GDPR Policy
Last updated: March 7, 2026
ShareWifi is committed to full compliance with the EU General Data Protection Regulation (GDPR) and respects the data rights of all users, regardless of location.
1. Data Controller
ShareWifi acts as the Data Controller for any personal data processed through the app. For GDPR inquiries, you can reach our Data Protection contact at:
- Email: info@sharewifi.in
- Subject line: "GDPR Request"
2. Legal Basis for Processing
We process data under the following legal bases as defined by GDPR Article 6:
- Consent (Art. 6(1)(a)): For push notifications, personalized ads, and optional analytics. You can withdraw consent at any time.
- Legitimate Interest (Art. 6(1)(f)): For crash reporting and basic app functionality to maintain service quality.
- Contractual Necessity (Art. 6(1)(b)): For processing paid hotspot transactions when you use paid features.
3. Data We Process
Data processed locally on your device (never sent to our servers):
- Wi-Fi network names (SSID) and passwords — used only for QR generation
- QR code encryption/decryption — handled entirely on-device
Data processed by third-party services:
- Anonymous device identifiers — Firebase Analytics (for usage statistics)
- Crash logs — Firebase Crashlytics (for bug fixes)
- Advertising ID — Google AdMob (for ads, opt-out available)
- Push notification tokens — OneSignal (opt-in only)
4. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights:
Right of Access (Art. 15)
Request a copy of all personal data we hold about you. We will respond within 30 days.
Right to Rectification (Art. 16)
Request correction of any inaccurate personal data we may hold.
Right to Erasure (Art. 17)
Request deletion of your personal data. Also known as the "right to be forgotten".
Right to Restrict Processing (Art. 18)
Request that we limit how we use your data while a complaint is being resolved.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format to transfer elsewhere.
Right to Object (Art. 21)
Object to processing based on legitimate interest, including profiling for ads.
Right to Withdraw Consent
Withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint
File a complaint with your local Data Protection Authority (DPA) if you believe your rights are violated.
5. How to Exercise Your Rights
To exercise any of these rights, send an email to info@sharewifi.in with the subject "GDPR Request" and include:
- Your full name
- The specific right you wish to exercise
- Any relevant details to help us identify your data
We will respond within 30 days of receiving your request. In complex cases, this may be extended by an additional 60 days with notice.
6. Data Transfers Outside the EU
Some third-party services (Google, Firebase, OneSignal) may transfer anonymized data to servers outside the EU/EEA, including the United States. These transfers are protected by:
- EU-US Data Privacy Framework (DPF) certifications
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Appropriate safeguards as required by GDPR Chapter V
7. Data Retention
- Wi-Fi credentials: Never stored on servers. Exist only in local device memory during QR generation.
- Analytics data: Retained for 14 months, then automatically deleted.
- Crash reports: Retained for 90 days.
- Transaction data (paid features): Retained for the period required by applicable tax and accounting laws.
8. Data Protection Measures
- AES-256 encryption for QR code data
- No server-side storage of Wi-Fi credentials
- Minimal data collection by design (privacy by default)
- Regular security reviews of third-party integrations
- Secure HTTPS connections for all network communications
9. Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will:
- Notify the relevant Data Protection Authority within 72 hours
- Notify affected users without undue delay if the breach poses a high risk
- Document the breach, its effects, and remedial actions taken
10. Updates to This Policy
This GDPR Policy may be updated to reflect changes in our data practices or applicable law. Material changes will be communicated through the app or this webpage.
11. Supervisory Authority
If you are located in the EU/EEA and wish to lodge a complaint, you may contact your local Data Protection Authority. A list of EU DPAs can be found at the European Data Protection Board website.