PRIVACY POLICY

1. INTRODUCTION

Welcome to JALI (Journalist Alert and Information), a mobile application developed by Hype Interactive

Company Limited in collaboration with UTPC (United Tanzania Press Clubs) and UNESCO Tanzania to

support the safety and protection of journalists in East Africa.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use

the JALI mobile application. Please read this privacy policy carefully. If you do not agree with the terms of

this privacy policy, please do not access the application.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert

you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to

periodically review this Privacy Policy to stay informed of updates.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you register on the application.

The personal information we collect includes:

• Phone Number: Used for account registration and OTP verification
• Full Name: For user identification and personalization
• Gender: For statistical reporting and safety analysis
• Location Data: Geographic information for incident reporting and emergency services
• Profile Photo: Optional user profile image

2.2 Incident Report Information

When you submit an incident report, we collect:

• Detailed description of the incident
• Date, time, and location of the incident
• Type of incident (harassment, violence, censorship, etc.)
• Perpetrator information (when provided)
• Impact assessment information
• Police reporting status
• Supporting evidence (photos, documents, audio files)

2.3 Emergency Alert Information

When you use the panic button feature, we collect:

• Real-time GPS location data
• Emergency contact information
• Alert timestamp and status
• SMS delivery confirmation

2.4 Automatically Collected Information

When you access the application, we automatically collect:

• Device Information: Device type, operating system version, unique device identifiers
• Usage Data: App features used, session duration, crash reports
• Location Data: GPS coordinates when using location-based features
• Analytics Data: App performance metrics, feature usage statistics

2.5 Defense Network Contacts

We collect and store information about your emergency contacts:

• Contact names and phone numbers
• Organization affiliations
• Contact verification status

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Core Functionality

• Account Management: Create and manage user accounts, authenticate users
• Emergency Response: Send SMS alerts to defense network during emergencies
• Incident Reporting: Process and manage incident reports
• Risk Assessment: Provide personalized safety recommendations
• Location Services: Map incident locations and provide emergency location sharing

3.2 Safety and Protection

• Emergency Alerts: Deliver immediate notifications to your defense network
• Safety Resources: Provide relevant safety tips and guidelines
• Incident Tracking: Monitor and analyze safety incidents affecting journalists

3.3 Communication

• Service Updates: Send important notifications about app features and updates
• Support Services: Respond to inquiries and provide customer support
• Educational Content: Deliver knowledge hub articles and resources

3.4 Analytics and Improvement

• Usage Analysis: Understand how users interact with the app
• Performance Monitoring: Identify and fix technical issues
• Feature Development: Improve existing features and develop new ones
• Statistical Reporting: Generate aggregate reports on journalist safety trends

3.5 Legal and Compliance

• Legal Obligations: Comply with applicable laws and regulations
• Rights Protection: Protect our rights and the rights of our users
• Security: Prevent fraud, abuse, and security incidents

4. HOW WE SHARE YOUR INFORMATION

4.1 With Your Consent

We share your information when you explicitly authorize us to do so:

• Emergency Contacts: SMS alerts sent to your selected defense network
• Incident Reports: Shared with relevant organizations when you choose to report
• Support Organizations: Connected with selected support services during emergencies

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Beem Africa: SMS delivery service for emergency alerts
• Google Maps Platform: Location mapping and geocoding services
• Firebase: Push notifications and analytics services
• Digital Ocean: Hosting and infrastructure services

These service providers are contractually obligated to protect your information and use it only for the

purposes we specify.

4.3 Partner Organizations

We may share aggregated, non-personally identifiable information with:

• UTPC (United Tanzania Press Clubs): Statistical reports on journalist safety trends
• UNESCO Tanzania: Aggregate data for policy development and advocacy
• Authorized Organizations: Registered partner organizations with appropriate access rights

4.4 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations or court orders
• Protect the rights, property, or safety of JALI, our users, or others
• Investigate potential violations of our Terms of Service
• Respond to emergency situations involving danger of death or serious physical injury

4.5 What We Do NOT Share

We will never:

• Sell your personal information to third parties
• Share your incident reports without your consent
• Disclose your emergency alerts to unauthorized parties
• Use your information for marketing purposes without permission

5. DATA SECURITY

5.1 Security Measures

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: AES-256 encryption for sensitive data at rest
• Transport Security: HTTPS/TLS 1.3 for all data transmission
• Authentication: JWT token-based secure authentication
• Access Control: Role-based access restrictions
• Security Monitoring: Regular security audits and monitoring
• Backup Systems: Automated encrypted backups

5.2 PIN Protection

The application includes PIN-based security features:

• Access to sensitive information (report history) requires PIN entry
• Configurable auto-logout functionality
• PIN reset through secure verification process

5.3 Data Breach Protocol

In the event of a data breach that compromises your personal information:

• We will notify affected users within 72 hours
• We will inform relevant authorities as required by law
• We will provide guidance on protective measures
• We will conduct a thorough investigation and implement corrective measures

5.4 Limitations

Despite our security measures, no system is completely secure. We cannot guarantee absolute security

of your information. You acknowledge and accept these inherent risks when using the application.

