Privacy Policy

1. Introduction

Welcome to Gran, operated by REGO360 Company Limited ("we," "our," or "us"). Gran is a community-driven safety and awareness platform that enables users to post, view, and engage with reports about scams, incidents (accidents, fires, disasters, assaults, road blocks, etc.), and missing persons.

Your privacy and trust are fundamental to our mission. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our mobile application ("App") and website ("Web Platform") (collectively, "Services").

Important Notes:

  • Gran is operated in Nigeria, and our services are primarily intended for use within Nigeria
  • The mobile app provides full functionality for creating, viewing, and managing reports
  • The web platform provides read-only access—users cannot create, update, or delete content from the web

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

  • Email address (required for authentication and communication)
  • Password (securely hashed using industry-standard encryption; never stored in plain text)
  • Optional profile information: First name, last name, age group, gender, phone number, social media handles, profile avatar

Third-Party Authentication: If you sign up using Google or Apple, we do not store or access your password. Authentication is handled securely by those providers.

2.2 Report Data

When you submit a report, we collect:

  • Report title, description, and category
  • Media files (photos, videos, or other attachments)
  • Location coordinates (if location services are enabled)
  • Social media handles or external references you provide
  • Timestamps and metadata
  • Law enforcement information (voluntarily provided): Whether reported to authorities, case file/reference number, additional references

You may update or delete your reports at any time. Deleted reports are soft-deleted—removed from public view but retained for operational, audit, security, and legal purposes.

2.3 Location Data

Low-Precision Location

  • Used to show nearby reports and send location-relevant safety alerts
  • Can be disabled anytime in app settings
  • Approximate coordinates only; not used for real-time tracking

High-Precision Location

Powers two critical safety features:

SOS Alerts:

  • Sends precise location as Google Maps link to designated emergency contacts
  • Contact lists and messages stored locally on your device only (not on our servers)
  • Queued messages auto-deleted from device after 14 days
  • We do not access your contact list or store SOS data on our servers

Live Location Tracking:

  • Allows authorized contacts to track real-time location for specified duration
  • Full control to pause or stop sharing at any time
  • Choose one-way or dual mode (mutual viewing)
  • Data deleted immediately after session ends

2.4 Engagement and Activity Data

We automatically collect: Reports viewed, bookmarked, confirmed, or flagged; helpful votes and community feedback; gamification progress (points, badges, levels); report contests or disputes; notification interaction metrics.

2.5 Device and Technical Information

Device identifiers, type, and OS; device tokens for push notifications (no personal identifiers embedded); app version; IP address; error logs and crash reports.

2.6 Subscription and Payment Data

Through RevenueCat and Paystack: subscription tier/status, renewal dates, payment amounts, transaction IDs. We never store your full payment card details.

3. Automated Evaluation and Machine Learning

Gran uses automated machine learning systems to evaluate and assign risk levels to reports (low, medium, high), assess credibility, detect spam/fraud, and improve abuse detection.

Important Clarifications:

  • Risk assessments are not manually reviewed in routine operations
  • Human review occurs only for user-initiated reassessment requests, community flags, or anomaly detection
  • Users may contest automated decisions through the app

4. How We Use Your Information

Service Delivery:

  • Provide and maintain reporting and safety services
  • Enable posting, viewing, and engagement with community reports
  • Deliver SOS alerts and live location tracking
  • Display relevant nearby reports with location-based filters

Communications:

  • Send push notifications about incidents, alerts, and updates
  • Communicate about account security and support
  • Deliver promotional messages (opt-out available)

Improvement and Analysis:

  • Improve credibility models and risk evaluation algorithms
  • Optimize alert targeting and notification delivery
  • Enhance app performance and user experience
  • Analyze anonymized usage data for service improvements

Safety and Compliance:

  • Detect, prevent, and respond to fraud and security threats
  • Comply with legal obligations and protect legal rights
  • Cooperate with law enforcement where legally required

5. Data Sharing and Disclosure

We do not sell your personal information to third parties.

We may share limited information only in these circumstances:

  • With Your Consent: When you share live location or authorize specific purposes
  • Public Reports: Approved reports are visible to all platform users
  • Service Providers: With Vultr, AWS, RevenueCat, Paystack, and analytics/ML providers (bound by strict confidentiality)
  • Law Enforcement: When required by law, court order, or necessary for public safety. For missing persons/high-risk incidents, we may request proof of law enforcement reporting
  • Emergency Situations: SOS alerts sent to chosen contacts automatically, even if they don't have the app
  • Business Transfers: In event of merger, acquisition, or sale (with notification)

6. Data Storage, Security, and International Transfers

Hosting and Storage

Securely stored on Vultr and Amazon Web Services (AWS) servers, complying with industry-standard security practices.

