← Back to Dashboard

Privacy Policy

Last updated: April 21, 2026  |  Effective: April 21, 2026

1. Who We Are (Data Controller)

Nexrypt Loc8 is a mobile device security and anti-theft application. It is a product of Nexrypt Technologies, a company registered in Kenya.

Nexrypt Technologies is the data controller for all personal data collected through this application. This means we are responsible for deciding how your data is collected, stored, and used.

We do not currently have a designated Data Protection Officer (DPO). For any data-related concerns, please contact us directly using the details above.

2. What Data We Collect

We only collect data that is necessary to provide you with our anti-theft and device security services. Here is exactly what we collect:

• Account Information: Your name, email address and password (stored in a hashed/encrypted form) when you register an account.
• Device Location (GPS): Real-time GPS coordinates of your registered device, so you can track it when it get lost or stolen.
• Device Information: Device model, manufacturer, Android version and a unique device identifier (Device ID).
• SIM Card Data: The phone number associated with your SIM card. We detect SIM card swaps and alert you immediately.
• Photos / Camera Data: When you use the remote camera command, the app captures a still image using your device's front or rear camera and sends it to your dashboard.
• System Status Logs: Battery level, screen lock state and power-off attempts — these are monitored to keep our anti-theft protection active at all times.
• IP Address: Collected automatically when your device communicates with our servers. This is used for security purposes and to detect unusual activity.
• Cookies & Session Data: We use session cookies on our dashboard website to keep you logged in. These are required for the service to function and are not used for advertising.

We do not collect payment card details directly. We do not collect data from users who have not registered and installed the app.

3. Why We Collect This Data (Purpose of Collection)

Every piece of data we collect serves a specific purpose:

• Location Data: To show you where your device is on the map in real time.
• Account Information: To create and manage your account securely.
• Device Information: To ensure the app works correctly on your specific phone.
• SIM Card Data: To detect if someone has swapped your SIM card without your knowledge.
• Photos: To help you identify who is in possession of your lost or stolen phone at that specific time.
• System Logs: To keep the anti-theft protection running even when someone tries to power off the phone.
• IP Address: For server security and to prevent unauthorized access to your account.
• Session Cookies: To maintain your login session on the dashboard.

4. Legal Basis for Processing Your Data

We process your personal data under the following legal grounds:

• Contract Necessity: Most of the data we collect is needed to deliver the service you signed up for. Without location data, for example, the tracking feature cannot work.
• Your Consent: When you install the app and grant permissions (such as location access or camera access), you are giving us consent to collect that specific data. You can withdraw consent at any time by revoking the permission on your device.
• Legitimate Interest: We process system logs and IP addresses to protect the security of our service and to detect and prevent fraud or abuse.

5. Who We Share Your Data With (Third-Party Sharing)

We do not sell your data. We do not share your personal data with advertising companies. We may share data with the following trusted service providers who help us run Nexrypt Loc8:

• Hosting & Server Providers: Our application servers and databases are hosted on third-party servers. These providers are contractually bound to keep your data secure and not use it for any other purpose.
• Firebase (Google): We use Firebase Cloud Messaging (FCM) to send push notifications to your device. Google may process your device token as part of this service.
• Email Service Providers: We use email services to send you account alerts and security notifications.

We will only share your data with a third party if we are required to by law (for example, in response to a valid court order from Kenyan authorities).

6. Cookies and Tracking Technologies

Our dashboard website uses the following types of cookies:

• Session Cookies (Required): These cookies keep you logged into your dashboard. They are deleted when you close your browser or log out. You cannot opt out of these cookies because they are essential for the site to work.
• Local Storage (Required): We use your browser's local storage to remember your login session between visits if you chose "Remember Me".

We do not use analytics cookies, advertising cookies, or any third-party tracking scripts on our dashboard pages. You can clear cookies and local storage at any time through your browser settings.

7. How Long We Keep Your Data (Data Retention)

We keep your data for as long as your account is active. Specifically:

• Account Data: Kept for the lifetime of your account. If you delete your account, your personal data is permanently erased within 30 days.
• Location Logs: The most recent known location is stored. Historical location logs are kept for up to 90 days and then automatically deleted.
• Camera Images: Images captured by the remote camera feature are stored in your account until you manually delete them.
• Server Logs (IP addresses): Kept for up to 30 days for security purposes, then automatically purged.

8. Your Rights as a User

You have the following rights regarding your personal data:

• Right to Access: You can ask us to show you all the personal data we hold about you.
• Right to Correction: You can ask us to correct any inaccurate information about you.
• Right to Deletion ("Right to be Forgotten"): You can ask us to permanently delete your account and all associated data.
• Right to Data Portability: You can request a copy of your data in a standard, readable format.
• Right to Object: You can object to us processing your data where we rely on "legitimate interest" as our legal basis.
• Right to Withdraw Consent: If you previously gave consent (e.g., granting location permission), you can withdraw it at any time by revoking the permission on your Android device.

To exercise any of these rights, send us an email at info.nexryptloc8@gmail.com. We will respond within 24 hours.

9. Data Security

We take strong measures to protect your data:

• All data sent between your device and our servers is encrypted.
• Passwords are stored using secure hashing
• Access to our servers and databases is restricted to authorized personnel only.
• We conduct regular security checks on our systems.

Despite these measures, no system is 100% secure. If we ever discover a breach that affects your data, we will notify you promptly.

10. International Data Transfers

Nexrypt Technologies is based in Kenya. Our servers are hosted in other countries depending on our hosting provider. If your data is transferred outside Kenya, we make sure that appropriate safeguards are in place to protect it, including data processing agreements with our service providers that include standard data protection clauses.

11. Changes to This Policy

We may update this Privacy Policy from time to time as our service grows or as laws change. When we make a significant change, we will:

• Update the "Last Updated" date at the top of this page.
• Send you a notification via email to the address on your account.

We recommend checking this page periodically. Continued use of Nexrypt Loc8 after a policy update means you accept the new terms.

12. Contact Us

If you have any questions, complaints or requests regarding this Privacy Policy or your personal data, please reach out: