Privacy Policy

Last updated: 30 May 2026

BackHike ("we", "our", "us") operates the BackHike mobile application. This policy explains how we collect, use, and protect your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) Malaysia.

1. Data We Collect

• Account info: Name, phone number, email (via Apple/Google/Phone sign-in)
• Location data: GPS coordinates during active hikes (foreground and background)
• Photos: Selfie check-in/check-out images (stored on your device and our servers)
• Emergency info: Blood type, IC number, allergies, emergency contacts (provided voluntarily)
• Device info: Device model, OS version, battery level (during active hikes)

2. How We Use Your Data

• Track your hike location for safety purposes
• Send overdue alerts to your emergency contacts
• Enable SOS functionality (SMS, call, WhatsApp with GPS)
• Display your location on the Family Live Link
• Improve app performance and fix bugs

3. Data Sharing

We do NOT sell your data. We share data only:

• With your designated emergency contacts (when you activate SOS or are overdue)
• With rescue authorities if you trigger SOS
• With buddies you explicitly add in the app

4. Location Data

GPS data is collected ONLY during active hikes. We do not track you when you are not hiking. Background location is used solely to record waypoints during your hike for safety purposes.

5. Data Storage & Security

Your data is stored on AWS servers in Singapore (ap-southeast-1) with encryption at rest and in transit. Selfie photos are stored securely and accessible only to you and your emergency contacts.

6. Your Rights

Under PDPA Malaysia, you have the right to:

• Access your personal data
• Correct inaccurate data
• Withdraw consent for data processing
• Delete your account and all associated data

To exercise these rights, use the "Delete Account" option in the app or email us.

7. Data Retention

Hike records are retained for 12 months. Upon account deletion, all data is permanently removed within 30 days.

8. Third-Party Services

• Firebase (authentication, push notifications) — Google Privacy Policy applies
• Google AdMob (ads for free users) — Google Ads Privacy Policy applies
• OpenStreetMap (map tiles) — no personal data shared

9. Children

BackHike is not intended for children under 13. We do not knowingly collect data from children.

10. Changes

We may update this policy. Changes will be posted here with an updated date.

11. Contact

Email: hello@backhike.com