Privacy Policy

Effective date: March 30, 2026

TechniqalGroup MCS ("Company," "we," "us," or "our") operates the SANAOL mobile application (the "App"). This Privacy Policy describes how we collect, use, share, retain, and protect your information when you access or use the App. It also explains your rights and choices regarding your data.

By creating an account or using the App, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide Directly

Account registration: name, email address, password, and date of birth.
Profile data: username, display name, gender, bio, and profile photo.
User-generated content: posts (text, photos, videos), comments, reactions (likes/dislikes), and stories/moments you create, including visibility settings you assign to each.
Messages: text messages sent through the App's direct messaging feature.
Call data: when you initiate or receive a voice or video call, we store call metadata (caller, callee, call type, start time, end time, duration, and end reason). We do not record or store the audio or video content of your calls.
Communications with us: if you contact us for support or feedback, we retain the correspondence and any information you provide.

1.2 Information Collected Automatically

Location data: with your explicit permission, we collect your precise GPS coordinates (latitude and longitude) to display your position on the interactive map, show nearby users and points of interest, and optionally attach a location to posts you create. Location data may be cached temporarily in our servers to support real-time map features.
Device information: device model, operating system and version, unique device identifiers, app version, locale, and time zone.
Usage and engagement data: features accessed, interactions (views, taps, scrolls), post view duration, content completion rates, and engagement metrics.
Session data: IP address, user-agent string, session timestamps, and last-activity time.
Push notification tokens: if you enable push notifications, we collect your Expo push token to deliver alerts.
Media metadata: file size, MIME type, image dimensions, video duration, and processing status of media you upload.

1.3 Information from Third Parties

Social login providers: when you sign in through Google, Facebook, or Apple, we receive the basic profile information you authorize (name, email, profile picture, and provider-specific user ID). We do not receive your social media password.

2. How We Use Your Information

We use the information we collect for the following purposes:

Provide and operate the App: deliver core features including the interactive map, posts, messaging, voice/video calls, stories, and notifications.
Display your presence: show your location and profile on the map according to your chosen privacy level.
Process media: compress images, transcode videos, generate thumbnails, and optimize uploaded content for delivery.
Authenticate and secure your account: verify your identity, manage sessions, and issue access tokens.
Facilitate calls: establish peer-to-peer voice and video connections using WebRTC, including exchanging signaling data and routing media through relay servers when direct connections are unavailable.
Send notifications: deliver push notifications for new messages, follows, reactions, call events, and other engagement alerts you have opted into.
Personalize your experience: curate your feed and surface relevant content based on your interactions and preferences (such as "not interested" signals).
Enforce our policies: detect, investigate, and prevent fraud, abuse, spam, and violations of our Terms of Service.
Improve the App: analyze aggregated, anonymized usage data to troubleshoot issues, measure performance, and develop new features.
Comply with legal obligations: respond to lawful requests from authorities and fulfill our regulatory duties.

3. Your Privacy Controls

SANAOL provides granular privacy settings that you can adjust at any time from the App's Settings screen:

Control	Options
Anonymous mode	Hide your identity on the map; other users see "Anonymous User."
Location privacy	Share your live location with everyone, followers only, mutuals only, or no one.
Username visibility	Public, followers, mutuals, or private.
Email visibility	Public, followers, mutuals, or private.
Birthdate visibility	Public, followers, mutuals, or private.
Gender visibility	Public, followers, mutuals, or private.
Social-graph visibility	Control who can see your followers and following lists.
Post visibility	Set each post to public, followers, mutuals, or private.
Blocking	Block any user to prevent them from following you, messaging you, seeing your content, or locating you on the map.
Device permissions	Revoke location, camera, microphone, or notification access at any time via your device settings.

