Table of Contents
1 Overview
The APST SOS App ("App", "we", "us", or "our") is an enterprise-grade emergency safety application developed by Flipkart's CorpApp team for the exclusive use of Flipkart employees and contracted personnel. The App enables employees to trigger emergency SOS alerts, share real-time location with safety responders, and receive assistance during critical situations.
This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and your rights with respect to that information. By registering for and using the App, you agree to the practices described in this policy.
2 Information We Collect
2.1 Account & Registration Information
When you register for the App, we collect:
- Full name
- Email address (official corporate or personal, depending on employment type)
- Mobile contact number
- Gender
- Employee ID
- Residential address and pincode
- Employment type (On Roll / Off Roll)
- Associated company and site / facility
- 4-digit access PIN (encrypted before storage)
2.2 Emergency Contact Information
We collect the following details of your designated emergency contact person:
- Emergency contact person's full name
- Emergency contact person's mobile number
This information is used solely to notify your emergency contact when an SOS event is activated.
2.3 Biometric Authentication Data
If you enable biometric login (fingerprint, face recognition, or iris scan), the App uses your device's built-in biometric hardware and operating system APIs to authenticate you. We do not store raw biometric data (e.g., fingerprint images) on our servers. Authentication is handled entirely on-device by Android's BiometricPrompt / iOS's Face ID or Touch ID APIs.
2.4 Communications & SOS Activity
- SOS event history (type, timestamp, status)
- Help requests received and accepted
- In-app notifications and alerts
3 Location Data
3.1 What Location Data We Collect
- Precise GPS coordinates (latitude and longitude)
- Location accuracy (in metres)
- Timestamp of each location reading
3.2 How Often We Collect Location
| Mode | Frequency | Purpose |
|---|---|---|
| Normal operation | Every 15 minutes (background) | Employee safety check-in |
| SOS active | Real-time / on-demand | Dispatch responders to exact location |
| Crash detection triggered | Immediately on event | Auto-SOS alert with incident location |
| Nearby facility search | On user request | Show relevant help resources nearby |
3.3 Why We Need Background Location
The core purpose of this App is emergency response. First responders and safety teams need your precise, up-to-date location to reach you quickly during an emergency. Background location ensures responders can locate you even if you are unable to interact with your device (e.g., after a vehicle crash or medical event).
3.4 Crash Detection
The App monitors your device's accelerometer data in real-time to detect sudden deceleration patterns consistent with vehicle collisions. If a crash pattern is detected, the App:
- Immediately captures your current GPS coordinates.
- Triggers an SOS alert on your behalf.
- Notifies designated safety responders and your emergency contact.
Accelerometer samples are processed entirely on-device. Raw acceleration data is not transmitted to our servers.
3.5 Consent
A prominent disclosure screen is shown the first time you use the App's location features. You must explicitly accept this disclosure before location collection begins. You may review or withdraw consent at any time through your device's application settings; however, withdrawing location permission will significantly limit emergency response functionality.
4 Device & Technical Data
4.1 Device Identifiers & Hardware Information
| Data Point | Purpose |
|---|---|
| Device UUID / unique device ID | Link location updates to the correct user session |
| Device model & manufacturer | Compatibility diagnostics and support |
| Operating system & version | Platform-specific feature routing |
| Device serial number | Device verification during registration |
4.2 Push Notification Token (FCM)
The App integrates with Firebase Cloud Messaging (FCM) to deliver emergency alerts and helper notifications. A unique FCM token is generated by Google services on your device and stored on our server linked to your user account. This token is refreshed periodically and updated automatically.
4.3 Network & Connectivity Data
- Network connection status (online / offline) — used to queue and retry data transmissions
- Wi-Fi state — used to optimise data transfer for location and SOS payloads
4.4 Authentication Session Data
- Session tokens stored in encrypted local storage
- OTP verification records for login and password reset flows
5 How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide emergency SOS response | Location, device ID, user profile | Vital interests / Legitimate interest (employee safety) |
| Account creation & authentication | Name, email, phone, PIN, biometrics | Contract performance |
| Notify emergency contacts | Emergency contact name & phone | Vital interests |
| Push notifications (alerts, updates) | FCM token | Legitimate interest / Consent |
| Background location tracking | GPS coordinates, timestamp, device ID | Vital interests / Explicit consent |
| Crash / incident detection | Accelerometer data (on-device), location | Vital interests |
| Nearby responder & facility search | Current location | Legitimate interest |
| Customer support & issue resolution | Device info, account data | Legitimate interest |
| Security auditing & fraud prevention | Session tokens, device ID, logs | Legitimate interest |
We do not use your personal data for advertising, profiling for commercial purposes, or any use unrelated to employee safety and emergency response.
