Privacy Policy

1. Who controls your data

Bushlink is operated by Michiel Hendrickx, operating as Bushlink, established in Belgium (the "Operator", "we", "us"). We are the data controller for the personal data described in this policy.

Contact for privacy matters: bushlink.app@gmail.com.

(During the beta the Operator runs as a natural person. On incorporation of the Belgian company, the controller's identity and any formally appointed contact — including a POPIA Information Officer — will be updated here.)

2. Which laws apply

Bushlink is based in the EU, so the EU General Data Protection Regulation (GDPR) is our baseline. Because we also serve guides in Africa, two further laws apply to those users:

• South Africa — POPIA (Protection of Personal Information Act), for guides whose data is protected under South African law; and
• Kenya — the Data Protection Act 2019, for guides in Kenya.

Where these laws differ, we apply the standard that gives you the most protection. References below to "personal data" include "personal information" under POPIA and the Kenya DPA.

3. The data we collect, and why

We collect only what the Service needs. Here is everything, in plain terms.

3.1 Account and login data.

Your phone number and/or email address, a hashed password (for email sign-in), and your linked Google or Apple identity (for social sign-in), plus basic login metadata. Used to create and secure your account.

3.2 Profile data.

Your display name, the parks you usually work in ("primary parks"), an optional avatar photo, and your verification status. Used to run your profile and tailor relevant alerts.

3.3 Verification documents.

A photograph of your ID or guide licence. Used solely to verify your professional status. It is accessible only to authorised Bushlink personnel and is deleted once your verification has been decided (approved or rejected). We do not keep it after that.

3.4 Sighting data — including location.

When you log a sighting we collect the exact GPS coordinates at the moment you log it (or the point you drop on the map), plus the species, group size, behaviour, an optional free-text note, your photographs (up to five), the park, and timing. Used to provide the core service, to share sightings, and — see section 5 — to support conservation and research.

3.5 Community and social data.

The communities you create or join, your membership status, and your reactions to sightings (a "thumbs up" or a "confirm"). Used to run communities and corroboration.

3.6 Notification data.

Your per-species notification preferences and the push token that identifies your device install. Used to send the alerts you opt into. Push tokens are deleted when you sign out.

We do not knowingly collect data from anyone under 18, and the Service is restricted to adult professional guides.

4. How your location is protected

Location is the most sensitive thing we handle, because exact positions of high-value species are valuable to poachers. Two facts you should know:

• Other guides never see your exact location. Every shared sighting is shown with a location blurred by approximately 500 metres. This blur is fixed once and cannot be averaged out by repeated viewing, applies even inside trusted communities, and your free-text notes and your identity are removed from the shared feeds so they cannot leak a precise spot. Your exact coordinates are never sent to other users' devices and never appear in notifications.
• We do retain your exact coordinates in our systems, in protected form, for the conservation and research purpose described in section 5. We are explicit about this so you can make an informed choice.

5. Conservation and research — retention, pseudonymisation, and your choice

Wildlife sighting data has lasting scientific and conservation value. Two things follow from that.

5.1 We retain sighting data, including after you leave.

We keep sighting records — coordinates, species, behaviour, timing, and photographs — indefinitely, for wildlife conservation and scientific research. When you delete your account, we remove the link between you and your sightings and retain the records in pseudonymised form. We rely on the research-purpose provisions of data protection law (including Article 89 GDPR and the equivalent research grounds under POPIA and the Kenya DPA), with safeguards that include removing your identity link and stripping location metadata from photographs. Because of this, deleting your account does not delete your past sightings or their photographs.

5.2 Sharing precise data with research partners — only with your separate consent.

In the future we plan to share sighting data — which for this research purpose may include precise (unblurred) coordinates and original photo metadata — with vetted conservation and research partners. This will happen only where you have given separate, specific consent (the optional checkbox shown when you accept these documents), and only under written data-sharing agreements that limit use to research, forbid onward disclosure, and forbid any use that could harm wildlife. Precise location data is never shared with other app users and never shown publicly. You can withdraw this consent at any time to stop future sharing; data already provided to a partner is then governed by that partner's agreement.

6. The legal bases we rely on (GDPR / POPIA / Kenya DPA)

Under POPIA and the Kenya DPA we rely on the corresponding grounds — performance of a contract, legitimate interests, consent, and the research/statistical exemptions. Where we rely on consent, you may withdraw it at any time.

