Privacy Policy — Gard

Effective date: 23 November 2025

Gard (“we”, “us”, “our”) provides a QR code-based security patrol management system used by organizations to manage patrols and verify location checks. This Privacy Policy explains the types of information we collect, how we use and share it, and your rights and choices.

1. Information we collect

Account data: username, organization ID, role (admin / guard), and profile information you provide when creating an account.
Patrol & usage data: QR scan IDs, scan timestamps, patrol route metadata, status updates, notes and any photos you upload (only if your organization enables this).
Device & technical data: device model, OS version, IP address, crash logs and analytics (if enabled) used to improve the service.
File uploads: files or images you explicitly upload to the service (stored on our hosting provider).

2. How we use collected data

To provide and maintain the core service: verify patrols, display reports, and allow admins to monitor patrol status.
To improve and secure the service: debugging, crash reporting, analytics, and detecting abuse.
To communicate with you about the service (notifications, support messages).

3. Sharing & third parties

We do not sell personal data. We may share data with:

Your organization’s admins (as permitted by your account and organization settings).
Our hosting and analytics providers (for example: Google Cloud, Firebase, Sentry, or similar services). Where we use third parties, we require them to follow industry-standard security practices.
Law enforcement, when required by law or to protect rights or safety.

4. Security

We use industry-standard security measures (HTTPS/TLS for transport, authenticated APIs, access controls) to protect data. While we strive to protect your information, no system is completely secure; in the unlikely event of a data breach we will follow applicable laws and notify affected parties where required.

5. Data retention & deletion

We retain account and patrol data as required to provide the service and for troubleshooting or legal purposes. You may request access, correction, or deletion of your account data by contacting us (details below). Deletion requests will be processed consistent with applicable laws and our retention obligations.

6. Children

This service is intended for organizational use by adults and staff. We do not knowingly collect information from children under the age required by local law. If you believe we have collected data about a child, please contact us so we can remove it.

7. Your choices & rights

Access & correction: contact us to request a copy of account data or to correct inaccuracies.
Deletion: you can request deletion of your account and associated data — subject to retention for legal reasons.
Communications: opt out of marketing communications via the unsubscribe instructions in those messages.

8. Technical implementation (developer / reviewer summary)

The following summarizes technical network/implementation details to aid auditors or app reviewers. This is a high-level summary derived from our app code and infrastructure and is provided so reviewers can understand how data moves between client and server.

Network client

The mobile app uses a Dart Dio-based HTTP client for all communication with the backend server.
All requests are sent to a configured API base URL over HTTPS using Content-Type: application/json and Accept: application/json.
Timeouts and full request/response logging are enabled for debugging and reliability.
Authentication is handled using bearer tokens sent in the Authorization: Bearer <token> header.
The client supports GET, POST, PUT, PATCH, DELETE, file uploads via multipart FormData, and secure file downloads.
Error handling covers validation errors, timeout errors, bad responses, SSL issues, network failures, and unexpected exceptions. Errors are returned in structured messages based on server responses.
Files and media uploaded by users are sent securely to the backend and stored using our cloud provider’s storage service.

Storage & hosting

Backend APIs and data storage are hosted on secure cloud infrastructure (such as Google Cloud).
All server endpoints are protected with HTTPS/TLS encryption using valid certificates.

9. Changes to this policy

We may update this policy. If we make material changes we will post the new effective date at the top of the page. Continued use of the service after changes indicates acceptance of the updated policy.

10. Contact

If you have questions or want to exercise your rights, contact us:

Email: gard.superuser@gmail.com
App support: Use the in-app support options or contact your organization admin