Privacy Policy

Last updated: March 31, 2026

This Privacy Policy explains how NTBIES SRL handles data when you use our mobile application. We are committed to safeguarding your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR). Safia is built on a zero-PII architecture: we do not collect, store, or process any personally identifiable information.

Who We Are

This policy applies to the mobile application Safia, developed and operated by:

NTBIES SRL
Avenue Herrmann Debroux 54
1160 Auderghem, Brussels, Belgium
VAT: BE1001972287
Website: https://ntbies.com
Email: [email protected]

Ghost Protocol: Our Privacy Commitment

Safia operates under what we call the Ghost Protocol, a set of design principles that ensure no user can ever be identified through the App:

  • No accounts. There is no registration, no login, no authentication. Every user is an anonymous guest.
  • No personal data. We do not collect names, email addresses, phone numbers, profile pictures, or any other personally identifiable information.
  • Automatic erasure. All guest accounts are automatically and permanently deleted every thirty (30) days.

What Data We Collect

We only collect the minimum information necessary to deliver the App's core features. None of this data is personally identifiable.

Location Data

Your current location is required for the app to function properly (e.g., to submit or view relevant reports). We collect this data only while the app is in use and never in the background. Location data is used in real time and is not linked to any personal identifier.

Device Preferences

We store basic configuration details such as your preferred language and notification preferences to personalize your experience.

Report Data

When you submit a report, we collect metadata such as time and location, and optionally media (images or videos). These reports are fully anonymous, cannot be traced back to any individual, and become the exclusive property of NTBIES SRL upon submission. Users are not entitled to any compensation for reports submitted through the App.

How We Use Your Data

We process data for the following purposes:

  • To deliver app features that rely on location
  • To personalize content and language settings
  • To ensure security and prevent misuse
  • To support service improvement and diagnostics

Since no personal data is collected, the legal basis for processing is our legitimate interest in providing and improving the service.

Where and How Your Data Is Stored

Your data is stored securely in the European Union, using:

  • Firebase (Google Cloud, EU servers): for anonymous report submissions and app functionality.
  • Hostkey infrastructure: supports backend operations but does not store user data.

All data is encrypted at rest and in transit. We maintain strict access controls and audit logs. Because no PII exists in our systems, even in the unlikely event of a data breach, no personal information could be exposed.

Data Sharing

We do not sell or rent your data. We do not share your data with third parties, except:

  • When required by law
  • When using third-party processors under strict contractual terms (e.g., Firebase)

Since no personally identifiable information is collected, any data shared with processors is inherently anonymous.

Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Request information about the data we process
  • Request deletion of data associated with your device
  • Object to or restrict certain types of processing

Because Safia does not collect any personal data, most traditional data subject rights (access, correction, portability) do not apply in practice since there is no personal data to access, correct, or port. However, you can exercise any applicable right by contacting us at [email protected]. We will respond within legal timeframes.

Data Retention and Automatic Erasure

All guest data is automatically and permanently erased every thirty (30) days. This includes reports, preferences, and any metadata associated with app usage. No data is retained beyond this period unless required by law.

After erasure, there is no way to recover data, as it is permanently deleted from all systems. This automatic cycle ensures that even non-personal data does not accumulate over time.

Security

We apply industry-standard security practices including:

  • Encrypted data transmission (SSL/TLS)
  • Server-side validation
  • Access restriction and logging
  • Routine security reviews and updates
  • Zero-PII architecture as a foundational security measure

Children

This app is not intended for children under 16. Because Safia does not collect any personal data, the risk to minors is significantly reduced. However, if you believe a child is using the App inappropriately, please contact us.

Changes to This Policy

We may update this policy as our services evolve or to comply with new laws. When significant changes are made, we will notify users in the app. The latest version is always available at https://safia.at/privacy.

Contact

If you have any questions or concerns about this policy or how we handle data, please contact:

NTBIES SRL
Avenue Herrmann Debroux 54
1160 Auderghem, Brussels, Belgium
Email: [email protected]
Phone: +32 2 89 89 789

Thank you for using Safia. Your privacy is not just a feature, it is our architecture.