4. How We Share Your Information

We do not sell, rent, or trade your personal data. We may share your information only in the following circumstances:

With other users: your profile, posts, location, and other content are visible to other App users according to your privacy settings. Direct messages are visible only to conversation participants.
Service providers: we engage trusted third-party vendors to help operate the App. These providers process data on our behalf under contractual obligations to protect your information:
- Amazon Web Services (AWS): cloud hosting, file storage (S3), and email delivery (SES).
- Mapbox: map rendering and geospatial services.
- Google: STUN servers for WebRTC connectivity and OAuth authentication.
- Facebook/Meta: OAuth authentication.
- FFmpeg (self-hosted): server-side video transcoding and media optimization.
WebRTC relay (TURN) servers: when a direct peer-to-peer connection cannot be established for voice or video calls, your call media may be relayed through our TURN server infrastructure. These servers do not store call content.
Legal requirements: we may disclose your data when required by law, regulation, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: in the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change.

5. Device Permissions

The App may request the following permissions on your device. Each permission is optional and requested only when needed for a specific feature:

Location (foreground and background): display your position on the map and enable nearby-user discovery.
Camera: capture photos and videos for posts, stories, and video calls.
Microphone: record audio for video content and voice/video calls.
Photo library / storage: select existing photos and videos from your device to attach to posts.
Notifications: receive push notifications for messages, calls, follows, and reactions.
Tracking transparency (iOS): we request your consent before enabling any cross-app tracking identifiers, in compliance with Apple's App Tracking Transparency framework. You may decline without affecting core functionality.

You may revoke any of these permissions at any time through your device's system settings.

6. Data Retention

Active accounts: we retain your personal data for as long as your account remains active and as needed to provide the App's services.
Deleted accounts: when you delete your account, we remove or anonymize your personal data, posts, media, messages, followers, call records, notifications, and settings within 30 days.
Location cache: real-time location data is stored temporarily and expires automatically via time-to-live policies.
Soft-deleted messages: deleted messages are marked as removed and purged during the account-deletion process.
Legal retention: we may retain certain data beyond 30 days where required by applicable law, regulation, or legitimate legal obligation (e.g., tax, fraud-prevention, or dispute-resolution requirements).

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

Encrypted data transmission using TLS/HTTPS for all client-server communication.
Passwords hashed using bcrypt; plaintext passwords are never stored.
Token-based API authentication (Laravel Sanctum) with device-scoped tokens.
End-to-end encrypted voice and video calls via WebRTC (SRTP).
Server-side encryption at rest for stored files (AWS S3 SSE).
Access controls, role-based permissions, and audit logging.
Rate limiting and throttling to prevent brute-force attacks.
Parameterized database queries to prevent SQL injection.

Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you use the App at your own risk.

8. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your own, including the United States (where AWS and other service providers maintain infrastructure). By using the App, you consent to the transfer of your data to these jurisdictions, which may have different data-protection laws than your country of residence. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

9. Children's Privacy

The App is not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or the applicable minimum age in your jurisdiction). If we become aware that we have inadvertently collected data from a child below the applicable age, we will take prompt steps to delete that information. If you believe a child has provided us with their personal data, please contact us immediately.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Correction: request correction of inaccurate or incomplete data.
Deletion: request deletion of your personal data (you can also delete your account directly from the App's settings).
Restriction: request that we restrict certain processing of your data.
Objection: object to processing of your data for certain purposes.
Portability: request your data in a structured, commonly used, machine-readable format.
Withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the address provided below. We will respond to your request within 30 days or as required by applicable law.

11. Third-Party Services and Links

The App may integrate with or contain links to third-party services, including Mapbox (maps), Google and Facebook (authentication), and AWS (cloud infrastructure). These third parties have their own privacy policies that govern how they collect and handle your data. We encourage you to review their policies before using their services. We are not responsible for the privacy practices of any third party.

12. Cookies and Similar Technologies

As a native mobile application, SANAOL does not use browser cookies. However, we may use similar technologies such as device identifiers, Expo push tokens, and local storage (SecureStore) to authenticate users, deliver notifications, and maintain session state.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the revised policy within the App and updating the "Effective date" above. Where required by law, we will seek your consent to material changes. Your continued use of the App after the revised policy takes effect constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

TechniqalGroup MCS
Email: techniqalgroup@gmail.com