Privacy Policy

Operator: Hugz Tech Solutions Limited
Application: Aegis by Hugz
Effective Date: 23 April 2026
Last Revised: 9 June 2026

This Privacy Policy explains how Hugz Tech Solutions Limited ("we", "us", "our") collects, uses, stores, shares, and protects information when you use the Aegis by Hugz mobile application and related services (collectively, the "Service"). By creating an account or using the Service you agree to this Policy. If you do not agree, do not use the Service.

1. Information We Collect

1a. Information You Provide

Phone number and authentication credentials
Full name, display name, and profile photo
Emergency contact names and phone numbers
Guardian and dependent relationship information you configure
Safe-zone addresses and custom labels
Support requests and in-app feedback

1b. Information Collected Automatically

Location data – real-time GPS coordinates, background location (where permitted), movement history, and derived location attributes (speed, route).
Audio recordings – ambient audio captured during a Panic alert event (where the feature is enabled and you hold a Premium plan). Audio is encrypted in transit and stored in our cloud infrastructure.
Camera captures – still images captured during a Panic alert (Premium plan only).
Device identifiers – Firebase Cloud Messaging (FCM) tokens, device model, OS version, and app version for push notification delivery and diagnostics.
Usage data – feature interactions, crash reports, and performance metrics to improve the Service.
Bluetooth proximity data – used to detect paired Bluetooth SOS devices in range; not transmitted off-device beyond triggering an SOS event.

2. How We Use Your Information

Delivering the core safety features: Panic alerts, Follow Me sessions, Guardian Dashboard, safe-zone monitoring, and related notifications.
Sharing your location, alert status, and recorded media with your designated emergency contacts, guardians, or family members strictly as configured by you.
Sending push notifications for alerts, check-ins, and account-related messages.
Processing subscription payments and managing plan entitlements via our payment provider.
Diagnosing technical issues, monitoring service reliability, and improving features.
Complying with legal obligations and enforcing our Terms of Service.

3. Location Data – Detailed Disclosure

3a. What location data we collect

When location features are active, Aegis collects precise location data from your device's GPS and network sensors. The data fields collected include:

Latitude and longitude coordinates (precise GPS)
Altitude and GPS accuracy radius
Speed and bearing (direction of movement)
Timestamp of each location reading
Derived attributes such as route path and movement history

Approximate location (network-based) may also be used when GPS is unavailable. Location is never collected passively in the background without your explicit permission and an actively configured feature requiring it.

3b. When and how location is collected

Mode	Foreground / Background	When active	Who can see it	Plan required
Panic tracking	Foreground & background	During an active Panic alert	Guardians with panic access; emergency contacts	All plans
Follow Me tracking	Foreground & background	During an active Follow Me session you start	Guardians with Follow Me access; external link holders	All plans (quota applies)
Always-On tracking	Background (continuous)	Continuously while the heartbeat service runs	Paid-plan guardians who have been granted Always-On permission	Guardian must hold Plus, Family, or Premium
Location history	Background (periodic)	48 h (Plus/Family) or 30 days (Premium)	You; guardians with dashboard access	Plus, Family, Premium
Safe-zone monitoring	Background (periodic)	When safe zones are configured and monitoring is enabled	You; guardians with dashboard access	Plus, Family, Premium

Background location is only collected when you have explicitly granted the Allow all the time (or equivalent) location permission in your device settings and when a feature requiring it (Always-On tracking, Follow Me, or Panic) is actively configured. You may revoke background location access at any time in your device settings; doing so will disable Always-On tracking and may limit live-safety features.

⚠️ Free-Plan Guardian Limitation. If you assign a free-plan user as your guardian, that guardian will receive push-notification alerts during Panic and Follow Me events but will not be able to view your live location or map in the Guardian Dashboard outside of those events. Always-On background tracking for that guardian is stored as an intent in your settings and will activate automatically if and when they upgrade to a paid plan. It is your responsibility to ensure your chosen guardians hold the appropriate plan for the level of monitoring you require.

3c. How location data is transmitted and stored

Location data is transmitted from your device to our servers over HTTPS (TLS) and stored in Google Firebase Firestore, a cloud database hosted on Google Cloud infrastructure. Data is encrypted in transit and at rest.

Location coordinates used for map display are also processed by the Google Maps Platform (map rendering and geocoding) in accordance with Google's privacy policy. No location data is sold to third parties or used for advertising.

3d. Location data retention

Live tracking data (Panic, Follow Me) – deleted from our servers when the active session ends.
Always-On history – retained for 48 hours (Plus/Family) or 30 days (Premium), then automatically deleted.
Free-plan users – no location history is stored; only live coordinates during an active alert are held transiently.
SMS fallback coordinates – your last known GPS coordinates embedded in emergency SMS messages are sent directly from your device and are not stored on our servers.

3e. Your location data controls

Revoke location permission at any time in your device Settings → App permissions.
Disable individual tracking features (Always-On, Follow Me) inside the Aegis app.
Delete your location history from your Profile page.
Delete your account to permanently erase all stored location data from our systems (see Section 10).

4. SMS Permission – Emergency Alert Fallback

Aegis requests the SEND_SMS permission on Android to deliver Panic SOS alerts in two emergency fallback scenarios where the standard internet-based dispatch cannot complete:

When SMS is triggered

No internet connection – if your device has no active data or Wi-Fi connection when a Panic SOS is triggered, Aegis sends an emergency SMS directly from your device to each of your configured guardian contacts.
Online dispatch quota exhausted – if the server-side alert dispatch has reached its messaging limit for the period, an SMS is sent from your device as a direct fallback to ensure your emergency contacts are still reached.

