Privacy Policy

BlockMarshal · Last updated April 2026

1. Who we are

BlockMarshal is a community safety application designed and operated in Ghana. We help residents report incidents, track stolen items, coordinate neighbourhood watch groups, and access emergency tools. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have.

If you have questions or concerns about your data, please contact us at privacy@blockmarshal.com.

2. What data we collect

We collect several types of data in order to provide the BlockMarshal service. Below is a complete list.

Account information

When you create an account we collect your phone number and, optionally, your name, email address, and profile photo. If you sign in with Google or Apple, we receive the name and email address associated with that account.

Location data

If you grant location permission, we collect your GPS coordinates. Before your location is stored or shared with other users, we apply "coordinate fuzzing" — a random offset that hides your exact position. We also record the area label (neighbourhood or street name) for display purposes. When you opt in to emergency SOS alerts, we use your approximate real-time location to match you with nearby emergencies.

Photos and videos

You may capture or upload photos and videos as incident evidence, asset registration photos, or a profile picture. These files are stored securely and are only shared when you choose to attach them to a community alert, case file, or asset listing.

Voice recordings

If you record audio as part of a case file, the recording is stored as evidence linked to that case. Voice recordings are private to you unless you explicitly share the case file.

Emergency contacts

You may add emergency contact names and phone numbers. These are used to notify your designated contacts during SOS alerts and overdue safety checks. Emergency contact data is stored securely and is not visible to other users.

Device information

We collect basic device information such as device type, operating system, and app version. This helps us troubleshoot issues and optimise the app for your device.

Push notification tokens

If you enable push notifications, your device generates a unique token that allows us to deliver alerts to your device. We do not use this token for any other purpose.

Usage data

We log anonymous feature interactions and timestamps to understand how the app is used and to improve it. This data is not linked to your identity.

Safety PIN

If you set a Safety PIN, it is stored as a cryptographic hash (PBKDF2-SHA256 with 100,000 iterations). We never store your PIN in plain text and cannot recover it.

Payment data

Subscription payments are processed by Paystack. We store a transaction reference and plan details to verify your subscription status. We do not store your card number, CVV, or other payment card details. Please refer to Paystack's Privacy Policy for how they handle your payment information.

Local storage

Some data is stored locally on your device for offline functionality. This includes an offline SOS queue (so an SOS can be sent when you reconnect), app preferences, and cached data. This data stays on your device and is cleared when you sign out or delete the app.

3. How we use your data

We use your data only to provide, improve, and secure the BlockMarshal service.

• SOS alerts: When you trigger an SOS, your fuzzy location is shared with your trusted circle (with your name) and with nearby opted-in users (anonymously). Your emergency contacts are also notified if they have a BlockMarshal account.
• Safety checks: When a safety check timer expires, your trusted circle is notified and can monitor your check-in status.
• Community alerts: Your incident reports appear on the public feed and map with a fuzzy location. Other users can see the report but cannot determine your exact position.
• Block Watch: Posts you make in a Block Watch group are visible to approved group members only.
• Case files: Case files are private to you. They are only shared when you choose to export them (WhatsApp, print, PDF).
• Asset vault: Your registered assets are private. Only items you mark as stolen (HOT) are publicly searchable by serial number or IMEI so that buyers can verify whether an item has been reported stolen.
• Push notifications: We use push notifications to deliver SOS alerts, safety check reminders, community alerts, and account updates.
• Payments: We use your Paystack transaction reference to verify and manage your subscription status.
• Moderation: We review content reported by users for policy violations to keep the community safe.

We do NOT use your data for advertising, behavioural profiling, or selling to third parties.

4. Location data

Location is central to how BlockMarshal works. Here is exactly how we handle it:

• We collect GPS coordinates only when you grant location permission on your device. You can revoke this permission at any time through your device settings.
• Coordinates are "fuzzed" (randomly offset within a configurable radius) before being stored or shown to other users. Your exact location is never revealed to other users.
• If you opt in to SOS emergency alerts, your approximate real-time location is used to match you with nearby emergencies. This presence data is temporary.
• Presence data is cleared when you close the app or after two hours of inactivity, whichever comes first.
• You can disable location sharing for SOS alerts at any time in Settings > Security > "Share my location for emergencies."
• You can disable location for incident reports in Settings > Security > "Use location for reports."

