← Back to home

Privacy policy

Last updated: 29 June 2026

Overview

Senticomm is a UK community safety app for verified local residents. This policy describes what personal data we process when you use the website and progressive web app (PWA), and why.

Senticomm is intended for adults living in or near a participating community. It is not a replacement for the emergency services — always call 999 in an emergency.

Who processes your data

Your data is processed to operate the Senticomm service for your community. Community administrators and moderators can access certain verification and moderation data as described below.

If you have questions about how your data is used, contact the administrator of your community in the first instance.

Data we collect

  • Account and sign-in: a member identifier, WebAuthn passkey credentials (public key and credential ID — we do not store passwords), and an encrypted session cookie while you are signed in.
  • Community profile: your chosen display handle, membership status, role (member, moderator, or admin), sponsor reference when you join via a neighbour invite, and optional SOS backup email if you add one on Profile.
  • Join verification (verification vault): your real name, street address, and optional note submitted when you request to join. This is encrypted on the server and is shown to community admins/moderators only to approve genuine local residents. After approval, an approximate map grid location may be derived from your street address for neighbour SOS routing — not your exact address on the map.
  • Chat: message content is encrypted before storage. The server holds ciphertext and metadata (sender, channel, time). Community members who can access a channel can decrypt messages with the community key.
  • Map reports: encrypted incident text, a grid-snapped approximate location, whether you chose to post anonymously, and expiry time (reports automatically expire after 72 hours unless removed sooner).
  • SOS alerts: when you hold the SOS button, we may process your GPS location to alert nearby active neighbours, send optional Web Push notifications, and optional email if configured. SOS location is stored briefly for active alerts and live routing.
  • Live location (temporary): when you open the map, attend an incident, or respond to SOS, your GPS may be cached in Redis for up to about two hours to show presence on the map and route help to the nearest neighbours.
  • Push notifications: if you enable them, your browser push subscription (endpoint and encryption keys) and user-agent string.
  • Device and usage: join-attempt IP hashes for rate limiting (not stored as plain IP addresses in the member record), audit logs when admins take moderation actions, and local “last seen” timestamps in your browser for chat/map badge counts.

How we use your data

  • Verify that join requests are from genuine local residents.
  • Provide encrypted community chat, the safety map, incident reporting, and neighbour SOS.
  • Deliver alerts to nearby members via in-app WebSocket, Web Push, or optional email backup.
  • Allow admins and moderators to approve joins, ban members, review deletion requests, and remove false or malicious map reports.
  • Record moderation actions in an audit log visible to community admins.
  • Protect the service against abuse (rate limits, CSRF protection, session invalidation when members are banned or leave).

Who we share data with

Within your community: other active members may see your handle, chat messages in channels you share, map pins and reports (identity masked if you choose anonymous mode), and your live location only while you are attending an incident or sharing presence for SOS routing.

Administrators and moderators: verification vault details for pending and active members, member lists, deletion requests, and an Activity audit log of moderation actions (bans, leaves, erasures, SOS, and report handling).

Service providers: infrastructure we use to run the app (hosting, PostgreSQL database, Redis cache), optional SMTP email delivery in production, and map tile providers (OpenFreeMap / CARTO). Postcode and geocoding lookups may use public APIs (e.g. postcodes.io, OpenStreetMap Nominatim) with search terms you enter — not your verification vault address unless you search for it.

We do not sell your personal data.

Storage and retention

  • Incident reports expire automatically after 72 hours.
  • SOS alerts and related live-location cache entries are short-lived (typically minutes to a few hours).
  • Chat messages and membership records are kept while your account remains active in the community unless you leave, are banned, or your account is erased.
  • Leaving the community (Profile → Leave community) removes your membership and verification vault for that community but keeps your passkey account so you can rejoin with a new invite. It is not the same as full account erasure.
  • If an admin bans you, your session ends immediately and verification details may be retained so admins can review rejoin attempts. Community chat keys may be rotated for remaining members.
  • Full account erasure (requested on Profile, completed by an admin) permanently deletes your member record and chat messages you sent. Some audit log entries may be retained with redacted personal details for security and accountability.
  • Verification vault data is retained while you are an active or banned member so admins can verify residency; it is removed when you leave voluntarily.
  • Push subscriptions are removed when you disable notifications or they expire.
  • Audit logs of admin actions may be kept for security and accountability.

Security

We use passkey authentication, encrypted sessions (invalidated when you are banned or leave a community), encrypted verification vault data, encrypted chat and incident payloads, community chat key rotation when a member is banned, security headers (including Content Security Policy), and role-based access for admin features. No system is perfectly secure; use a device you trust and keep your passkey safe.

Your choices and rights

  • Optional email and push notifications — you can add, update, or remove them on Profile.
  • Anonymous incident reports — you can mask your handle on map reports.
  • Delete your own map reports from the report detail view.
  • Leave the community on Profile, or request full account deletion there (an admin completes erasure — see Storage and retention above).
  • Under UK data protection law you may have rights to access, rectify, erase, restrict, or object to processing, and to complain to the ICO.

Cookies and local storage

We use a strictly necessary session cookie for sign-in and CSRF protection. The app may store small preferences in your browser (for example, last-read times for chat and map badges). We do not use third-party advertising cookies.

Changes

We may update this policy as the app develops. The “Last updated” date below will change when we do. Continued use after an update means you accept the revised policy.