← Back

Privacy Policy

1. Who We Are

Zentri is a personal safety application developed and operated by Kaufast (CIF: N03651059), registered in Spain, with its registered address at Calle de la Ribiera 14, 08003, Barcelona, Spain. As the data controller, we are responsible for the personal data you provide when using the Zentri app. For any privacy-related enquiries, please contact us at info@kaufast.com.

2. Data We Collect

We collect the following categories of personal data:

  • Phone number — used for account creation and authentication via Firebase Auth.
  • Location data — GPS coordinates collected during an active SOS alert and shared with your designated emergency contacts.
  • Audio recordings — recorded during an active SOS alert and uploaded to secure cloud storage as evidence.
  • Emergency contacts list — names and phone numbers you voluntarily add to the app.
  • Front-camera photo — optionally captured when an SOS alert is cancelled, stored as tamper evidence and accessible only to you.
  • Alert session data — metadata including alert duration, trigger method, and device model, stored to power your in-app alert history.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Article 6(1)(a) — Consent: for audio recording and location sharing during SOS alerts.
  • Article 6(1)(f) — Legitimate interest: for maintaining the safety and security of the service and for fraud prevention.

4. How We Use Your Data

Your data is used exclusively to provide the Zentri safety service. Specifically:

  • Phone numbers are used only for authentication and SMS delivery to emergency contacts.
  • Location data is shared only with your explicitly designated emergency contacts during an active alert.
  • Audio recordings are stored securely and accessible only to you.
  • We do not sell, rent, or share your personal data for marketing, advertising, or any commercial purpose.

5. Third-Party Processors

We use the following third-party processors to deliver the service:

  • Google Firebase (Firebase Auth, Firestore, Realtime Database, Storage) — data stored in EU data centers. Google acts as a data processor under our instructions.
  • Amazon Web Services (AWS) — used solely for transient SMS delivery. No personal data is stored by AWS beyond the time required to route the message.

6. Data Retention

  • Audio and location recordings: retained for 30 days after each alert, after which they are automatically deleted.
  • Emergency contacts: retained until you delete them from the app or delete your account.
  • Account data (phone number): retained until you delete your account.
  • Alert session data: retained until you delete your account.

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request correction of inaccurate data.
  • Right to erasure — you may request deletion of your personal data.
  • Right to data portability — you may request your data in a machine-readable format.
  • Right to object — you may object to processing based on legitimate interests.
  • Right to lodge a complaint — you have the right to lodge a complaint with your national data protection supervisory authority. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk. Spain-based users may contact the Agencia Española de Protección de Datos (AEPD) at aepd.es. Other EU users may contact their respective national data protection authority.

To exercise any of these rights, contact us at info@kaufast.com.

8. International Data Transfers

Firebase stores your data in EU data centres (europe-west1). AWS SMS routing may transit through US servers transiently. For any transfer of personal data from the EU/EEA or UK to the United States, Standard Contractual Clauses (SCCs) approved by the European Commission apply to ensure an adequate level of data protection.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Zentri does not sell or share your personal information as defined under the CCPA/CPRA.
  • You have the right to request access to, deletion of, and correction of your personal information.
  • We do not offer financial incentive programs related to the collection of personal information.
  • To exercise your rights, contact us at info@kaufast.com.

10. US State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), and Connecticut (CTDPA) have similar rights to access, delete, correct, and opt out of certain processing of their personal data. To exercise these rights, contact us at info@kaufast.com. We will respond to verified requests within the timeframes required by applicable law.

11. Automated Decision-Making

Zentri does not use automated decision-making or profiling as defined under GDPR Article 22. No decisions with legal or similarly significant effects are made about you solely through automated means.

12. Children

Zentri is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app. Your continued use of the service after notification constitutes acceptance of the updated policy.

14. Contact

For any questions or concerns about this Privacy Policy, please contact: info@kaufast.com.

Last updated: April 2026