Privacy policy

SENTRI is a community safety platform operated as a pilot programme in Nigeria. When we refer to "SENTRI", "we", "us", or "our" in this policy, we mean the organisation running the SENTRI pilot. Our contact address for data matters is: support@sentrinetwork.org

We collect and process the following categories of personal data: Identity data: full name, phone number, email address. Location data: GPS coordinates attached to incident reports you submit. Device data: Expo push notification token (to deliver alerts to your device). Usage data: incidents you report, alerts you receive, check-in responses, and training module completions. Communications: messages you submit via lead capture forms or by email to our support address. We do not collect facial images, biometric data, financial information, or government ID numbers.

We use your personal data to: • Operate the SENTRI platform and deliver safety alerts to your community. • Allow coordinators in your community to see your welfare check-in status after an alert. • Send you push notifications and SMS messages about incidents in your registered community. • Improve the platform and diagnose technical issues. • Respond to enquiries submitted via our contact forms. We do not sell, rent, or share your personal data with advertisers or data brokers.

We process personal data under the following bases under the Nigeria Data Protection Act 2023 (NDPA): Contractual necessity: processing required to provide the SENTRI service you have registered for. Legitimate interests: platform security, fraud prevention, and improving service reliability. Consent: where you have explicitly opted in, for example by ticking the consent checkbox on our lead capture form.

We share your data only with: Supabase (database and authentication infrastructure, hosted in the EU). Expo (push notification delivery service). Africa's Talking (SMS delivery for alert fallback — Nigeria). All processors are bound by data processing agreements. We do not transfer your data outside Nigeria or the EU without appropriate safeguards.

Incident reports and alerts are retained for 24 months from creation, after which they are anonymised. Profile and membership data is retained for as long as your account is active plus 12 months. Audit log entries are retained for 36 months for compliance purposes. Lead form submissions are retained for 12 months. You may request earlier deletion — see section 8.

Your data is stored in Supabase with row-level security policies that ensure users can access only data they are authorised to see. All data in transit is encrypted with TLS 1.2 or higher. Access to the admin system requires multi-factor authentication for all coordinator-level accounts and above.

Under the NDPA you have the right to: • Access: request a copy of the personal data we hold about you. • Rectification: ask us to correct inaccurate data. • Erasure: ask us to delete your personal data, subject to legal retention obligations. • Restriction: ask us to limit how we use your data. • Portability: receive your data in a machine-readable format. • Objection: object to processing based on legitimate interests. To exercise any of these rights, email support@sentrinetwork.org with the subject "Data request". We will respond within 30 days.

The SENTRI web application uses only technically necessary cookies (session management and authentication). We do not use advertising or analytics cookies. We do not use third-party tracking pixels.

We may update this policy from time to time. Material changes will be communicated to registered users by email or in-app notification at least 14 days before they take effect. The current version will always be published at sentrinetwork.org/privacy.