5. How we share your data

With other BlockMarshal users

• Community alerts show your fuzzy location and report details. Your name is shown only if you are a verified user and have chosen to display it.
• SOS alerts share your fuzzy location and name with your trusted circle. Nearby opted-in responders see your SOS anonymously.
• Block Watch posts are visible only to approved group members.
• Stolen asset listings show the item details and serial number but not your personal information.

With service providers

We use the following third-party services to operate BlockMarshal. Each provider processes data according to their own privacy policy:

• Supabase — database, authentication, and file storage. Privacy Policy
• Mapbox — maps and geocoding. Privacy Policy
• Paystack — payment processing. Privacy Policy
• Google — OAuth sign-in (if you choose to sign in with Google). Privacy Policy
• Apple — OAuth sign-in (if you choose to sign in with Apple). Privacy Policy
• Firebase Cloud Messaging / Apple Push Notification Service — delivering push notifications to your device.

With law enforcement

We will only share your data with law enforcement or government authorities if required by Ghanaian law (for example, a court order) or with your explicit consent. We will notify you if we receive such a request unless we are legally prohibited from doing so.

We never sell your personal data.

6. Data storage and security

• Your data is stored on Supabase cloud infrastructure. Supabase uses industry-standard security measures including encrypted storage and regular security audits.
• All data transmitted between your device and our servers is encrypted using HTTPS/TLS. Data is also encrypted at rest on the server.
• Access to user data is restricted to authorised BlockMarshal team members who need it to operate and support the service.
• Row-level security policies in our database ensure that users can only read and modify their own data. Sensitive internal fields (such as credibility scores, moderator flags, and payment metadata) are excluded from user-facing queries.
• Safety PINs are hashed using PBKDF2-SHA256 with 100,000 iterations and a unique salt. We cannot recover your PIN from the stored hash.
• Some data is cached locally on your device using IndexedDB and localStorage for offline functionality (for example, an offline SOS queue). This data is cleared when you sign out.

No system is perfectly secure. If you believe your account has been compromised, please contact us immediately at privacy@blockmarshal.com.

7. Data retention

• Account data: Retained for as long as your account is active.
• Incident reports: Retained for community safety purposes. You can withdraw your own reports at any time. When you delete your account, your reports are either anonymised or removed.
• Evidence files: Retained while linked to an active incident or case file. Deleted when you delete your account.
• Case files: Retained until you delete them or delete your account.
• SOS alerts: Active SOS alerts expire after 10 minutes. Historical SOS records are retained for your safety history and are deleted when you delete your account.
• Block Watch posts: Community safety posts you made in Block Watch groups may be preserved anonymously after account deletion for public safety purposes.
• Deleted accounts: When you delete your account, all personal data is removed within 30 days. Some anonymised data may be retained for safety and statistical purposes.

8. Your rights

You have the following rights over your personal data:

• Access: You can view and export all your data at any time from Settings > Privacy & Legal > Export My Data. Your data is exported in a standard JSON format.
• Correction: You can edit your profile information, report details, and asset records at any time within the app.
• Deletion: You can permanently delete your account and all associated data from Settings > Privacy & Legal > Delete Account. Deletion is immediate and irreversible.
• Withdraw consent: You can disable location sharing, push notifications, SOS alerts, and incident alerts at any time in Settings. Disabling these features does not require you to delete your account.
• Data portability: The Export My Data feature provides your data in a structured, machine-readable format that you can take to another service.
• Contact us: For any data-related request or concern, email privacy@blockmarshal.com. We will respond within 14 business days.

9. Children

BlockMarshal is intended for users aged 18 and older. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that a user is under 18, we will promptly delete their account and all associated data. If you believe a minor is using BlockMarshal, please contact us at privacy@blockmarshal.com.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page and notify you via an in-app notification. If the changes are significant, we will ask you to review and accept the updated policy before continuing to use the app. Your continued use of BlockMarshal after a policy update constitutes your acceptance of the revised terms.

11. Contact

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

• Email: privacy@blockmarshal.com
• General enquiries: info@blockmarshal.com
• Response time: Within 14 business days.

BlockMarshal · Ghana