Template provided by Free Html Templates
Only Vora Users are required to divulge an email address, which is verified by the use of third party services (Gmail services). This email is used for the purposes of purchasing and associating a licence with the Vora User. It is the only personal information we permanently store, together with the associated licence
The main function of the app in "TARGET" mode is to periodically collect
the location data of the Vora Target and send it to the Vora User's they have paired with.
a) Collection of location data only takes place during the monitoring periods Vora Users have set for the
Target.
b) If a Vora Target has disabled in their preferences access to location data, no location data is
collected.
After applying the above (a and b) exclusion rules, collection of location data can happen
even if the app is in the background, closed and not in use.
It can also happen even if the app is not connected to the internet.
The app however will notify the Vora Target about the fact that access to their data is needed based on
the monitoring periods the paired Vora Users have set for the Target, even if no data is collected at that
moment.
Before transmission of location data, it is encrypted with a key known only by the
respective Vora User it is to be delivered to. AS SUCH, WE DO NOT HAVE ACCESS TO YOUR LOCATION DATA
when it
reaches our servers, waiting to be delivered to the Vora User.
On top of this on-device encryption, transmission to our servers takes place over HTTPS.
WE DO NOT COLLECT LOCATION DATA WHEN THE APP IS IN "USER" MODE
During the setup process device identifiers can be used to facilitate the creation of TrackVora-specific random identifiers, which are not assigned per-device but per-installation. This means that if you reset or reinstall the app, and then go through the setup process, different TrackVora random identifiers will be generated.
WE DO NOT COLLECT OR TRANSMIT DEVICE IDENTIFIERS GENERATED BY THIRD PARTIES
Gmail services verify the email account of a Vora User. Google's Play Store services and Google's Firebase apis verify the transactions related to purchasing a licence.
None
The email of a Vora User is only used for verifying the validity of a licence. There are no administrative tasks regarding Vora Targets, since there is no information about them.
A Gmail account login token is sent for verification to Gmail services / Google's Play Store services for user verification.
Law Enforcement, Regulators and Other Parties for Legal Reason may request
- and will receive - the list of Vora Users and their licence purchases.
This is the only information about a Vora User we can provide.
We cannot provide any information regarding a Vora Target.
The entirety of the exchanged information between Vora Users and Vora Targets
is permanently stored in their devices and nowhere else.
TrackVora provides a variety of ways within the app for deleting part or the whole of the stored
information.
We have no means of deleting that information on your behalf.
In the case of a Vora Target being a minor, there is no special "locking"
mechanism to avoid a child unpairing from the Vora User monitoring them.
We have no means of enforcing this on your behalf.
Encryption takes place within the end user devices,
and makes the information contained in their messages opaque to us and everyone else,
besides the intended receiver.
All messages exchanged between TrackVora app and our servers are transferred over HTTPS.
Moreover we have included further authentication mechanisms to avoid unauthorised access to
the servers.
Even in the event of a security breach, the assailant will find
NO stored FILE or permanent DATABASE
where from they could be able to steal historical information exchanged between Vora
Users and Targets.
The only record that could be stolen - in that unfortunate event - is a list containing
the emails of the Vora Users, associating them with their licences.
If the security breach takes the form of
"man in the
middle" attack the assailant could be monitoring the ongoing exchanges
of information between Vora Users and Targets. Again, this will only take them as far as
obtaining the cryptographically secured messages.
There is NO stored FILE or RECORD of association between
a Vora User or Target and their "message slot" or their ip address on our servers. This means that for someone
to
purposefully seek to obtain information about a specific Vora User or Target, the "man in the
middle" would either
have to know the ip address you are currently transmitting data from (and deduct the associated "message
slot"), or they need
to start decrypting messages from all the "message slots".
In order to allow you to minimise the danger of the above security breach scenario, we have designed TrackVora to be compatible with you using all sorts of tools for "indirect access" to the internet.
The QR code displayed during pairing on a device in "USER" mode
contains the name of the Vora User's "message slot".
You should NOT allow anyone to scan this QR code - or share the pairing link generated, for
that matter -
other than the Vora Target you intend to pair.
The name of the "message slot" is an identifier for the Vora User or Target. By itself,
it is as critical as an email address. Your data are still encrypted with a key only residing in
your device,
the same way that providing your email address does not mean others can check your messages.
However, in case of a security breach this is the entry point
to your information.
Tell us what you think about our approach on a privacy centric location
tracker @
voraapp.rheotome.eu@gmail.com