7. Who we share data with

We use a small set of trusted service providers (processors / operators). Each receives only what it needs:

• Supabase (our core backend — database, authentication, storage) — hosts essentially all server-side data. Hosted in the EU (Ireland).
• Google / Firebase Cloud Messaging — delivers push notifications. Receives your device token and, in an alert, the species name and park name (e.g. "Lion spotted / In Kruger") and the sighting's ID. No coordinates are ever sent. Google/Apple also act as sign-in providers if you use social login.
• Twilio — receives your phone number to send your SMS verification code.
• Mapbox — provides maps; receives the map area you are viewing and standard network metadata. We do not send your sighting coordinates to Mapbox as data.

We do not sell your personal data, and we do not run an advertising-funded data model. We may disclose data where required by law or to protect wildlife, users, or the Service (see the anti-poaching provisions in the Terms).

8. International transfers

Our systems and several providers are located outside Tanzania and Kenya — principally in the EU (Ireland). This means your personal data is transferred internationally when you use Bushlink. We handle that transfer as follows.

• For guides in Kenya: we rely on Standard Contractual Clauses and the contract-performance basis under Section 48 of the Kenya Data Protection Act 2019 as the transfer mechanism. Kenya and the EU are in the final stages of a formal adequacy dialogue; if and when an adequacy decision is adopted, transfers between Kenya and the EU will become unconditional and this section will be updated accordingly.
• For guides in Tanzania: we rely on the contract-performance and consent grounds under Section 32 of Tanzania's Personal Data Protection Act 2022, which permit transfer where it is necessary to perform our contract with you and where you have given consent. We are in the process of confirming the full permit requirements under Tanzanian law with local counsel and will update this section as that process completes.
• For guides in South Africa: the transfer of your data to the EU is governed by Section 72 of POPIA. We rely on two grounds: first, our assessment that the EU — subject to the GDPR — provides a level of data protection substantially similar to POPIA's conditions for lawful processing, satisfying the adequacy standard under Section 72(1)(a); and second, that the transfer is necessary for the performance of our contract with you. We back this with Standard Contractual Clauses with our EU-based providers as a further safeguard.
• For guides in the EU/EEA: your data stays within the EU and no transfer rules are engaged.

We do not sell your data to anyone, and all international transfers serve only the purposes described in this policy.

9. How long we keep things

• Account, profile, login, avatar, communities, memberships, reactions, notification preferences: until you delete your account.
• Verification documents: deleted as soon as your verification is decided.
• Device push tokens: deleted when you sign out.
• Sightings and their photographs: retained indefinitely in pseudonymised form for conservation and research (section 5), including after account deletion.

10. Your account deletion in detail

When you delete your account we delete: your login, profile, avatar, any verification document still held, community memberships, notification preferences, device tokens, and reactions. We retain, in pseudonymised form: your past sightings and their photographs (section 5). Communities you created continue without you.

11. Your rights

Under GDPR, POPIA, and the Kenya DPA you have the right to: access your data; correct it; delete it (subject to the research-retention explained in section 5, which is a recognised limit on erasure); object to or restrict certain processing; withdraw consent (for research sharing and notifications) at any time; and receive a copy of data you gave us in a portable form.

To exercise any right, contact bushlink.app@gmail.com. You also have the right to complain to a regulator:

• EU/Belgium: the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données).
• South Africa: the Information Regulator.
• Kenya: the Office of the Data Protection Commissioner.

12. How we protect your data

We apply technical and organisational measures appropriate to the sensitivity of the data, including: storing files in private storage reachable only through controlled, time-limited links; row-level database security so you can only reach your own data; stripping location metadata from photographs before storage; the 500-metre location blur for shared sightings; revoking direct access to exact coordinates at the database level; and restricting verification-document review to authorised personnel only. No system is perfectly secure, and Bushlink is beta software; we continue to harden these measures. If a personal-data breach occurs, we will assess and, where required, notify the relevant regulator and affected users in line with GDPR, POPIA, and the Kenya DPA.

13. Avatars are publicly visible

If you upload a profile photo, please note it is stored such that it may be accessible to anyone who has the image's direct link, not only to signed-in guides. We use profile photos for display only — we do not run facial recognition or any biometric identification on them. Do not upload a photo you are not comfortable being publicly visible.

14. Children

The Service is for adults (18+) who are professional guides. We do not knowingly process children's data. If you believe a minor has used the Service, contact us and we will remove the account.

15. Changes to this policy

We may update this policy. We will show material changes in the app and, where the change affects how we use your data on a basis that needs it, ask for your renewed acceptance or consent. We record the version in effect and when you accepted it.

16. Contact

Any privacy question or request: bushlink.app@gmail.com.