Vigilante Logo

The Vigilante App

Powered by CriticalThinkers

Legal

Privacy Policy

How Vigilante handles personal data, including precise and background location used for maps, safety information, community reports, VigilAI, and active SOS tracking.

Last updated: 28 June 2026

1. Who We Are and What This Policy Covers

Vigilante is operated by CriticalThinkers Technology Limited. In this Privacy Policy, “Vigilante”, “we”, “us”, and “our” refer to CriticalThinkers Technology Limited as the controller of personal data processed through the Vigilante mobile application, website, VigilAI, public sharing pages, live SOS tracking pages, account-support services, and related features.

This Policy explains what personal data we collect, why we use it, when it may be shared, the choices available to you, and how to exercise your rights. It is written with regard to the Nigeria Data Protection Act 2023, the Nigeria Data Protection Act General Application and Implementation Directive 2025, and other applicable laws and platform requirements.

2. Personal Data We Collect

The information collected depends on the features you choose to use. Some information is provided directly by you, while other information is generated by your device or by your use of the Services.

  • Account and profile information, such as your name, email address, telephone number, profile photograph, date of birth, gender, address, nationality, password or authentication credentials, and account-verification status.
  • Authentication information received when you choose Google Sign-In, Sign in with Apple, or another supported identity provider, such as a provider identifier and the profile information you authorise that provider to share.
  • Emergency-contact information that you enter, including the contact’s name, telephone number, email address, address, and relationship to you.
  • Location information, including approximate or precise coordinates, locality, local government area, state, country, route origin and destination, and the time at which a location was reported.
  • Community and safety content, including posts, incident reports, comments, likes, bookmarks, photographs, videos, captions, incident locations, and content shared by public link.
  • VigilAI interactions, including questions, messages, location context supplied to the assistant, and technical information needed to operate the conversation.
  • Device, application, and security information, such as device identifiers, device type, notification tokens, Internet Protocol address, operating-system information, sign-in records, service logs, and fraud or security signals.
  • Usage and diagnostics information collected through tools used to understand app performance, deliver remote configuration, send notifications, diagnose faults, and investigate crashes.
  • Support and account-management information, including messages, complaints, deactivation requests, identity-verification details, and correspondence with us.

3. How Vigilante Uses Location Data

Location is central to several Vigilante safety features. While the app is open, we may access approximate or precise location to place you on a map, identify relevant emergency contacts or nearby assistance, provide local safety information, assess route context, attach a location to a report when you choose to do so, and give location-aware context to VigilAI.

These foreground uses are separate from SOS background tracking. We do not state that location is used only for SOS, because some user-requested map, route, reporting, local-information, and VigilAI features also process location while the app is in use.

You may decline foreground location permission. However, features that depend on your location may be unavailable, less accurate, or may require you to enter a location manually.

4. Background Location During an Active SOS

If you deliberately trigger the SOS feature and separately allow background location, Vigilante collects precise location data to keep the live SOS location updated even when the app is minimised, the screen is locked, or the app is not actively in use. The coordinates are transmitted to our systems so that the active tracking link can display your latest reported location.

Background location is intended for an active, user-initiated SOS session. It is not used to serve advertising. You can refuse the permission, stop or end the SOS session through the available controls, or later change the permission in your device settings. Refusing background access may prevent continuous updates when the app is not visible.

Before Android asks for background-location permission, Vigilante presents a separate, prominent disclosure explaining that precise location will be collected and transmitted for live SOS tracking when the app is closed or not in use. Consent must be affirmative and may be withdrawn.

5. SOS Alerts, Trusted Contacts, and Tracking Links

When you activate SOS, Vigilante may send an alert and a live tracking link to the trusted contact you selected or stored in your account. Depending on the contact details available, delivery may occur through email, text messaging, push notification, or another supported communication channel.

A person who has the valid tracking link may be able to view your latest reported location without signing in. That person may also forward the link. You should therefore choose trusted contacts carefully and ask them not to share the link except where necessary to help you or contact emergency responders.

A tracking link remains available only for a limited service period or until it is ended or expires. Expiry of the public link does not necessarily mean that all associated records are immediately erased; limited records may be retained where reasonably necessary for security, incident review, legal compliance, or the establishment, exercise, or defence of legal claims.

6. Posts, Reports, Media, and Public Sharing

Content you publish through community or reporting features may be visible to other users together with the name, profile information, time, and location associated with the post or report. You should not upload another person’s personal data, image, private address, or precise location unless you have a lawful basis and it is genuinely necessary for a responsible safety report.

If you create or share a public post link, anyone who receives or discovers that valid link may view and forward the associated public content without a Vigilante account. Removing a post from active display may not remove copies already saved, captured, or shared by other people.

7. Why We Process Personal Data

We process personal data only for identified and lawful purposes connected with operating, securing, and improving Vigilante.

  • To create and manage accounts, authenticate users, verify contact details, and provide customer support.
  • To provide maps, route context, local safety content, emergency contacts, community reporting, public sharing, and VigilAI features requested by the user.
  • To operate SOS alerts, transmit live location updates, and make the active tracking link available to trusted recipients.
  • To send service messages, security notices, account-verification messages, and notifications selected by the user.
  • To moderate content, investigate misuse, prevent fraud, protect users, maintain service integrity, and enforce our Terms and Conditions.
  • To analyse service reliability, diagnose technical problems, improve functionality, and understand aggregate product performance.
  • To comply with legal duties, respond to valid requests from competent authorities, and establish, exercise, or defend legal claims.

