Privacy Policy

Last Update: March 10, 2026

At Stafly, the privacy and security of your logistical operational data are our priority. This document comprehensively describes what information we collect and how we process it. Stafly is a private software utility. Your data is NOT published in public directories.

PRIV 011. INFORMATION WE COLLECT

1.1 Registration Information

• Authentication: We collect your name, email, and associated Google/Apple photo upon signup to create your identity within the platform. • Technical Profile: Vehicle data and emergency configurations strictly for internal use by your group.

1.2 Device Information

• Analytics: We collect your phone model, OS version, and unique push tokens in order to send crucial real-time SOS alerts.

PRIV 022. BACKGROUND LOCATION PROCESSING

CORE SERVICE: Stafly requires tracking your continuous GPS location for physical separation mitigation during trips. THIS APPLICATION COLLECTS LOCATION DATA EVEN WHEN IT IS CLOSED OR MINIMIZED.

2.1 Voluntary Opt-In Consent

Tracking starts and ends EXCLUSIVELY through manual user intervention (by pressing 'Start Route'). We never track users indiscriminately or passively in the background without consent.

2.2 Constant Private Transmission

Your background location is transmitted exclusively to your Private Group or Organizing Agency. • Stafly will use your GPS as long as the application remains in an 'Active Trip State' on the server, keeping you visible to the Trip Organizer, enabling locators, and triggering safety radius abandonment alerts in the background.

2.3 Remote Triggers

We do not humanly monitor your real-time data nor use your location for advertising purposes. Your movement data is tied exclusively to the duration of the trip you agreed to attend.

PRIV 033. HOW WE USE YOUR INFORMATION

• Generated routes (Tracklogs) are temporarily archived for the Organizer's history. • Stafly does not sell geolocation data packets to third-party data brokers.

PRIV 044. DEVICE PERMISSIONS

We strictly share metadata with infrastructure partners necessary to operate: • Mapbox API (Map Telemetry Only). • Google Firebase (Authentication & Push Notifications). • RevenueCat (Subscriptions). • Apple and Google (Crash reports).

PRIV 055. SHARING INFORMATION WITH THIRD PARTIES

Following international standards, Stafly allows for the automatic, irreversible, and unconditional deletion of your account, profiles, and associated metadata directly from the mobile application's 'Settings' tab.

PRIV 066. DATA SECURITY

We use in-transit encryption (HTTPS/WSS) and tokenized authentication (JWT) to isolate your session. However, no software is entirely invulnerable to cyber breaches.

PRIV 077. DATA RETENTION & DELETION

We retain data only as necessary. • Deletion: You have the right to permanently delete your account and data from 'Settings > Danger Zone'. This action is irreversible.

PRIV 088. CHILDREN'S PRIVACY

We do not knowingly collect information from children under 13. If we discover such data, we will delete it immediately.

PRIV 099. CHANGES TO THIS POLICY

We may update this policy. We will notify you of any changes on this page.

PRIV 1010. CONTACT

We will notify you about critical updates to this privacy policy via in-app alerts or email. For legal inquiries: legal@stafly.app

For inquiries related to your data, write to legal@stafly.app