In both cases, SMS messages contain your name, a brief emergency alert, and (where available) your last known GPS coordinates. Messages are sent using your device's native SMS capability (Android SmsManager). Standard carrier messaging rates may apply to your phone plan.

SMS is never sent for routine notifications, non-emergency events, marketing, or any purpose other than the two emergency fallback scenarios described above.

What we do NOT do with SMS access

We do not read your incoming or outgoing SMS inbox.
We do not send promotional, marketing, or non-emergency messages via SMS.
We do not store, receive, intercept, or log the content of any SMS messages. Messages are sent directly from your device to your contacts and do not pass through our servers.
We do not share your phone number or contacts' numbers with third parties via SMS.

You are prompted to grant this permission during onboarding. You may deny or revoke it at any time in your device settings. If the permission is denied, both SMS fallback scenarios will be unavailable; all other Aegis features continue to function normally.

5. Audio and Camera Data

Audio recordings and camera images captured during Panic events are stored encrypted in our cloud storage (Google Firebase Storage). Access is limited to you, your designated guardians with the appropriate plan, and authorised Hugz Tech personnel for technical support or legal compliance purposes. Audio recordings are retained for up to 30 days after the alert event and then deleted automatically unless a legal hold is in place. You may request earlier deletion by contacting us.

We do not use audio or camera data for advertising, training AI models, or any purpose other than delivering the safety feature and as required by law.

6. Sharing of Information

We share your information only as described below:

5a. With People You Choose

Guardians, dependents, family members, and emergency contacts receive exactly the data that the feature and your permissions settings allow. You can review and change these permissions at any time in the Safety Permissions screen within the app.

5b. With Third-Party Service Providers (Data Processors)

We use the following processors to operate the Service:

Google Firebase (Firestore, Firebase Auth, Cloud Storage, Cloud Functions, Cloud Messaging) – authentication, database, file storage, push notifications, and server-side logic. Processed in the European Union and United States per Google's data processing terms.
RevenueCat – subscription management and payment entitlement. Processed in the United States.
Google Maps Platform – map rendering and geocoding. Location coordinates are sent to Google's servers for this purpose.
Apple / Google Play – payment processing for in-app purchases.

Each processor is contractually bound to process data only as instructed and to maintain appropriate security measures.

5c. Legal and Safety Disclosures

We may disclose information to law enforcement, government authorities, or other third parties where required by applicable law, court order, or to protect the safety of any person.

5d. Business Transfers

If Hugz Tech Solutions Limited undergoes a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via a prominent in-app notice before your information is transferred and becomes subject to a different privacy policy.

7. Data Retention

Account data – retained while your account is active and for 90 days after deletion to allow recovery if requested.
Location history – retained for 48 hours (Plus/Family) or 30 days (Premium) then automatically deleted. Free-plan users do not have stored location history.
Panic audio and camera captures – retained for 30 days after the event, then deleted automatically.
Push notification tokens – retained while your device is active; removed when you sign out or delete your account.
Billing records – retained for the period required by applicable financial and tax regulations (typically 7 years).

8. Data Security

We implement reasonable technical and organisational security measures including encryption in transit (TLS), encryption at rest for sensitive data, access controls, and security monitoring. However, no electronic transmission or storage system is 100% secure. You use the Service at your own risk and should take steps to protect your device and account credentials.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

Access – request a copy of the personal data we hold about you.
Correction – request correction of inaccurate data.
Erasure – request deletion of your account and personal data. Some data may be retained for legal compliance purposes after deletion.
Portability – request your data in a commonly used machine-readable format.
Objection / Restriction – object to or request restriction of certain processing activities.
Withdraw Consent – withdraw location or notification permissions at any time via your device settings; note this will disable related features.

To exercise any right, contact us at admin@hugztech.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9a. Account Deletion

You may request full account deletion from within the app (Profile → Settings → Delete Account) or by emailing admin@hugztech.com. Deletion removes your profile, location history, guardian links, and stored media within 30 days. Billing records required by law are excluded.

10. Children and Minors

The Service is not intended for children under 13 years of age without parental or guardian consent and supervision. When a minor user is added under a Family or Premium plan by a parent or guardian, that parent or guardian is responsible for managing the minor's permissions and data. Always-On tracking is automatically enabled for minors added by a Family/Premium plan holder in accordance with the guardian's account settings.

11. Plan Downgrades and Feature Changes

If you downgrade to a lower-tier plan, certain features will become unavailable immediately or at the end of your billing cycle. Guardian relationships established while on a higher plan are retained, but your guardians' ability to see your live location, map, or Follow Me dashboard will reflect the access permitted under your active plan. You will not be automatically notified of changes to a guardian's plan; it is your responsibility to review your safety permissions periodically.

12. Governing Law

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts of Nigeria, unless otherwise required by applicable consumer protection laws in your jurisdiction.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide at least 14 days' notice via an in-app notification or email before the changes take effect. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

14. Contact Us

For privacy questions, data requests, or complaints:

Hugz Tech Solutions Limited
Email: admin@hugztech.com
Subject line: Privacy Request – [your name]