Data Collection & Privacy Policy - DC&P Policy

Firstly, let's just agree that only trivial apps do not collect any user data. This implies that almost ALL useful apps have to collect some or other user data in order to personalize the user experience. With that said, it's undeniable that, your privacy is very important to us. For this reason, we have developed a Data Collection & Privacy Policy (DC&P Policy) to help you, as our user, understand how we collect, use, communicate and disclose your personal data.

 

We state on record that we DO NOT transmit, communicate and/or sell any User Data we collect to any Third Party. We also do not collect User Data other than the most basic data required for the proper functioning of the Android applications we create.

 

We further state on record that we ALWAYS adhere to the DC&P Policy as outlined here and DO NOT deviate from or circumvent this Policy under any circumstances. Thus, if any User suspects irregularities with regard to Data Collection & Privacy activities linked to any Android App created by Whitsoft Investment C.C. (WICC), then this DC&P Policy may be used as evidence in any legal pursuit against Whitsoft Investment C.C. (WICC).

 


 

The following Android App (created by Whitsoft Investment C.C. - WICC) collects various sets of User Data and thus adheres to the DC&P Policy:

 

NAds (short for 'Namibian Adverts')

App Description

The 'NAds' app is a country-specific (i.e. Namibia limited) Android app that allows users to advertise various items for sale or acquisition ranging from small valuables to large items such as vehicles and property. All user-created data are saved on the NAds Database Server to which users gain access via user-specific login credentials.

 

  • Permissions Required

The 'NAds' app requires the following Manifest Permissions:

 

- CAMERA

The 'CAMERA' permission is required for capturing still images directly with the mobile device's built-in camera hardware. These images may then be uploaded to the NAds Database Server to enhance adverts created by the user.

 

- INTERNET

The 'INTERNET' permission is required for interaction with the NAds Database Server. For specifics on the types of data sent to the NAds Database Server please see the 'Data Collection' section for this app.

 

- ACCESS_NETWORK_STATE

The 'ACCESS_NETWORK_STATE' permission is required to check if the mobile device is connected to the internet - before executing any network dependent activities (such as the downloading of previously stored user data from the NAds Database Server). If this check is not done BEFORE a network activity is launched, and the mobile device just happens to be offline at that moment, then the activity will cause the app to force close (i.e. crash).

 

- READ_EXTERNAL_STORAGE

The 'READ_EXTERNAL_STORAGE' permission is required to access data stored on the external storage of the mobile device - specifically images created or captured with the built-in camera.

 

- WRITE_EXTERNAL_STORAGE

The 'WRITE_EXTERNAL_STORAGE' permission is required to write user or app created data to the external storage of the mobile device - specifically images created or captured with the built-in camera.

 

- SEND_SMS   &   READ_SMS   &   RECEIVE_SMS

The 'SMS Group' permissions are required by the app for user authentication (i.e. One-Time Pin - OTP sending and receival) when users sign up for a new NAds User Account; as well as for the Mobile Carrier Billing feature that the app uses. Only these two types of SMSes (i.e. OTP & BILLING) are sent by the NAds app to the CONNECT SMS API for processing and then back again to the NAds Database Server for logging. All sensitive data sent in the SMSes are locally (i.e. client) encrypted before being sent as an SMS.

 

- CALL_PHONE

The 'CALL_PHONE' permission is required by the app to allow users to call advert authors/creators directly if said authors have previously enabled the 'Allow Calls' feature of the app. If this feature is enabled other NAds users will be able to see the advert creator's mobile number (which poses a security risk, and thus is not enabled by default). The user must actively enable this feature and in so doing agrees to accept all risks associated with the exposure of his/her mobile number.

 

That concludes the 'PERMISSIONS' section for the NAds app.

 

 

  • Data Collection

The 'Nads' app collects, stores and transmits the following User Data:

    1. Mobile Operator Number - 'MoN'

The 'Mobile Operator Number' or 'MoN', for short, serves as the PRIMARY KEY in the Users Table of the NAds Database. It is a unique number that it used to index all data created and stored on the NAds Database by the user. It is therefore a very important datum required by the NAds app. After deing defined and stored on the NAds Database the 'MoN' can NEVER BE ALTERED, aside from being deleted from the NAds Database upon user account cancellation. For transmission specifics please the 'Data Transmission' section for this app.

    1. User's Email - 'Email'

The 'Email' variable is a very important communications variable. It is used as a security key input and more importantly a means of conveying important user information (such as passwords, account activity status etc.) to the user via email. It is thus in the user's best interest to provide a correct and working email address for this variable.

    1. User's Date of Birth - 'DoB'

The 'Date of Birth' or 'DoB' variable is a user-defined variable that is required for two purposes: 1. as a security key or input in the event that a user forgets the login password and wants to retrieve said password; and 2. to customize/filter the ads shown to the user based on a maturity criterion (i.e. age-restricted advertising - e.g. for adult content etc.). It is very important that the user specify the correct 'DoB' (or atleast one that the user will not later forget) as it is used as a security key and thus can deny the user access to his/her NAds account if forgotten.

    1. User Account Password - 'uPass'

The 'uPass' variable is security key variable. This is the second most-important security step in identifying a NAds user for access to the user account. It is of utmost importance not to forget the 'uPass', however recovery options do exist in the event of not remembering the 'uPass'.

    1. User-Defined Location - 'uLoc'

The 'User-Defined Location' or 'uLoc', for short, is a user-defined location selection that is used to customize or filter the ads shown to the user. User defines a location and all ads subsequently created by that user will be referenced to that location. Users can then filtre adverts by location. This is also a security key variable so it will be in the user's best interest to be as accurate and/or truthful about this variable as possible.

    1. User Alias - 'Alias'

The 'Alias' variable is a another important variable as its main purpose is to serve as a user-friendly identifier for all NAds users. NAds users will be able to rate each other on different NAds Crtiteria and the 'Alias' is a useful variable by which to identify a NAds user for such rating purposes. The 'Alias' variable can also NEVER BE ALTERED once defined and saved to the NAds Database, aside from being deleted from the NAds Database upon user account cancellation.

 

  • Data Transmission

The 'Nads' app transmits the following User Data to only ONE location - the NAds Database Server (located at - http://www.whitsoft.com/):

  1. Mobile Operator Number - 'MoN'
  2. User's Email - 'Email'
  3. User's Date of Birth - 'DoB'
  4. User Account Password - 'uPass'
  5. User-Defined Location - 'uLoc'
  6. User Alias - 'Alias'
  7. User Account Type
  8. User Login DateTime

All the data variables listed above are considered to be sensitive User Data and are encrypted locally (i.e. by the Client or NAds app installed on the user's mobile device) before being sent over the internet to the NAds Server. No decryption is done on the Server side as the encrypted data are simple saved into NAds Database. Thus, if the client (i.e. NAds app) needs user data it requests that data using a locally encrypted 'MoN' and then decrypts the data locally, again, before displaying it to the user or utilizing the data for other activities.

 

In addition to this all user data that are stored locally (i.e. cached or stored to 'Shared Preferences') are also first encrypted by the NAds app before being stored. This ensures that if a hacker get access to your mobile device (and even access to your cached data), the hacker will first have to get the decryption algorithm before being able to read your data.

 

That covers the DC&P Policy for the NAds app. We commit to keeping your data private as our business model is integrally relient on your ease-of-mind which ensures the continued use and prolonged relationship between our products and you.