1. Introduction
CitizenLens ("we," "our," or "us") operates the CitizenLens mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
We are committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and other applicable regulations.
By using CitizenLens, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Account Information
- Name: Optional, used for your public display profile
- Email Address: Collected via your social login provider (Google or Apple) for account identification
- Phone Number: Optional, provided at your discretion (not displayed publicly)
- City and State: Used to filter the feed by your area and surface authorities you may want to contact yourself
2.2 Camera Capture
The App's camera is used in four distinct ways. Each use captures only the image you choose to capture or upload:
- Complaint photos: Photos of the civic issue you are reporting
- Signboard scans: Photos of public signage that the App processes with on-device OCR to extract road and authority text for community verification
- Traffic-violation evidence: Photos including license plates, processed with on-device OCR to extract the plate text
- Accident-report evidence: Photos attached to optional accident reports
2.3 Photo Library Access
- Read access is used to let you attach an existing photo (instead of taking a fresh one) to a complaint, signboard contribution, traffic violation, accident report, or RTI filing
- Write access is used in one place only — when you share a complaint on X, the App saves the complaint's evidence photo to your photo library so the image attaches correctly to the post
2.4 Location Data
- Foreground only: The App requests location only while it is open. It does NOT request always-on or background location.
- Use cases: Pinning the exact spot of the issue you are reporting, sorting the feed by distance, showing nearby complaints and road-condition reports on the map, and tagging signboard scans so other citizens can verify them
- Manual fallback: If you deny location access, the App displays a map tile so you can manually pick a location. No location data is stored beyond what you explicitly submit with a complaint.
2.5 Biometric Authentication
If you enable biometric unlock (Face ID, Touch ID, or device fingerprint), authentication happens entirely on your device using the operating system's secure enclave. We never receive your biometric template — we only learn whether the OS reported a successful match.
2.6 Complaint, Contribution, and Report Content
- Photographs that you capture or upload across complaint, signboard, accident, or violation flows
- Location coordinates captured at submit time when the relevant flow uses GPS
- Text descriptions you enter (titles, notes, witness statements, RTI questions, etc.)
- Category selections indicating the type of issue
- Vehicle plate text extracted by on-device OCR for traffic-violation submissions
2.7 Notification Tokens and Preferences
- A device push token issued by Firebase Cloud Messaging (FCM) is stored against your account so we can deliver complaint updates, escalation alerts, social activity, and announcements
- Per-category notification preferences (set in Settings → Notification Settings) are stored against your account and honored server-side — disabling a category prevents the matching push from being sent
2.8 Automatically Collected Information
- Device Information: Device type, operating system version, unique device identifiers
- Usage Data: App features used, screens visited, interaction patterns. Collected only if you explicitly opt in via Settings → Privacy → Usage Analytics. Disabled by default.
- Crash Reports: Technical data about app errors. User identifiers are pseudonymized before transmission; no name, email, phone, or address is sent.
3. How We Use Your Information
We use the collected information to:
- Authenticate your identity via your chosen social login provider
- Help you draft civic complaints and surface authorities you may contact yourself via your own apps (Twitter, WhatsApp, email)
- Display complaint information to other CitizenLens users (your contact details are never displayed publicly)
- Send push notifications about complaint status updates, escalation reminders, social activity on your posts, and admin announcements — all subject to your notification preferences
- Improve App functionality and user experience through anonymized analytics (only if you opt in)
- Detect and prevent fraudulent or abusive use of the platform, including blocking, reporting, and content takedown
- Comply with legal obligations
3.1 Analytics Consent
Analytics tracking is opt-in only. By default, no usage data is collected. If you enable analytics in Settings → Privacy → Usage Analytics, we collect screens visited, feature usage counts, and app performance timings. This data is anonymous and cannot be linked back to you. You can disable analytics at any time.
3.2 On-device AI / OCR
Signboard and license-plate scans are processed entirely on your device using ML Kit text recognition. Image bytes are not sent to a third-party AI service for OCR. Only the extracted text and your edits to it are stored when you choose to submit a contribution or violation.
