App: HailMe. Last updated: May 17, 2026.
This Privacy Policy explains how HailMe handles personal data in the mobile app and related backend services. The operator of HailMe acts as the Controller under the EU General Data Protection Regulation (GDPR) and Uruguay Law No. 18.331 (where the operator is the "Responsable"); as the Treatment Agent / Controlador under Brazilian Law No. 13.709 (LGPD); and as the Database Owner registered with the relevant authority under Argentine Law No. 25.326. Israeli residents are covered under the Protection of Privacy Law 5741-1981. A single contact channel serves all of these roles: privacy@notifyme.it.com.
| Category | Examples | Why it is used |
|---|---|---|
| Account and profile | Phone number, username, first name, last name, optional email address | Account creation, sign-in, profile management, support, and communication |
| Contacts and recipients | Names, phone numbers, and optional email addresses that you add | Letting you select recipients and send location-based notifications or messages |
| Alert presets and alerts | Preset title, message text, recipient list, latitude, longitude, radius, sent and received times, read status | Running the core service and showing your history in the app |
| Family relationships | Family identifier, member status (owner / member / invited / suspended), invitation tokens, role within the family | Letting a Family-plan owner invite up to four people, share plan features and SMS quota, and manage membership |
| Subscription and billing data | Plan tier (free / paid / family), store transaction identifier, renewal status, country of purchase. We never see or store the full payment card number; payment is handled by Apple App Store or Google Play. | Granting and renewing paid features, enforcing plan limits, and accounting |
| Precise location | Device coordinates and location events, including background location when you grant it | Detecting when an alert preset location is reached and triggering alerts |
| Technical and delivery data | Device token, platform and app version, language, IP address, timestamps, authentication and delivery records | Push delivery, security, troubleshooting, abuse prevention, and service reliability |
| Verification and support | Verification codes, SMS delivery events, and messages you send to support | Phone verification, account recovery, and support handling |
If a message is delivered by SMS fallback, the SMS may include your phone number, your message text, and a location or maps link needed for the feature to work.
Sub-processors we currently rely on. The list below is current as of the "Last updated" date at the top of this page; we will update it when it changes and, where the change is material, give in-app notice before the new sub-processor goes live.
| Provider | Purpose | Country of processing |
|---|---|---|
| Mapbox | Maps, geocoding, search | United States |
| Twilio | SMS verification and SMS fallback delivery | United States, with regional points of presence |
| Firebase Cloud Messaging (Google) | Push notification delivery on Android | United States, European Union |
| Apple Push Notification service | Push notification delivery on iOS | United States, European Union |
| Render | Application hosting, managed PostgreSQL, managed Redis | United States (Oregon region) |
| SendGrid (Twilio) | Transactional email (verification, account notices) | United States |
Authorities and courts. We may also disclose data when we are legally required to do so, for example to respond to a valid court order, regulator request, or other binding legal process. Where the law allows, we will tell you about the request before responding.
We do not sell personal data and we do not use it for cross-context behavioural advertising.
We rely on the following legal bases (Art. 6 GDPR; Art. 7 LGPD; Decree 414/009 under Uruguay Law 18.331; Sec. 5 Argentine Law 25.326; PPL Sec. 1):
You can revoke app permissions in your device settings at any time, but important features such as alert preset monitoring, push alerts, or code auto-fill may stop working.
We keep personal data only as long as needed for the purpose it was collected, and within the windows below. Where local law requires us to keep specific records longer (for example, billing records for tax or accounting), the longer statutory period applies.
Subject to applicable law, you have the following rights regarding your personal data: access, rectification, deletion ("erasure"), restriction of processing, objection to processing based on legitimate interests, data portability, and withdrawal of any consent you previously gave (without affecting prior lawful processing). Where we are required to act, we will respond within thirty (30) days; the period may be extended once for complex requests, and we will tell you if so.
You can review and update some profile data directly inside the app. To exercise other rights, or to ask any privacy question, contact privacy@notifyme.it.com. We may ask you to verify your identity before completing a request.
Right to lodge a complaint. If you believe we are not handling your data lawfully, you can complain to the supervisory authority where you live or work. Examples include the URCDP (Uruguay), the AAIP (Argentina), the ANPD (Brazil), the PPA (Israel), and EU supervisory authorities such as the AEPD in Spain or the CNPD in Portugal.
Some service providers may process data in countries other than your own (see section 4). When that happens, we rely on applicable contractual, technical, and organizational safeguards required by law, including, where relevant, the European Commission's Standard Contractual Clauses, the international transfer safeguards listed in Article 33 LGPD, and the equivalent transfer mechanisms under Uruguay Law 18.331 and Argentine Law 25.326.
HailMe is not intended for users under sixteen (16) years of age, or under the minimum age set by local law. In Brazil, the processing of personal data of users under eighteen (18) requires consent from a parent or legal guardian for any processing that goes beyond what is strictly necessary to provide the service (for example, paid subscriptions or optional analytics). If you believe a child has provided personal data, contact us so we can review and delete it where appropriate.
We use reasonable technical and organizational measures to protect data, including TLS in transit, encryption at rest for managed databases and backups, role-based access controls for staff, audit logging of administrative actions, and restricted production access. No system can guarantee absolute security; we will notify affected users and the relevant supervisory authority of a personal-data breach when required by applicable law.
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. If the changes are material we will also notify you in-app or by email and ask you to review the new version.
For privacy requests or questions, contact privacy@notifyme.it.com.
The same address — privacy@notifyme.it.com — is the designated contact for data-protection matters and acts as Data Protection Officer (GDPR) / Encarregado de Tratamento de Dados (LGPD) / data-protection contact under Uruguay Law 18.331, Argentine Law 25.326, and the Israeli PPL. Please use this channel for any rights request, complaint, or supervisory authority inquiry.
While the service is undergoing pre-release testing, we may collect additional diagnostic information (such as crash reports, performance traces, and short-lived debug logs) to investigate defects and improve quality. This pre-release diagnostic data is not used for marketing, is kept separate from production analytics, and is deleted within ninety (90) days.