services (such as social networks) which interact with the Services upon such users' choice.

You can decide whether or not to upload content to the Services. However any content that you choose to share and submit for posting is neither private nor confidential and you should expect that it may be made public and known to others. Information you choose to upload will be posted along with your nickname and other information including personal information you attached to your publicly available user profile. Therefore, you must exercise caution and common sense when submitting information. At the very least you should demonstrate the same degree of caution as when publishing personal information by means other than the Internet and cellular services.

In any event (but except as detailed below with respect to information shared from your social network accounts according to your privacy settings for such social network accounts), your email address will not be visible to others through any reports or user posts that you share or upload.

If you choose to either record audio that contains your own voice, or record a video where you appear, Reach will collect the media file data. If, after recording the audio o or video, you chose to post them as an evidence for an incident report, other Reach users and other people will be able to download and use your voice recordings. Once downloaded, Reach may not have any control over the media files, so you should only share content that you are comfortable being made public.

We, at Reach, take great measures to provide you with the best experience you can have while using the Services. However, Reach has no control over the conduct of any user and disclaims all liability in this regard. Users are advised to carefully and thoroughly consider whether or not to make public or available any information and carefully examine all necessary details related to any communication with other users prior to any engagement or communication being made.

Participating in any user's activities as a result, directly or indirectly, from using Reach, is entirely at your own risk. Reach is not a party to any agreement entered into between the users in any circumstances. The user has the sole and ultimate responsibility regarding compliance with all laws, regulations or any other duty. We do not accept any liability for any loss, damage, cost or expense that you may suffer or incur as a result of or in connection with your participation in any activity or event initiated, held or conducted by a user or a third party nor in connection to any agreement between the users or third parties, including any activity or event related in any way, directly or indirectly, the Services or the use thereof.

When Reach shares your information

Reach does not sell, rent or lease your personal information to third parties.

Reach will not share your personal information with others, without your permission, except for the following purposes and to the extent necessary in Reach's good-faith discretion:

  • As necessary for the facilitation and operation of the Services. For example, making public incidents you report and which are associated with your phone number or addressing panic button activations which are associated with your name and location.
  • If Reach reasonably believes that you have breached the Terms of Use or is investigating potential breach of the Terms of Use, or believes that you abused your rights to use the Services, or performed any act or omission that Reach reasonably believes to be violating any applicable law, rules, or regulations. Reach may share your information in these cases, with law enforcement agencies and other competent authorities and with any third party as may be required to handle any result of your wrongdoing;
  • If Reach is required, or reasonably believes that it is required by law to share or disclose your information;
  • In any case of dispute, or legal proceeding of any kind between you and Reach, or between you and other users with respect to, or in relation with the Services;
  • In any case where Reach reasonably believes that sharing information is necessary to protect against harm to the rights, property or safety of Reach, our users, or the public as required or permitted by law, including to prevent imminent physical damage or damage to property;
  • To detect, prevent, or otherwise address fraud, security, or technical issues;
  • If Reach organizes the operation of the Services within a different framework, or through another legal structure or entity, or if Reach is acquired by, or merged into or with another entity, or if Epicalsoft S.A.C. enters bankruptcy, provided however, that those entities agree to be bound by the provisions of this Privacy Policy, with respective changes taken into consideration;
  • To collect, store, hold and manage your personal information through cloud based or hosting services or a third party or a party affiliated or connected to Reach, as reasonable for business purposes, which may be located in the European Union and the U.S.A., potentially countries outside of your jurisdiction;
  • Reach may also share personal information with projects connected or affiliated with Reach, such as brother-projects (i.e. projects that belong to Epicalsoft S.A.C.);
  • Personal information may also be shared with Reach's trusted partners and service providers to process it for us, based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures. For example, we use Office 365 and Microsoft Azure to help us with mailing, infrastructure and app services.

Visibility

Please note that your nickname will be included along with any information you submit for posting (such as incident reports or comments). And some trusted users (accounts that belongs to local authorities) will be able to see your phone number unless you activate the "post as anonymous" option when creating the incident report.

Your Reach contacts will see your name & profile photo and any other information (like your current location) you chose to share with them.

Note that your name, phone number, identity document number and location will be included on panic button activations or when calling through our "Local authorities" phone book.

Please note that the options of "Automatic synchronization" and "Synchronize location when the application starts" are in settings and that your location can only be seen by those contacts to whom you have explicitly sent your location or to whom you have selected through of the "tracking permissions" option.

Controlling your personal information

You can always review and update certain information by visiting your Profile settings (such as your phone, email and more) or the in-app left menu (to update your contacts, help numbers and help contacts).

If you find that the information associated with your Account is not accurate, complete or updated, then you should make all necessary changes to correct it. Please keep in mind that false, incorrect, or outdated information may prevent you from setting up a username and impair the ability to provide you with Services.

Privacy controls

Your in-app left menu provide you with quick access to settings and tools that let you safeguard your data and decide how your information can make Reach services work better for you. For example, you can control your when/ how your location is updated in Reach and whom of your contacts can see your actual location.