4. How We Share Your Information
4.1 Public Information
- Your complaints, signboard contributions, road-condition reports, traffic violations, and other public posts (including photos, text, locations, and categories) are visible to other CitizenLens users
- Your display name (if provided) and avatar are shown alongside your posts
- Your email, phone number, and exact GPS coordinates outside a complaint are NEVER shared publicly
4.2 Sharing With Authorities (User-Initiated Only)
- CitizenLens does not transmit your complaint data to any government system, ministry, or authority. All sharing happens through your own apps when you tap a share or escalate button — you review and send each message yourself.
- If you choose to file an RTI through the app, CitizenLens generates the application text for you to submit on rtionline.gov.in or by post yourself.
- Your contact details (phone, email) are stored only in your CitizenLens account and are never auto-attached to any external communication.
4.3 Third-Party Services
We use a limited set of third-party services to operate the App:
- Authentication: Google Sign-In and Sign in with Apple receive only the OAuth fields needed to verify your identity
- Database & storage: Supabase (hosted on AWS infrastructure) stores your account, posts, and uploaded photos behind row-level security policies
- Push notifications: Firebase Cloud Messaging receives device tokens and the notification payload to deliver alerts
- Crash reporting: Sentry receives pseudonymized error data; user IDs are cryptographically hashed before transmission. No usernames, phones, emails, or other personal identifiers are sent.
- Analytics: PostHog receives anonymous usage data only if you have explicitly opted in via Settings → Privacy → Usage Analytics. Disabled by default per DPDP Act 2023.
- Map tiles: An OpenStreetMap-compatible tile service renders maps. No personal data is sent to the tile service beyond the map tile coordinates that are already public.
We do NOT sell your personal data to any third party. We do NOT use your data for advertising.
5. Data Storage and Retention
- Your data is stored on secure servers managed by Supabase (hosted on AWS infrastructure compliant with industry standards)
- Complaint data is retained for as long as the complaint is active and for 3 years after resolution for record-keeping
- Account data is retained until you request deletion
- Crash reports and (opt-in) analytics data are retained for 12 months
- You may request deletion of your data at any time (see Section 6)
6. Your Rights Under DPDP Act
Under the Digital Personal Data Protection Act, 2023, you have the right to:
6.1 Right to Access
Request a summary of the personal data we hold about you and how it is being processed.
6.2 Right to Correction
Request correction of inaccurate or incomplete personal data.
6.3 Right to Erasure (Right to be Forgotten)
Request deletion of your personal data. Upon receiving a valid request, we will delete your account and personal information, anonymize or remove your posts, and remove your photos from storage within 30 days. You can also delete your account directly from the App via Settings → Privacy → Delete Account, which uses biometric or password re-authentication to confirm you own the account.
6.4 Right to Data Portability
Request a machine-readable copy of your personal data via Settings → Privacy → Download My Data.
6.5 Right to Withdraw Consent
Withdraw consent for data processing at any time. This may limit App functionality.
6.6 Right to Grievance Redressal
Contact our Grievance Officer for any concerns (see Section 11).
7. Content Moderation and Community Safety
To keep CitizenLens safe and accurate:
- You can block another user. Blocked users' content disappears from your feed, comments, map, and notifications.
- You can report a complaint, comment, or user. After 5 distinct user reports the content is automatically hidden pending review.
- Hidden content can be appealed, and the result is delivered as a notification.
- Repeated false reports, harassment, or abuse may result in account suspension.
8. Data Security
- All data transmitted between the App and our servers is encrypted using TLS 1.2+
- Authentication tokens are stored in the device's secure storage (iOS Keychain / Android Keystore via Expo Secure Store)
- Row-Level Security (RLS) is enabled on all database tables
- Access to production data is restricted to authorized personnel only
- Regular security audits are conducted
9. Children's Privacy
CitizenLens is not intended for children under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through an in-app notification and an updated "Last Updated" date at the top of this policy. Your continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
For questions, concerns, or data requests:
Data Protection / Grievance Officer
Email: citizenlens.support@gmail.com
General Support
Email: citizenlens.support@gmail.com
Website: citizenlens-in.vercel.app
Response Time: We will respond to data access, correction, and deletion requests within 30 days as required by the DPDP Act.
Supervisory Authority: If you are unsatisfied with our response, you may file a complaint with the Data Protection Board of India.