Privacy Policy – Scene2Seen

This Privacy Policy describes how Scene2Seen ("the Company", "We", "Us", "Our") collects, uses, and discloses your information when you use our disaster-response mobile application and related services ("the Service"). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

Words with capitalised initial letters have the meanings defined below, regardless of whether they appear in singular or plural form.

• Account – a unique account created for you to access our Service.
• Application – the Scene2Seen software program.
• Company – Scene2Seen (Team MANFO).
• Country – South Korea.
• Device – any device that can access the Service such as a smartphone or tablet.
• Personal Data – any information relating to an identified or identifiable individual.
• Service – the Application and its related services.
• Service Provider – any third-party company that processes data on our behalf.
• Usage Data – data collected automatically from use of the Service.
• You – the individual accessing or using the Service.

2. Data We Collect

Scene2Seen collects the following categories of data. Sensitive data (location, photos, audio) is collected only with your prior permission.

Location Data

• What: GPS coordinates (latitude and longitude), reverse-geocoded address string.
• How: expo-location (device GPS) and Google Maps Geocoding API.
• Stored: Firestore (reporter_lat, reporter_lng, location_name) and AsyncStorage on-device (selected location).
• Shared with: Google Maps Geocoding API, Google Firebase (Firestore).

Photos and Images

• What: Photos taken with the camera or selected from your gallery.
• How: expo-image-picker.
• Stored: Firebase Storage (evidence/image/…), download URL saved in Firestore (evidence_image_url).
• Shared with: Groq Cloud (Llama 4 Scout, primary AI image analysis), Google Cloud (Gemini, fallback AI image analysis), Google Firebase Storage.

Audio Recordings

• What: Voice recordings captured in-app for incident reporting.
• How: expo-audio / expo-av.
• Stored: Firebase Storage (evidence/voice/…), URL saved in Firestore (evidence_voice_url).
• Shared with: Google Cloud (Gemini, Burmese audio analysis), Groq Cloud (Whisper, speech-to-text transcription), Groq Cloud (Llama 3.3 70B, structured incident extraction), Google Firebase Storage.

Incident Report Content

• What: Incident type, severity level, text description, timestamp, source platform identifier.
• How: User input via the in-app incident form.
• Stored: Firestore (reports collection).
• Shared with: Google Firebase (Firestore), Telegram channel (auto cross-posted by bot server), Facebook Page (auto cross-posted by bot server).

Note: Incident reports you submit may be publicly visible on our Telegram channel and Facebook Page to assist rescue teams. Do not include sensitive personal details beyond what is necessary to describe the emergency.

User Account Data

• What: Email address, hashed password, display name.
• How: Email/password registration via Firebase Auth.
• Stored: Firebase Authentication.
• Shared with: Google Firebase Auth.

App Preferences

• What: Language preference, theme preference, custom language/form strings.
• How: User selection stored locally.
• Stored: AsyncStorage (on-device only, never transmitted).
• Shared with: Nobody.

Usage Data

• What: Device IP address, mobile device type and unique ID, OS version, in-app navigation patterns, access timestamps.
• How: Collected automatically by the Service infrastructure.
• Shared with: Google Firebase (analytics and server logs).

You can enable or disable camera, microphone, and location access at any time through your device settings.

3. How We Use Your Data

We use the collected data for the following purposes:

• To operate the Service and route incident reports to rescue dashboards.
• AI-powered disaster analysis — photos and audio are processed by Gemini, Groq Whisper, and Llama models to extract incident type, severity, and multilingual summaries.
• Location mapping — GPS coordinates are geocoded to display accurate incident markers on the rescue team's map.
• Public disaster alerts — validated reports are cross-posted to our Telegram channel and Facebook Page to inform the public and coordinate rescue teams.
• Account management — to authenticate you and differentiate between citizen and rescue-team roles.
• Push notifications — to alert you to nearby incidents relevant to your reported location.
• Service improvement — aggregated usage statistics help us improve app performance and AI accuracy.

We do not use your data for advertising and do not sell your personal data to third parties.

4. Data Sharing and Third Parties

We share data only with the following parties and only to the extent necessary to deliver the Service:

AI Service Providers

• Google Cloud (Gemini) – receives photos (fallback analysis) and Burmese audio. Subject to Google's Cloud Data Processing Addendum.
• Groq Cloud (Whisper and Llama models) – receives photos (primary analysis), non-Burmese audio for transcription, and transcripts for structured extraction. Subject to Groq's privacy terms.

Cloud Infrastructure

• Google Firebase (Firestore, Storage, Auth) – primary database, file storage, and authentication.
• Google Maps Geocoding API – receives GPS coordinates to produce human-readable addresses.

Social and Messaging Channels

• Telegram Channel – incident report content is automatically cross-posted by our bot server.
• Facebook Page – incident report content is automatically cross-posted by our bot server.

Other Disclosures

• With your explicit consent.
• In connection with a merger, acquisition, or asset sale, with prior notice.
• When required by law or valid government request.

5. Data Retention

• Account data: retained for the duration of your account plus up to 24 months after closure.
• Incident reports, photos, and audio: retained indefinitely as part of the disaster record archive unless you request deletion.
• Usage data and server logs: up to 24 months.
• App preferences: stored locally on your device and cleared when you uninstall the app.

When retention periods expire, we securely delete or anonymise personal data. Residual copies in encrypted backups are retained for a limited period and not restored except for disaster recovery or legal compliance.

6. International Data Transfers

Your information may be processed on servers maintained by Google Firebase and Groq, which may be located outside South Korea or Myanmar. By using the Service, you consent to these transfers. Where required by applicable law, including Korea's Personal Information Protection Act (PIPA), we ensure appropriate safeguards are in place.

7. Your Rights and Choices

• Access: request a copy of the personal data we hold about you.
• Correction: update or correct your data via Account settings.
• Deletion: request deletion of your personal data. Incident reports that form part of an active disaster record may be retained.
• Withdraw consent: disable camera, microphone, or location permissions at any time in your device settings.
• Data portability: request a machine-readable copy of your data where technically feasible.

To exercise any of these rights, contact us at the address in Section 13.

8. Disclosure of Personal Data

We may disclose your personal data in the following circumstances:

• Business transactions: in the event of a merger or asset sale, with prior notice.
• Law enforcement: when required by law or in response to valid requests from public authorities.
• Other legal requirements: to comply with a legal obligation, protect the rights or property of the Company, prevent wrongdoing, or protect the safety of users or the public.

9. Security

We implement Firebase Security Rules restricting data access by user role, HTTPS encryption in transit, and Firebase Auth for identity management. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed at anyone under the age of 16. We do not knowingly collect personal data from children under 16. If you believe your child has provided us with personal data, please contact us and we will take steps to remove that information.

11. Links to Other Websites

Our Service may contain links to third-party websites such as Telegram and Facebook. We have no control over and assume no responsibility for their content or privacy practices. We encourage you to review the privacy policy of every website you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated Policy on this page and updating the date at the top. For significant changes, we will provide a prominent notice within the Service or by email before the change becomes effective.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Scene2Seen (Team MANFO)
Ajou University, Suwon, South Korea
Email: kaunghtetkopma@gmail.com