6. DATA RETENTION

6.1 Retention Periods

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Information: Retained while your account is active and for 2 years after account
• deletion
• Incident Reports: Retained for 7 years for statistical analysis and legal purposes
• Emergency Alerts: Retained for 5 years for safety pattern analysis
• Usage Data: Retained for 1 year for analytics purposes
• Support Communications: Retained for 3 years

6.2 Data Deletion

You may request deletion of your personal information at any time. Upon receiving a valid deletion

request through the account deletion link:

• Your account and associated personal information will be deleted immediately upon
• confirmation
• Some information may be retained in backup systems for up to 90 days
• Aggregated, anonymized data may be retained indefinitely for statistical purposes
• Information required for legal compliance may be retained as legally required

7. YOUR PRIVACY RIGHTS

7.1 Access Rights

You have the right to:

• Access: Request access to your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Restriction: Request restriction of processing of your information
• Objection: Object to certain types of processing

7.2 How to Exercise Your Rights

To exercise these rights:

• 1. In-App: Use the profile settings section
• 2. Email: Contact us at info@utpc.or.tz
• 3. Account Deletion: Visit the account deletion link and confirm deletion
• 4. Written Request: Send a letter to our physical address

We will respond to your request within 30 days.

7.3 Account Management

You can directly manage certain information through the app:

• Update profile information
• Modify defense network contacts
• Change notification preferences
• Delete your account immediately by visiting the deletion link and confirming
• Export your data

7.4 Consent Withdrawal

You may withdraw consent for data processing at any time by:

• Disabling specific app permissions in device settings
• Turning off location services
• Deleting your account
• Contacting us to request specific processing cessation

Note that withdrawing consent may limit your ability to use certain features.

8. CHILDREN'S PRIVACY

The JALI application is not intended for use by individuals under the age of 18. We do not knowingly

collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18:

• We will delete such information immediately
• We will terminate the associated account
• We will notify the responsible parties if contact information is available

If you believe we have collected information from a child under 18, please contact us immediately at

info@utpc.or.tz.

9. INTERNATIONAL DATA TRANSFERS

9.1 Primary Data Location

Your information is primarily stored and processed in:

• Primary Location: Tanzania, East Africa
• Hosting Provider: Digital Ocean data centers
• Backup Location: Secure encrypted cloud storage

9.2 Cross-Border Transfers

Some of our service providers may process data in other countries:

• Firebase (Google): May process data in various global locations
• Google Maps: May process location data internationally

We ensure that any international transfers comply with applicable data protection laws through:

• Standard contractual clauses
• Adequacy decisions
• Other lawful transfer mechanisms

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Mobile Application

The JALI mobile application does not use cookies. However, we use similar technologies:

• Local Storage: For app preferences and cached data
• Device Identifiers: For analytics and authentication
• Firebase Analytics: For usage tracking and crash reporting

10.2 Web Dashboard

The administrative web dashboard uses:

• Session Cookies: For authentication and security
• Preference Cookies: For user settings and language preferences
• Analytics Cookies: For usage statistics

You can control cookie preferences through your browser settings.

10.3 Third-Party Analytics

We use Firebase Analytics to understand app usage. This service may collect:

• Device information
• Usage patterns
• Crash reports
• Performance metrics

You can opt out of analytics tracking through the app settings.

11. THIRD-PARTY LINKS AND SERVICES

11.1 External Links

The application may contain links to external websites and resources in the Knowledge Hub. We are not

responsible for:

• Privacy practices of third-party websites
• Content accuracy of external resources
• Security of third-party services

We encourage you to review the privacy policies of any external websites you visit.