There are other ways to control the information Reach collects whether or not you're signed in to a Reach Account, including device-level settings: your device may have controls that determine what information we collect. For example, you can modify location settings on your device.

Deleting your information

If you would like us to delete your Account, please write us at hello@epicalsoft.com. On receiving such a request, we will use reasonable efforts to delete such information, however please note that information may not be deleted immediately from our back-up systems. We aim to initiate the deletion process immediately after your request. Once we receive your request, your data will no longer be used to personalize your Reach experience. We then begin a process designed to safely and completely delete the data from our storage systems. This process generally takes around 2 days from the time of deletion. As with any deletion process, things like routine maintenance, unexpected outages, bugs, or failures in our protocols may cause delays in the processes and time frames defined in this policy. We maintain systems designed to detect and remediate such issues.

How Reach retains data we collect

Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. This section describes why we hold onto different types of data for different periods of time.

  • Information retained until you remove it - such as your "Help numbers", comments, reports and other account related information. We'll keep this data in your Reach Account until you choose to remove it and/or update it.
  • Information retained until your Reach Account is deleted - we may keep some data for the life of your Reach Account if it's useful for helping us understand how users interact with our features and how we can improve our services. For example, if you made an incident report, we will keep information about how many users you have alerted, even after the incident report is removed. When you delete your Reach Account, the information about how many users you have alerted is also removed.

How does Reach use aggregated information?

Reach may use anonymous, statistical or aggregated information (including anonymous location information), in a form that does not enable the identification of a specific user, to properly operate the Services, to improve the quality of the Services, to enhance your experience, to create new services and features, including customized services, to change or cancel existing content or service, and for further internal, commercial and statistical purposes.

Reach may also use anonymous, statistical or aggregated information collected on the Services, in a form that does not enable the identification of a specific user, by posting, disseminating, transmitting or otherwise communicating or making available such information to users of the Services, to the Services' providers, partners and any other third party. For example, GPS information that we receive from your mobile device may be provided to map editors in an aggregated and/or anonymous form to help improve our services.

Information security

Reach considers information security to be a top priority. Reach services are built with strong security features that continuously protect your information. Reach implements systems, applications and procedures to secure your personal information, to minimize the risk of theft, damage, loss of information, or unauthorized access or use of information. For example, we review our information collection, storage, and processing practices, to prevent unauthorized access to our systems. In addition, we restrict access to personal information to Epicalsoft S.A.C. employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

The insights we gain from maintaining our services help us detect and automatically block security threats from ever reaching you.

However, these measures are unable to provide absolute assurance. Therefore, although Reach takes great efforts to protect your personal information, Reach cannot guarantee and you cannot reasonably expect that Reach's databases will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

Compliance & cooperation with regulators

Data transfers

We store data on servers located around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy.

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

European requirements

If the European Union (EU) data protection law applies to the processing of your information, we provide the controls described in this policy so you can exercise your right to request access to, update, remove, delete, and restrict the processing of your information.

You can also receive a copy of data in your Reach account if you want to back it up or export your information to another service. You can achieve that by writing us to hello@epicalsoft.com. Please note that to continue with your request, you must write to us from the same email address associated with the account from which you are requesting the data.

You also have the right to object to the processing of your information.

We process your information for the purposes described in this policy, based on the following legal grounds:

With your consent

We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time. You can manage your settings and personal information at any time.

When we're pursuing legitimate interests

We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like:

  • Providing, maintaining, and improving our services to meet the needs of our users
  • Developing new services and features that are useful for our users
  • Understanding how people use our services to ensure and improve the performance of our services
  • Customizing our services to provide you with a better user experience
  • Marketing to inform users about our services
  • Detecting, preventing, or otherwise addressing fraud, abuse, security, or technical issues with our services
  • Protecting against harm to the rights, property or safety of Reach, our users, or the public as required or permitted by law
  • Performing research that improves our services for our users and benefits the public
  • Enforcing legal claims, including investigation of potential violations of applicable Terms of Service

When we're providing a service

We process your data to provide a service you've asked for under a contract (including our terms of use).

When we're complying with legal obligations

We'll process your data when we have a legal obligation to do so, for example, if we're responding to legal process.

If you have questions, you can contact Reach at: hello@epicalsoft.com. And you can contact your local data protection authority if you have concerns regarding your rights under local law.

Changes to this Privacy Policy

Reach may from time to time change the terms of this Privacy Policy. Substantial changes will take effect 30 days after Reach has posted a:

  • System message to users notifying then of changes to the Privacy Policy; and
  • Notification on the Website's homepage or any other relevant web pages, explaining the changes to the Privacy Policy alongside a comparison of the "old" and "new" versions of the Privacy Policy.

Other changes will take effect 7 days after their initial posting on the Website. However, if Reach amends this Privacy Policy to comply with legal requirements, the amendments will become effective immediately upon their initial posting, or as required.

You agree to be bound by any of the changes made in the terms of this Privacy Policy. Continuing to use the Services will indicate your acceptance of the amended terms. If you do not agree with any of the amended terms, you must avoid any further use of the Services.