Security Measures

  • HTTPS encryption for all data transmission
  • Encryption of data at rest and in transit
  • Secure password hashing using modern algorithms
  • Role-based access controls
  • Regular security audits and continuous monitoring
  • Automated threat detection systems

However, no digital service is entirely risk-free. Users are responsible for maintaining account security with strong passwords and secure devices.

International Data Transfers

Data may be transferred to countries outside Nigeria (e.g., United States). By using our Services, you consent to this transfer. We ensure international data remains protected under comparable safeguards.

7. Data Retention

  • Account Data: Retained while account is open. After deletion, 30-day grace period (logging in cancels deletion). After 30 days, personal identifiers permanently removed.
  • Reports: Remain visible even after account deletion but attributed to "Deleted User." Soft-deleted reports retained for operational, audit, security, and legal purposes.
  • Temporary Data: SOS messages deleted from device after 14 days. Live location data deleted immediately after session ends.
  • Logs and Analytics: May be retained longer for security, compliance, and improvement.

8. Your Rights and Choices

Access and Portability

  • Request copy of your data (within 14 days)
  • Export data in common format

Correction and Updates

  • Update profile information
  • Edit or update reports

Deletion

  • Delete individual reports
  • Delete entire account (30-day grace)
  • Request deletion of specific data

Control Over Features

  • Pause/stop location sharing anytime
  • Disable low-precision location
  • Manage SOS contacts

Communication Preferences

  • Manage notification settings
  • Opt out of promotions
  • Control alert frequency

Contest Decisions

  • Challenge risk assessments
  • Request human review

To exercise your rights, contact us at privacy@gran.com or use in-app settings.

9. Missing Persons Reports: Special Guidelines

When reporting a missing person, you confirm that:

  • At least 24 hours have passed since disappearance (unless immediate danger)
  • Law enforcement has been notified and you have permission to share publicly
  • The missing person is a minor, vulnerable, or potentially in danger
  • You will not interfere with ongoing investigations

We may request proof of law enforcement involvement. You are solely responsible for ensuring proper authorization and accuracy.

10. User Responsibility and Content Liability

Gran does not verify the accuracy of user-submitted reports. Users are solely responsible for truthfulness, legality, and safety of their posts. We encourage independent verification.

Users may flag inappropriate reports, mark as helpful/confirmed, or contest through dispute mechanism.

REGO360 Company Limited is not liable for:

  • False, defamatory, or misleading user reports
  • Actions taken based on unverified community reports
  • Harm from reliance on user-generated content
  • Interference with investigations due to unauthorized disclosures

11. Third-Party Services and Emergency Helplines

Integrated Services

Gran integrates with Google Maps, RevenueCat, Paystack, Apple, and Google authentication. Each operates under their own privacy policies.

Emergency Helplines

The app provides public emergency helplines (fire, health, gender-based violence, disaster response).

Disclaimer: We do not verify or guarantee accuracy of these numbers and are not liable for disconnected numbers, response failures, or delays. Confirm helplines with local authorities.

12. Advertising, Promotions, and Gamification

  • Advertising: May display third-party ads. While we avoid harmful content, we don't independently verify all advertisers. Users can report inappropriate ads.
  • Gamification: Points, badges, and levels have no real-world monetary value. Gran may adjust, pause, or remove rewards at any time.
  • Subscription Pricing: May change with reasonable notice. Current subscribers notified before renewal at new price.

13. Children's Privacy

Gran is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, contact us immediately at privacy@gran.com for prompt removal.

Minors may use the app only with verified parental or guardian consent.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via in-app notification or email. The updated policy will always display a revised "Last Updated" date. Continued use after changes constitutes acceptance.

15. Legal Basis for Processing

For users in jurisdictions with data protection laws (e.g., GDPR, NDPR), we process your data based on:

  • Contractual necessity to provide our Services
  • Legitimate interests in improving and securing our platform
  • Legal compliance with applicable laws and regulations
  • Consent where explicitly obtained for specific activities
  • Vital interests to protect life and safety in emergencies

16. Contact Us

For questions, data requests, complaints, or to exercise your privacy rights, please contact:

Gran Privacy Team

REGO360 Company Limited

📧 Email: privacy@gran.com

🌐 Website: https://www.gran.com.ng

🏢 Address: Lagos, Nigeria

Response Time: We will respond to all privacy inquiries within 14 business days.

17. Governing Law

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of Nigerian courts.

By using Gran, you acknowledge that you have read, understood, and agree to this Privacy Policy.

REGO360 Company Limited © 2025. All rights reserved.

Last Updated: October 21, 2025