11.2 Third-Party Services

We integrate with the following third-party services:

Beem Africa (SMS Services)

• Purpose: Emergency alert delivery
• Data Shared: Phone numbers, message content
• Privacy Policy: Available at Beem Africa website

Google Maps Platform

• Purpose: Location mapping and services
• Data Shared: Location coordinates
• Privacy Policy: Available at Google Privacy Center

Firebase (Google)

• Purpose: Push notifications, analytics, authentication
• Data Shared: Device identifiers, usage data
• Privacy Policy: Available at Firebase Privacy Information

12. SPECIAL SITUATIONS

12.1 Emergency Situations

In genuine emergency situations where there is immediate danger to life or safety:

• We may share your location information with emergency services
• We may contact your defense network even if notifications are disabled
• We may cooperate with law enforcement authorities
• Normal consent requirements may be temporarily bypassed

12.2 Whistleblower Protection

For users reporting sensitive incidents:

• We implement additional security measures for whistleblower reports
• We limit internal access to sensitive reports
• We can facilitate anonymous reporting when requested
• We protect reporter identity to the fullest extent possible

12.3 Legal Proceedings

If we are involved in legal proceedings:

• We may be required to disclose user information
• We will notify affected users unless legally prohibited
• We will challenge overly broad or inappropriate requests
• We will only disclose the minimum necessary information

13. DATA SUBJECT RIGHTS (GDPR COMPLIANCE)

For users in regions with enhanced data protection laws (such as GDPR in Europe), you have additional

rights:

13.1 Right to be Informed

You have the right to clear information about how we process your data (provided in this policy).

13.2 Right of Access

You can request a copy of all personal data we hold about you.

13.3 Right to Rectification

You can request correction of inaccurate or incomplete data.

13.4 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. Account deletion happens

immediately when you visit the account deletion link and confirm deletion.

13.5 Right to Restrict Processing

You can request that we limit how we process your data.

13.6 Right to Data Portability

You can request your data in a structured, machine-readable format.

13.7 Right to Object

You can object to certain types of processing, including direct marketing.

13.8 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

13.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

14. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act

(CCPA):

14.1 Categories of Information Collected

Refer to Section 2 for detailed categories of personal information collected.

14.2 Sale of Personal Information

We do NOT sell your personal information to third parties.

14.3 Your CCPA Rights

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of your personal information. You can delete your account
• immediately by visiting the account deletion link and confirming deletion.
• Right to Opt-Out: Opt-out of the sale of personal information (not applicable as we don't sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

14.4 Exercising CCPA Rights

To exercise these rights:

• Email: info@utpc.or.tz
• Phone: +255 764 522 998
• In-App: Use the profile settings or visit the account deletion link
• Account Deletion: Visit the deletion link and confirm to delete immediately

We will verify your identity before processing requests and respond within 45 days.

15. CHANGES TO THIS PRIVACY POLICY

15.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services
• User feedback and requests

15.2 Notification of Changes

When we make material changes to this Privacy Policy:

• We will update the "Last Updated" date
• We will send a push notification through the app
• We will display a prominent notice in the app
• For significant changes, we may require re-acceptance

15.3 Your Continued Use

Your continued use of the application after changes to this Privacy Policy constitutes acceptance of those

changes. If you do not agree with the changes, you should stop using the application and delete your

account.

16. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please

contact us:

United Tanzania Press Clubs (UTPC)

Email: info@utpc.or.tz

Developer Contact: Hype Interactive Company Limited House No. 46 Sinza Vatican Ubungo, Dar es

Salaam Tanzania, East Africa

Phone: +255 756 808 677

Website: www.hype.co.tz

Response Time: We aim to respond to all inquiries within 5 business days

Data Protection Officer: You may also contact our Data Protection Officer at info@utpc.or.tz

17. SPECIFIC JURISDICTIONAL PROVISIONS

17.1 Tanzania Data Protection

We comply with the Electronic and Postal Communications Act and any applicable data protection

regulations in Tanzania.

17.2 East African Community

We follow data protection principles applicable across the East African Community member states.

17.3 European Union

For EU users, we comply with GDPR requirements as outlined in Section 13.

17.4 United States

For US users, we comply with applicable federal and state privacy laws, including CCPA as outlined in

Section 14.

18. GLOSSARY

Personal Information: Information that identifies or can identify an individual

Processing: Any operation performed on personal data

Data Controller: The entity that determines purposes and means of processing (UTPC/UNESCO Tanzania)

Data Processor: The entity that processes data on behalf of the controller

Consent: Freely given, specific, informed indication of agreement to data processing

Anonymization: Process of removing personal identifiers from data

Encryption: Process of encoding information to prevent unauthorized access

Data Breach: Unauthorized access, disclosure, or loss of personal information

19. ACCEPTANCE OF POLICY

By using the JALI application, you acknowledge that:

1. 1. You have read and understood this Privacy Policy
2. 2. You agree to the collection, use, and sharing of your information as described
3. 3. You understand your rights and how to exercise them
4. 4. You consent to the processing of your personal information

If you do not agree with this Privacy Policy, please do not use the JALI application.

Last Updated: October 26, 2025

Document Version: 1.0

Effective Date: October 26, 2025

© 2025 Hype Interactive Company Limited, United Tanzania Press Clubs (UTPC), and UNESCO Tanzania.

All rights reserved.