6 Data Sharing & Disclosure
6.1 Within Flipkart
Your data is accessible to authorised Flipkart safety officers, security teams, and CorpApp administrators who require it to respond to emergencies and maintain the platform.
6.2 Emergency Responders
When an SOS event is activated, your name, location, and contact information are shared with nearby designated safety personnel (FSTs — Facility Safety Teams) and your emergency contact person to enable rapid response.
6.3 Third-Party Service Providers
We share limited data with the following processors who assist in delivering the App's functionality:
- Google (Firebase Cloud Messaging): FCM token for push notification delivery.
- Google Maps Platform: Location data for map rendering and route display.
- Telecom / SMS Gateway: Mobile number for OTP and registration SMS.
All processors are contractually bound to process data only for the specified purpose and in accordance with applicable data protection laws.
6.4 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or to protect the vital interests, safety, or rights of any individual.
6.5 We Do Not Sell Your Data
We do not sell, rent, lease, or trade your personal information to any third party for commercial purposes.
7 Third-Party Services
| Service | Provider | Purpose | Data Sent |
|---|---|---|---|
| Firebase Cloud Messaging | Google LLC | Push notifications | FCM device token |
| Google Maps SDK | Google LLC | Map display, navigation | Coordinates for rendering |
| Google Geolocation API | Google LLC | Network-based location fallback | Wi-Fi / cell tower data |
| Socket.io (WebSocket) | Internal (Flipkart server) | Real-time SOS alerts | User ID, alert type |
| SMS Gateway | Telecom partner | OTP & registration SMS | Mobile number, OTP |
Google's privacy practices are described at https://policies.google.com/privacy.
8 Data Security
8.1 Encryption in Transit
All communication between the App and our backend servers is conducted over HTTPS (TLS). Sensitive fields — including email addresses, phone numbers, passwords, and emergency contact numbers — are additionally encrypted using AES encryption before being transmitted or stored.
8.2 Encryption at Rest
User credentials and session tokens stored on your device use Ionic's encrypted storage layer backed by platform-native secure storage (Android Keystore / iOS Keychain).
8.3 Access Controls
Access to the backend systems is restricted to authorised personnel only. The App implements token-based session management with automatic session expiry.
8.4 Biometric Security
Biometric authentication is handled entirely by your device's operating system. The App never receives, processes, or transmits raw biometric data.
9 Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & profile data | Duration of employment + 1 year | Audit trail & HR compliance |
| Location history (background tracking) | 90 days | Incident investigation window |
| SOS event records | 3 years | Legal & safety audit requirements |
| Device & session tokens | Until logout or token expiry | Session security |
| Push notification logs | 90 days | Delivery verification |
After the applicable retention period, data is securely deleted or anonymised. You may request earlier deletion of your account data by contacting us (see Section 13).
10 Your Rights & Choices
10.1 Access & Correction
You can view and update your profile information (name, email, contact number, emergency contact, address) at any time through the Edit Profile section of the App.
10.2 Location Permission
You can revoke location permission at any time through your device's operating system settings (Settings → Apps → APST SOS App → Permissions). Note that revoking location access will prevent the App from functioning as an emergency tool.
10.3 Push Notifications
You can disable push notifications through your device's notification settings. Disabling notifications may mean you do not receive emergency alerts in a timely manner.
10.4 Account Deletion
To request deletion of your account and associated personal data, please contact your Flipkart HR representative or email us at the address in Section 13. We will process your request within 30 days, subject to any legal or contractual retention requirements.
10.5 Data Portability
You may request a copy of your personal data in a structured, machine-readable format by contacting us at the address below.
10.6 Withdrawal of Consent
Where processing is based on your consent (e.g., location disclosure), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
11 Children's Privacy
The APST SOS App is intended exclusively for use by Flipkart employees and contracted workers who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that a person under 18 has provided us with personal information, we will take steps to delete such information promptly.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document.
- Send a push notification or in-app alert informing you of the update.
- Where required by law, seek your renewed consent.
Your continued use of the App after changes are posted constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.
13 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
APST SOS App – Data Privacy
CorpApp Team, Flipkart Internet Private Limited
Embassy Tech Village, Outer Ring Road,
Devarabisanahalli, Bengaluru, Karnataka – 560103, India
✉ Email: bhagat.singh@flipkart.com
📱 In-App: Use the Help & Support section within the App
We aim to respond to all privacy-related inquiries within 5 business days.