Privacy Policy

Last Updated: December 16, 2025

1. Introduction

Welcome to Mbeya HSE Connect ("the App", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application for conducting BOG (Boots on Ground) tours, logging hazards, recording interactions with staff and contractors, assigning actions, and managing action closure workflows in the field.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Name, email address, phsone number, profile picture
  • Authentication Data: Login credentials, access tokens, PIN codes for security
  • Professional Information: Role, department, site assignment, reporting structure
  • Contact Information: Email and phone number for account recovery and notifications

2.2 Location Data

Mbeya HSE Connect requires location permission to verify field visits and associate activities with specific sites, zones, and plants. Location access is mandatory and must be granted for the app to function.

Location data is collected:

  • QR Code Scanning: You must be within a minimum of 2 kilometers (2K) proximity to the designated site before you can scan QR codes. This ensures data accuracy and verifies physical presence at the location.
  • During BOG tours for route tracking and verification purposes
  • When logging hazards to accurately tag their location
  • During staff and contractor interactions to verify field presence
  • When assigning and closing actions to maintain location audit trails

Important: Location data is used solely for app functionality purposes and is not shared with third parties for marketing or other unrelated purposes. The data is stored securely to maintain operational records and ensure compliance.

2.3 Camera and Media Access

Mbeya HSE Connect requires camera permission to enable photo documentation of hazards and field conditions.

  • Hazard Documentation: Take photos of identified hazards for accurate reporting and tracking
  • Visual evidence for action assignments and closure verification
  • Documentation of interactions and site conditions during BOG tours

Important: Photos and media captured through the app are stored securely and used exclusively for app functionality purposes. They are not shared externally except within your organization for operational and compliance purposes.

2.4 Hazard and Operational Data

We collect operational data including:

  • BOG Tours: Tour start/end times, routes, locations visited, and verification data
  • Hazard Logging: Hazard reports with descriptions, severity levels, categories, location data, photos, and timestamps
  • Interactions: Records of interactions with staff and contractors including date, time, location, participants, and notes
  • Action Management: Action assignments, responsible parties, due dates, status updates, and closure documentation
  • Workflow Data: Tracking of action closure status, approval workflows, and resolution timelines
  • VPC and CVPC records with timestamps and completion details
  • QR code scan data and site verification information
  • Photos and media uploaded during field operations

2.5 Device Information

We automatically collect:

  • Device type, operating system, and unique device identifiers
  • Mobile network information
  • App version and usage statistics
  • Device fingerprint for security and fraud prevention

We use the collected information for:

  • BOG Tours: Enable, track, and verify field tours including route validation and completion tracking
  • Hazard Management: Log, track, and manage hazards from identification through closure, ensuring timely resolution
  • Interaction Logging: Record and track interactions with staff and contractors for compliance and operational visibility
  • Action Management: Assign actions to responsible parties, track progress, and facilitate easy closure of actions
  • Authentication & Security: Verify user identity, prevent unauthorized access, and protect against fraud
  • Location Verification: Ensure data accuracy by confirming physical presence within the required 2K proximity for QR code scanning and field activities
  • Photo Documentation: Store and manage hazard photos and visual evidence for accurate reporting and tracking
  • Operational Analytics: Generate reports, analyze trends, and improve safety and operational efficiency
  • Communication: Send notifications about hazards, actions, tours, updates, and system alerts
  • Access Control: Manage role-based permissions and site access
  • Compliance: Meet regulatory requirements and maintain audit trails

Data Usage Commitment: All data collected through Mbeya HSE Connect, including location data and photos, is used exclusively for app functionality purposes. We do not share this data with third parties for marketing or any purposes unrelated to the app's core functions.

4. Information Sharing and Disclosure

We may share your information with:

  • Within Organization: Supervisors, managers, and authorized personnel within your reporting structure
  • Service Providers: Third-party vendors who assist with hosting, analytics, and communication services
  • Legal Compliance: Law enforcement or regulatory authorities when required by law
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement robust security measures including:

  • End-to-end encryption for data transmission
  • Secure token-based authentication with JWT
  • Device fingerprinting to prevent unauthorized access
  • Regular security audits and vulnerability assessments
  • Access controls and role-based permissions
  • Secure database storage with encryption at rest

We retain your information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law. Specifically:

  • Account data: Retained while your account is active
  • Hazard records and workflows: Retained for compliance and historical tracking
  • VPC and CVPC records: Retained for operational and compliance purposes
  • Location data: Retained for verification and audit purposes
  • Access logs: Retained for security monitoring

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data (subject to legal and operational requirements)
  • Opt-Out: Disable notifications through app preferences
  • Data Portability: Request your data in a portable format

To exercise these rights, please contact your system administrator or our privacy team.

8. App Permissions

8.1 Location Permission (Required)

Mbeya HSE Connect requires location access to function. Location permission is mandatory and cannot be optional. The app uses your location to:

  • QR Code Proximity Verification: Ensure you are within a minimum of 2 kilometers (2K) from the designated site before allowing QR code scanning
  • Accurately tag hazard locations for proper tracking and resolution
  • Verify your physical presence during BOG tours
  • Record accurate locations for staff and contractor interactions
  • Maintain location audit trails for action assignments and closures

Note: Without location permission, the app will not function. Location data is stored securely and used only for app functionality—it is not shared with third parties for marketing or unrelated purposes.

8.2 Camera Permission (Required)

Mbeya HSE Connect requires camera access to enable photo documentation of hazards and field conditions:

  • Take photos of identified hazards for accurate visual documentation
  • Capture visual evidence for action assignments and closure verification
  • Document site conditions during BOG tours and interactions

Note: Photos are stored securely within the app and used exclusively for operational purposes. They are not shared externally except within your organization for safety and compliance requirements.

9. Children's Privacy

Mbeya HSE Connect is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last Updated" date. You are advised to review this privacy policy periodically for any changes.

11. Third-Party Services

Mbeya HSE Connect may integrate with third-party services including:

  • Email service providers for notifications
  • SMS gateways for OTP verification
  • Cloud storage for media files (photos and documents)
  • Analytics platforms for app performance monitoring

Important: While we may use third-party services for infrastructure and communication, your location data and photos are not shared with these services for marketing purposes. They are used exclusively for secure storage and app functionality.

These third parties have their own privacy policies. We encourage you to review their policies.

12. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your jurisdiction. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

13. Contact Us

If you have questions or concerns about this privacy policy or our data practices, please contact us at:

Email: privacy@hseconnect.co.tz

Support: support@hseconnect.co.tz

Address: [Your Company Address]

14. Consent

By using Mbeya HSE Connect, you consent to this privacy policy and agree to its terms, including the mandatory use of location and camera permissions. If you do not agree, please discontinue use of the application.

By granting location and camera permissions, you acknowledge that:

  • Location data will be used to verify your proximity (within 2K) before QR code scanning
  • Location data will be collected during BOG tours, hazard logging, and interactions
  • Camera access will be used to document hazards and field conditions
  • All data is used exclusively for app functionality and not shared for marketing purposes
  • Data is stored securely and used for operational and compliance purposes only

© 2025 Mbeya HSE Connect. All rights reserved.