DMP Teams — Privacy Policy

Effective date: April 24, 2026
Last updated: April 25, 2026 · account deletion process documented

DMP Security ("we", "us", "our") operates the DMP Teams mobile application ("the App"). This Privacy Policy explains what information the App collects, how we use it, and your rights regarding that information.

1. Who we are

DMP Security
Contact: privacy@dmpsec.com

2. Information we collect

The App collects the following categories of data, strictly for the purposes of providing security-operations services to our employees and clients:

2.1 Account information

• Name, email address, phone number
• Role (guard, supervisor, admin, client, maintenance)
• Profile photo (optional, uploaded by the user)
• Encrypted authentication credentials managed by Supabase Auth

2.2 Location data

• Precise (GPS) location is collected only when ALL of the following are true: (1) the user is a security guard, (2) the guard is actively clocked in to a shift, AND (3) the App is open and in use on the device. When any one of these conditions is not met, the App does not access location at all.
• While clocked in, location is sampled approximately every five minutes to verify the guard remains within the assigned site geofence and to maintain a patrol-coverage audit trail for the client.
• Location is also captured at one-time events the user explicitly initiates — clocking in, clocking out, submitting an hourly log, submitting an alarm response, ATM escort, or mobile patrol record — so that those records can be tied to a verified location.
• The App does not collect location while the App is closed, in the background, or when the user is logged out. The App does not run a background service and does not request "all the time" location permission from Android.
• Tracking stops automatically the moment the guard clocks out, logs out, or closes the App.
• Location data is never sold, shared with advertisers, or used for any purpose outside of shift verification, incident response, and client reporting as contractually required.

2.3 Camera and photos

• Photos taken within the App for incident reports, ATM escort documentation, patrol check-ins, hourly logs, or profile photos.
• Photos are uploaded to our secure Supabase storage and associated only with the relevant incident/shift record.

2.4 Operational data

• Clock-in/out timestamps and associated site
• Hourly shift logs, patrol check-ins, alarm responses, ATM escort records
• Incident reports, including associated text, photos, and location
• Shift schedule confirmations

2.5 Device and diagnostic data

• Device model, OS version, App version, crash logs
• Push-notification token (to deliver shift alerts and alarm notifications)
• No advertising identifiers are collected.

3. How we use your information

We use the collected information solely to:

• Authenticate you and authorize access based on your role
• Track and verify shift attendance and performance for payroll and client-reporting purposes
• Deliver real-time alarm, schedule, and operational notifications
• Provide client dashboards showing on-site activity for sites under contract
• Respond to security incidents and comply with contractual obligations to clients
• Diagnose crashes and improve App stability

4. Legal basis

• Contract — to fulfill our employment agreement with guards and service agreements with clients
• Legitimate interest — operational security, fraud prevention, incident response
• Consent — for optional features (e.g., profile photos)

5. How we share information

We do not sell personal data. We share information only with:

• Our clients, limited to shift-verification data and incident reports relating to their contracted sites
• Service providers strictly necessary to operate the App: Supabase (database, authentication, storage, edge functions); Firebase Cloud Messaging / Google Play Services (push notifications); our AI provider for the DMP AI Assistant (queries may include operational metadata but NOT personal identifiers)
• Law enforcement, only when required by a valid legal order

6. Data retention

• Location records, shift logs, and incident reports are retained for up to 3 years to support payroll audit, client reporting, and legal compliance.
• Account records are retained while employed/contracted and for a reasonable period thereafter, then deleted or anonymized.
• You may request earlier deletion subject to our legal and contractual obligations (see Section 8).

7. Security

All data is transmitted over HTTPS (TLS 1.2+) and stored encrypted at rest by our hosting provider (Supabase). Access to personal data within our organization is restricted to authorized personnel on a need-to-know basis.

8. Your rights

Depending on your jurisdiction (GDPR / CCPA / PIPEDA / etc.) you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Receive a portable copy of your data
• Withdraw consent where processing is consent-based

To exercise any of these rights, contact us at privacy@dmpsec.com.

8a. Deleting your account

You can request deletion of your account and the personal data we hold about you using either method below:

• From inside the App: open Settings → Delete Account → Request Account Deletion. A confirmation dialog explains what will be removed; on confirm we log the request and pre-fill an email to our privacy team.
• Online (no app required): visit dmpteams.com/account-deletion and follow the instructions on the page.
• By email: write to privacy@dmpsec.com from the email address tied to your account.

What gets deleted: your profile (full name, phone number, profile photo), your historical location pings, and shift records tied to your account.

What may be retained: anonymized aggregate operational data, audit logs, and records we are required to keep for legal, regulatory, or contractual reasons (with personal identifiers removed where feasible).

Timeline: we will confirm receipt within 7 days and complete deletion within 30 days. You will receive an email when deletion is complete.

9. Children

The App is not intended for and is not used by individuals under 18. We do not knowingly collect data from children.

10. International transfers

Your data may be processed on servers located in the United States or Canada, operated by Supabase. By using the App you consent to such transfer.

11. Changes to this policy

We may update this policy. When we do, we will update the "Last updated" date above and notify active users in-app or by email. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

12. Contact

Questions about this policy or our privacy practices? privacy@dmpsec.com — we'll respond within 30 days.

© DMP Security. This page is a static disclosure for the DMP Teams Android app and the Google Play Store listing.