8. Lawful Bases

Depending on the activity, we rely on one or more lawful bases recognised by applicable data-protection law: your consent; steps requested by you before entering into a contract or performance of our agreement with you; compliance with a legal obligation; protection of vital interests in a genuine emergency; and our legitimate interests in operating, securing, improving, and preventing misuse of the Services where those interests are not overridden by your rights.

Where we rely on consent, including for permissions that require consent, you may withdraw it at any time. Withdrawal does not invalidate processing lawfully carried out before consent was withdrawn.

9. Permissions and Your Choices

Your device may ask for access to foreground location, background location, notifications, camera, photographs, videos, or other functions. We request permissions for the feature being used and aim to request only the minimum access reasonably necessary.

You may decline or later revoke a permission through the app or your device settings. Some features will not function without the relevant permission. Revoking background location does not automatically cancel an SOS session already sent to a trusted contact, so you should also use any available stop or cancellation control where appropriate.

10. When Personal Data Is Shared

We do not sell personal data. We share personal data only where this is necessary for the Services, directed by you, required by law, or reasonably necessary to protect rights and safety.

  • With your trusted emergency contact, a recipient of an SOS alert, or another person to whom a valid SOS tracking link has been forwarded.
  • With other users or the public when you publish a post, attach a location, comment, or create a public sharing link.
  • With service providers that support cloud hosting, databases, storage, maps, geocoding, authentication, analytics, crash reporting, notifications, email delivery, text messaging, and security. Depending on the feature, these may include Google or Firebase services, Apple services, map providers, communications providers, and hosting providers.
  • With professional advisers, auditors, insurers, or transaction advisers under duties of confidentiality where reasonably necessary.
  • With regulators, courts, law-enforcement bodies, emergency responders, or other competent authorities where disclosure is required or permitted by law or is reasonably necessary to protect a person from serious harm.
  • In connection with a merger, financing, restructuring, sale, or transfer of all or part of the business, subject to appropriate notice and safeguards where required.

11. International Processing and Transfers

Some service providers may process or store data outside Nigeria. Where personal data is transferred across borders, we take reasonable steps to use a lawful transfer mechanism and appropriate contractual, technical, and organisational safeguards as required by applicable law.

12. Security

We use reasonable administrative, technical, and organisational measures designed to protect personal data, including access controls, authentication, secure communications, monitoring, role-based access, and service-provider controls. Sensitive information should be transmitted using modern encryption where supported.

No online service can guarantee absolute security. You should use a strong password, protect your device, keep trusted-contact details current, avoid posting unnecessary personal information, and tell us promptly if you suspect unauthorised account access.

13. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, taking account of account status, the nature of the feature, safety and security needs, legal obligations, dispute periods, backup cycles, and the need to prevent fraud or misuse.

Different categories have different retention periods. Account and community records may be retained while the account is active. Short-lived tokens and active tracking links expire according to their configured period. Backups, security logs, moderated content, and records needed for legal or safety reasons may remain for a limited additional period before deletion or anonymisation.

14. Account Deactivation and Deletion Requests

Account deactivation and permanent account deletion are different actions. Deactivation may be started through the public deactivation page or a future in-app process. After email confirmation, the account is disabled and a seven-day recovery window begins.

During the seven-day recovery window, the account owner may attempt to log in and confirm the OTP sent to the account email to reactivate the account. If the account is not reactivated within seven days, it is scheduled for permanent deletion.

Delete Account is a separate in-app action that permanently removes the account and associated database records without using the seven-day deactivation recovery flow. Limited records may still be retained where required for legal compliance, fraud prevention, safety investigations, dispute resolution, enforcement, backup-cycle completion, or another lawful purpose.

15. Your Data-Protection Rights

Subject to applicable law and any lawful exceptions, you may ask us to provide information about our processing; give you access to your personal data; correct inaccurate or incomplete data; erase data; restrict processing; provide portable data in an appropriate format; or consider an objection to certain processing. You may also withdraw consent where processing is based on consent and raise concerns about a decision based solely on automated processing that produces legal or similarly significant effects.

To protect users, we may verify your identity and authority before acting on a request. We will respond within the period required by applicable law. You may also lodge a complaint with the Nigeria Data Protection Commission or another competent supervisory authority.

16. Children and Young Users

Vigilante is not intended to be used independently by a child who cannot lawfully consent to the processing involved or enter into the applicable Terms. Where a young person is permitted to use the Services, a parent or legal guardian should supervise use and should not enable background tracking or public sharing without understanding the consequences.

If you believe that a child’s personal data has been collected without appropriate authority, contact us so that we can review the matter and take appropriate action.

17. VigilAI, Analytics, and Automated Features

VigilAI and related tools may use automated methods to summarise, classify, prioritise, or respond to information. Analytics and diagnostic tools may also process usage events and technical data. These tools support the Services but may make mistakes and should not be treated as the sole basis for an emergency, medical, legal, policing, or personal-safety decision.

We do not intend to make a decision producing legal or similarly significant effects about you solely through VigilAI without the safeguards required by applicable law.

18. Changes to This Policy

We may revise this Policy when the Services, our practices, the law, or platform requirements change. The current version will be published on this page with a revised date. Where a change materially affects your rights or how sensitive data is used, we may provide additional notice or seek fresh consent where required.

19. Contact and Complaints

For privacy questions, data-subject requests, complaints, or concerns about location processing, contact CriticalThinkers Technology Limited at support@criticalthinker.tech.

Please describe the request clearly and, where relevant, use the email linked to your Vigilante account. You also have the right to complain to the Nigeria Data Protection Commission where you believe your rights have not been respected.