Blockwatch
Blockwatch
Privacy Policy

Privacy Policy

Last updated: 22 April 2026

Plain-language summary

Blockwatch helps residents report suspicious activity and crime to their neighbours and armed-response companies. We collect your name, phone number, home address and GPS location because that's what makes the service work. We never sell your data. You can request a copy of what we hold or have your account deleted by emailing privacy@blockwatchapp.co.za. This policy follows the Protection of Personal Information Act (POPIA).

1. Who we are

Blockwatch is operated from South Africa. For questions about this policy or your personal information, contact the Information Officer at privacy@blockwatchapp.co.za.

2. What we collect

When you use Blockwatch, we collect and store:

  • Identity: full name, phone number, optional email.
  • Location: your home address as a street name plus GPS coordinates (latitude and longitude). Used to match you to nearby incidents and your linked control room.
  • Incident reports: category, description, photos or videos you attach, and GPS of the reported location.
  • Activity: which incidents you've viewed, tapped "I'm responding" on, or marked as on-scene. Used to drive response-time metrics.
  • Push notification tokens: so we can send you real-time alerts from our servers.
  • Plate watches: vehicle plates you've subscribed to for alerts (e.g. a stolen car).
  • Technical data: IP address, device type, app version, error logs — for abuse prevention and debugging only.

3. Why we collect it

  • To let you report incidents and receive alerts about activity near your home.
  • To route emergency reports to the armed-response company ("control room") you are linked to, if any.
  • To let area coordinators and admins verify the identity of reporters, reducing false reports.
  • To send push notifications for incidents, announcements, and plate-watch matches.
  • To produce analytics that help your community and armed-response partners improve response times. These analytics are aggregated — we don't share individual reports across unrelated communities or companies.

4. Who sees your information

  • You: full access to your own profile, reports, and alert history.
  • Other residents near you: see incident reports you submit, identified only by your username (e.g. @neighbour123). They do NOT see your full name, phone number, email, or home address.
  • Your area admin (if your neighbourhood has one): sees your full profile — name, phone, email, home address — for the purpose of verifying your identity, approving your registration, and moderating reports. Other area admins (in other neighbourhoods) do not see your data.
  • Your linked control room (CRA): if you subscribe to an armed-response company and they are linked to your account, their dispatch team sees your incident reports including your name, phone number, and location so they can dispatch help. Other armed-response companies do not see your reports.
  • Blockwatch operators (superadmin): for support, moderation, and platform operations, a small number of Blockwatch staff have access to all data. Every admin action is logged in an audit trail.
  • Nobody else. We don't sell, rent, or share your personal information with advertisers or data brokers.

5. Where your data is stored

Our database is hosted on Supabase in the European Union. Supabase processes the data strictly on our instructions. Push notifications pass through Expo and the relevant mobile operating system providers (Google for Android, Apple for iOS). Emails we send to you are delivered via Resend (also EU-based). These cross-border transfers are permitted under POPIA because we ensure an adequate level of protection through our contracts with these providers and their own compliance with GDPR, which offers comparable protection.

6. How long we keep it

  • Your account and profile: for as long as your account is active. Deleted within 30 days of you closing your account.
  • Incident reports: retained indefinitely as part of the community crime record, but personal identifiers are anonymised 12 months after resolution.
  • Location data, push tokens, and activity logs: most recent 24 months, then automatically purged.
  • Audit and security logs: 5 years (required for investigations and regulatory reporting).

7. Your rights under POPIA

You can:

  • Access — request a copy of all personal information we hold about you.
  • Correct — fix any data that's inaccurate. Most fields are editable directly in your profile.
  • Delete — have your account and personal data erased. Some anonymised incident data may be retained for community safety purposes.
  • Object — tell us to stop processing your data for a specific purpose (e.g. opt out of non-critical notifications).
  • Complain — to the Information Regulator of South Africa if you're unsatisfied with how we handle your data.

To exercise these rights, email privacy@blockwatchapp.co.za. We'll respond within 30 days as required by POPIA.

8. Security

Data is transmitted over TLS (HTTPS). Database access is restricted by row-level security — each user can only read the rows they're authorised to see. Passwords are hashed. We log every administrative action. No system is perfectly secure, but we use industry-standard practices and actively monitor for unauthorised access.

9. Children

Blockwatch is intended for users aged 18 and older. If you're under 18, you may only use the app with a parent or guardian's consent and under their supervision. We don't knowingly collect data from children under 13. If we discover such data, we delete it immediately.

10. Changes to this policy

If we make material changes, we'll notify you in the app or by email before the changes take effect. The "Last updated" date at the top of this page reflects the most recent change.

11. Contact

Information Officer / Privacy queries:
privacy@blockwatchapp.co.za

Terms of Service →Back to sign in