Privacy Policy
How we collect, use, and protect your information
This Privacy Policy describes how Sirsak ("we," "us," or "our") collects, uses, discloses, and protects your information when you use our mobile application.
1. Information We Collect
We collect information necessary to provide our waste collection point location and management services.
| Category | Data Collected | Purpose |
|---|---|---|
| Account & Profile Data | Email, password (encrypted), display name, phone number (optional), address (optional), profile photo (optional), account creation date, authentication method (Email/Google/Apple). | To create, manage, and secure your user account; to display your profile information. |
| Authentication & Session Data | Authentication tokens (JWT, refresh token), failed login attempts. | To facilitate login, maintain user session, and secure your account. |
| Location Data | User's current location (if permission granted). | To display the user's position on the map, filter collection points by distance, and provide navigation. |
| Financial/Balance Data | Current balance (saldo), debit and credit transaction history (amount, type, date/time, related waste deposit details, status). | To manage the user's balance from waste deposit activities and display transaction history/summary. |
| Notification Preferences | Preferences for schedule reminders, schedule changes, and balance updates. | To deliver personalized and essential service notifications. |
| Technical Data | Device type, Android/iOS version, network connectivity status. | For compatibility checks, performance monitoring, and displaying offline messages. |
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Provision: To enable you to find nearby waste collection points, view their details and schedules, and manage your account balance.
- Authentication and Security: To verify your identity, secure your account, and manage user sessions.
- Navigation: To provide directions to selected collection points via Google Maps or Apple Maps.
- Communication: To send essential notifications regarding collection point schedules, schedule changes, and updates to your balance.
- Improvements: To monitor performance (e.g., load times, API response) and maintain a stable, high-quality application experience.
3. Data Security
We are committed to protecting your data and employ several security measures:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Sensitive user data is stored encrypted in the database.
- Authentication Security: Authentication tokens are stored securely using platform-specific secure storage (e.g., Flutter Secure Storage), and we enforce a minimum password length of 8 characters.
- Secure Implementation: We securely implement OAuth 2.0 flows for social login (Google/Apple).
4. Data Retention and Your Rights
- Session Management: Your access token is maintained for 1 hour, and the refresh token is maintained for up to 30 days to ensure a continuous session.
- Logout: You can log out at any time, which will clear all session data from your device and invalidate the tokens on the backend.
- Profile Management: You have the right to view and edit your display name, phone number, address, and profile photo through the app.
5. Your Right to Delete Your Account
You have the right to request the deletion of your account and personal data at any time. This is in compliance with Google Play Store requirements and data protection best practices.
To request account deletion, please visit our Delete Account page. You will need to provide your account email address and confirm your identity through a confirmation link sent to your email.
- Account Deletion: Your account will be permanently deleted within 30 days of confirmation.
- Data Removal: All personal data, including balance, transaction history, and profile information will be removed.
- Backup Data: Some data may remain in system backups for up to 90 days.
- Alternative Request: You can also request deletion by emailing support@sirsak.com.
6. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the application or on our website. You are advised to review this Privacy Policy periodically for any changes.
