Privacy Policy

Last updated: 17 February 2026

This Privacy Policy explains how KCraft Studio LTD ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use the CyWarn application and website ("Service"). We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

The data controller responsible for processing your personal data is:

• KCraft Studio LTD
• Company Registration: HE 485092
• Neofytou Nikolaidi & Theod. Kolokotroni, ONISIFOROU CENTER, 2nd floor, Agios Theodoros, 8011 Paphos, Cyprus
• For privacy inquiries: privacy@cywarn.app

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide

• Account information (email address, password) when you create an account for Family Safety features
• Family group data (names, relationships) when you set up Family Safety
• Communications data when you contact us for support

2.2 Data Collected Automatically

• Device information (device type, operating system, unique device identifiers) solely for delivering push notifications. These identifiers are not used for cross-service tracking
• Location data (with your explicit consent) to provide location-relevant alerts
• App usage data (features used, crash reports) for service improvement
• IP address for security and fraud prevention

2.3 Data We Do NOT Collect

We do not collect or store: payment information (handled by Apple/Google), biometric data, or precise location history.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): For processing location data and sending push notifications. You can withdraw consent at any time.
• Contract Performance (Article 6(1)(b)): For providing the Service, including Family Safety features when you have an account.
• Legitimate Interests (Article 6(1)(f)): For improving our Service, ensuring security, and preventing fraud.
• Legal Obligation (Article 6(1)(c)): For compliance with applicable laws and responding to lawful requests from authorities.

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing emergency alerts relevant to your location
• Sending push notifications about emergencies in your area
• Operating Family Safety features (location sharing, check-ins)
• Improving the quality and reliability of our Service
• Responding to your inquiries and providing customer support
• Ensuring the security and integrity of our Service
• Complying with legal obligations

5. Data Sharing and Recipients

We may share your personal data with:

• Family group members: Location data shared within your Family Safety group (with your consent).
• Service providers: Hosting providers and push notification services that assist us in operating the Service. For website analytics, we use Matomo, a privacy-focused, self-hosted analytics platform hosted on our own EU-based infrastructure. Matomo data is not shared with third parties and is not used for cross-site or cross-service tracking. IP addresses are anonymized before storage. All service providers process data under data processing agreements compliant with GDPR Article 28.
• Legal requirements: Authorities when required by law or to protect our legal rights.
• Business transfers: In connection with a merger, acquisition, or sale of assets.

We do NOT sell your personal data to third parties.

6. International Data Transfers

Certain service providers (such as push notification infrastructure providers) may involve processing outside the European Economic Area (EEA). Where this occurs, appropriate safeguards such as EU Standard Contractual Clauses are implemented. Our primary hosting and analytics infrastructure is located within the EU.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Location data: Processed in real-time and not stored on our servers
• We do not maintain centralized databases of users' historical movement patterns
• Account data: Retained until you delete your account, plus any legally required retention period
• Device tokens: Retained until you uninstall the App or revoke notification permissions
• Support communications: Retained for 3 years for quality assurance
• Analytics data: Collected via Matomo and stored on our EU-based servers. IP addresses are anonymized before storage. Analytics data is automatically deleted after 26 months

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your data ('right to be forgotten')
• Right to Restriction (Article 18): Request limitation of processing
• Right to Data Portability (Article 20): Receive your data in a portable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@cywarn.app. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Secure storage with access controls
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We categorize cookies as follows:

Necessary Cookies

Required for the website to function. These cannot be disabled.

Analytics Cookies

We use Matomo analytics cookies to understand how visitors interact with our website. These are first-party cookies that are not shared with third parties and are used solely for internal statistical purposes. These require your consent.

You can manage your cookie preferences through our cookie settings panel or your browser settings.

11. Children's Privacy

Our Service is not directed to children under 14 years of age. We do not knowingly collect personal data from children under 14. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@cywarn.app, and we will take steps to delete such information. We do not engage in automated decision-making or profiling within the meaning of Article 22 GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App or by email at least 30 days before they take effect. The 'Last updated' date at the top indicates when the policy was last revised. We encourage you to review this policy periodically.

13. Supervisory Authority

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the supervisory authority in Cyprus:

• Commissioner for Personal Data Protection
• 1 Iasonos Street, 1082 Nicosia, Cyprus
• Phone: +357 22 818 456
• Email: commissioner@dataprotection.gov.cy
• Website: www.dataprotection.gov.cy

14. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at:

privacy@cywarn.app

KCraft Studio LTD, Neofytou Nikolaidi & Theod. Kolokotroni, ONISIFOROU CENTER, 2nd floor, Agios Theodoros, 8011 Paphos, Cyprus