Cyprus fire alerts & safety

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how SafeIsland CY ("we", "us", "our") collects, uses, and protects personal data when you use the SafeIsland CY mobile application ("App"). It applies to all users of the App on iOS and Android platforms.

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR, EU 2016/679) and applicable Cypriot data protection law. Please read this policy carefully before using the App.

For questions or requests regarding your personal data, contact us at: privacy@safeisland.app

1. Data Controller

The data controller responsible for your personal data is the developer of the SafeIsland CY application. For all data-related enquiries, please contact:

Email: privacy@safeisland.app
Application name: SafeIsland CY — Cyprus fire alerts & safety

2. Data We Collect

We collect only the personal data necessary to operate the App. The following categories of data may be collected:

2.1 Account Data

Email address (used for authentication)
Authentication credentials (managed securely via Firebase Authentication)
User account identifiers assigned by Firebase
Name and phone number (optional, voluntarily provided)

Name and phone number are stored solely for your profile and are never shared publicly, with other users, or with third parties other than Firebase as our data processor.

2.2 User-Submitted Incident Reports

GPS coordinates at the time of incident report submission
Timestamp of submission
Incident description and any additional details voluntarily provided
Photos attached to reports, if any (optional feature)

2.3 Device and Technical Data

Device token for push notifications (via Firebase Cloud Messaging)
Basic usage logs (app errors, crash reports) collected by Firebase

3. How We Use Your Data

We process your personal data for the following purposes, each with a corresponding legal basis under GDPR Article 6:

Account creation and authentication — to allow you to log in and use the App (legal basis: performance of a contract, Art. 6(1)(b))
Publishing community incident reports on the map — to provide the core functionality of the App (legal basis: performance of a contract, Art. 6(1)(b))
Sending push notifications about nearby fire incidents or official alerts — to deliver the safety information service you have opted into (legal basis: consent, Art. 6(1)(a))
App stability and error monitoring — to maintain the technical performance of the App (legal basis: legitimate interests, Art. 6(1)(f))
Displaying your name or contact details within your profile, if provided (legal basis: consent, Art. 6(1)(a))

4. Third-Party Services (Sub-Processors)

We use the following third-party services to operate the App. Each acts as a data processor on our behalf and is contractually obligated to protect your personal data:

4.1 Google Firebase

We use the following Firebase services provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):

Firebase Authentication — to manage user accounts and login sessions
Cloud Firestore — to store incident reports and app data
Firebase Cloud Messaging (FCM) — to deliver push notifications to your device

Firebase is GDPR-compliant and acts as a data processor under our instructions.
Google's privacy policy: https://policies.google.com/privacy
How Google uses data from its APIs: https://policies.google.com/technologies/partner-sites

5. International Data Transfers

Some Firebase services (including Firebase Authentication) store data on servers located in the United States, outside the European Economic Area (EEA). Such transfers are carried out in compliance with GDPR through:

Standard Contractual Clauses (SCCs) adopted by the European Commission and incorporated into Google's Data Processing Terms
Google's participation in the EU-U.S. Data Privacy Framework

6. Data Retention

Account data: retained for as long as your account is active
Incident reports: retained for as long as they are operationally relevant to the App's purpose, or until you request deletion
Push notification tokens: retained while your account is active and push notifications are enabled
Technical logs and crash reports: retained for up to 90 days

We do not retain personal data beyond what is necessary for the stated purposes. Upon account deletion, all personal data linked to your account will be erased within 30 days, except where retention is required by applicable law.

7. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right of access — to obtain a copy of the personal data we hold about you
Right to rectification — to correct inaccurate or incomplete data
Right to erasure — to request deletion of your personal data (see Section 8)
Right to restriction of processing — to request that we limit how we use your data in certain circumstances
Right to data portability — to receive your data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. To withdraw consent for push notifications, use your device notification settings. To withdraw consent for optional profile data (name, phone number), contact us at privacy@safeisland.app and we will remove the data promptly.
Right to lodge a complaint — with the competent supervisory authority

The competent supervisory authority for Cyprus is:

Commissioner for Personal Data Protection
Website: www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy

To exercise any of your rights, contact us at privacy@safeisland.app. We will respond within 30 days.

8. Account and Data Deletion

You may request deletion of your account and associated personal data at any time. As the App does not currently include an in-app deletion feature, please submit your request by email:

Email: privacy@safeisland.app
Subject line: "Data Deletion Request"

Deletion will be completed within 30 days of your request. We will send a confirmation once your data has been removed.

We may retain certain data after a deletion request where required by applicable law or to resolve outstanding legal disputes. In such cases, the retained data will be limited to the minimum necessary and not used for any other purpose.

For full details of our data deletion process, see our separate Data Deletion Policy at:
https://safeisland.app/delete_account

9. Location Data

The App requests access to your device's location exclusively at the moment you choose to submit an incident report. Location access is not used in the background, is not tracked continuously, and is not used for advertising or profiling purposes.

When you submit a report, the GPS coordinates of your current location are attached to the report and stored as part of the incident record. These coordinates are visible to other App users on the map.

You may revoke location permission at any time through your device settings. Revoking location access will disable the ability to auto-populate coordinates when submitting reports, but will not affect other App functionality.

10. User-Generated Content

Incident reports you submit are shared publicly within the App and are visible to all users on the map. Do not include sensitive personal information (such as names, addresses, or identifying details of individuals) in your incident reports.

We reserve the right to remove reports that violate our Terms of Use, including reports containing false information or personal data of third parties.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

Encrypted data transmission (HTTPS/TLS) between your device and our servers
Authentication and access control via Firebase Authentication
Firebase infrastructure security, certified under ISO 27001, 27017, and SOC 2

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

12. Minors

The App is intended for users aged 16 and over. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@safeisland.app and we will delete the data promptly.

Users aged 13–15 may use the App only with the consent of a parent or legal guardian, in accordance with GDPR Article 8.

13. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you, as described in GDPR Article 22.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. Where changes are material, we will notify you via the App or by email.

Continued use of the App after the updated policy takes effect constitutes your acceptance of the revised terms.

15. Contact

For any questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data, please contact us:

Email: privacy@safeisland.app
Application: SafeIsland CY — Cyprus fire alerts & safety

If you are not satisfied with our response, you have the right to lodge a complaint with the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy).