Last updated: December 15, 2025
This Privacy Policy (“Policy”) applies to the processing of personal data carried out through the One Companion mobile application (“Application”) and the Connected ONE device (“Device”), both owned and operated by SIMPLYCONNECTED Lda (“Company”, “we”, “us”, or “our”).
The Application and the Device operate together to provide users with connectivity, communication, and safety functionalities, including emergency alerting, location tracking, and satellite messaging. This Policy describes how personal data is collected, used, stored, and shared when individuals use:
This Policy does not apply to third-party applications, platforms, or services that may integrate with or be accessed through the Application or Device. We encourage users to review the privacy policies of any such third parties before providing personal information.
The Connected ONE Device and the One Companion Application work together to provide safety, communication, and tracking functionalities. Depending on how you use the Device and Application, we may process the following categories of personal data. The service does not perform automated decision-making, including profiling that produces legal or significant effects.
When you create or manage an account within the Application, we process:
This data is processed to create and maintain your user account, authenticate access, and provide personalized configuration of the Application and Device.
To ensure reliable operation, we process:
This information is used for security, troubleshooting, and performance optimization purposes.
Camera access is only used to register a new Connected One device via QR code.
To connect the Application with the Device, we process Bluetooth pairing. No third-party communication contents are accessed or transmitted through this connection.
The Application may request access to your mobile device’s location only because certain operating systems (iOS and Android) require it for Bluetooth device discovery and pairing. The Application itself does not use, store, or process location data for any other purpose.
For push notifications, we process:
This data enables us to send alerts and updates according to your notification settings.
When you activate an emergency alert feature, we process:
This processing enables the alert to be transmitted to your chosen emergency contacts.
When you use messaging features to send personalized messages, we process:
This data is used exclusively to send and display messages between the defined contacts.
When you enable tracking, we process:
This information is processed to show your position on a map within the Application or via a link that you can share with your contacts.
We do not use cookies or any similar tracking technologies. The app and related services do not rely on web beacons, analytics trackers, advertising identifiers, or behavioral profiling tools. Only strictly necessary technical identifiers required for the operation of the service are used.
| Permission Requests/Purpose | General Data Protection Regulation (GDPR) (*) |
|---|---|
| Registration & Account - user registration and authentication |
Performance of a contract (Art. 6(1)(b))
Processing is necessary to perform the contract or take steps at the user’s request before entering into one. |
| Messages, Location, Contacts - satellite emergency messages with location |
Vital interests (Art. 6(1)(d)) and performance of a contract (Art. 6(1)(b))
Processing protects the vital interests of the user or another person and is required to provide the contracted emergency service. |
| Messages, Contacts - Sending personalized satellite messages |
Performance of a contract (Art. 6(1)(b))
Necessary to provide messaging functionality under the user agreement. |
| Location - Tracking and map visualization (when enabled) |
Consent (Art. 6(1)(a))
Processing takes place only with your freely given, informed consent, which you may withdraw at any time. |
| Bluetooth, Location - Hardware operation via Bluetooth |
Performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Required for device functionality and connection stability; legitimate interests include maintaining secure and efficient service operation. |
| Camera - Capturing images to attach to events/messages |
Consent (Art. 6(1)(a))
Camera access occurs only when you grant permission for a specific purpose. |
| Contacts - Selecting recipients from your contacts |
Consent (Art. 6(1)(a))
You explicitly consent to access your contacts and confirm you are entitled to share their data. |
| Notifications - Push notifications (alerts, delivery status, safety) |
Performance of a contract (Art. 6(1)(b)) and/or consent (Art. 6(1)(a))
Used to deliver relevant alerts as part of the service or when you opt in for specific notifications. |
| Technical logs, identifiers, metrics - Support, security, fraud prevention, service improvement |
Legitimate interests (Art. 6(1)(f))
Processing is necessary to monitor, maintain, and improve system security and reliability. |
Where the legal basis is consent, you can manage it in the app or OS settings and withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
(*) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
We only retain your personal data for the period strictly necessary to fulfill the purposes identified above, within legal limits. Once the defined retention period has ended, SIMPLYCONNECTED Lda. commits to delete, destroy, or anonymize your personal data. Note that data necessary for billing will be kept for a period of 10 years; otherwise, the data will only be deleted upon request.
You may request additional information regarding the retention periods of your personal data, through communication to the email address.
We implement appropriate technical and organizational measures, including encryption in transit and at rest where applicable, logical segregation, access controls, audit logging and monitoring, backups, and regular security testing. However, no system is 100% secure; please use the app responsibly (e.g., strong passwords).
Our backend operates on a single AWS EC2 instance, benefiting from the security measures AWS provides, such as protected data centers, network safeguards, and monitoring. These protections form part of our overall security framework, complemented by our own access controls and operational practices to ensure GDPR-compliant handling of personal data. We also rely on external service providers—including AWS, satellite operators, and map providers—to deliver certain technical functionalities. These providers may process limited data as part of providing their services and do so in line with their own published privacy commitments and GDPR requirements.
Under the GDPR, you have the rights of access, rectification, erasure, restriction, portability, and objection, as well as the right to withdraw consent where applicable.
SIMPLYCONNECTED Lda. is the data controller for the purposes of the GDPR. To exercise any of your rights, you may contact us at info@connected.space. You also have the right to lodge a complaint with your local data protection authority, such as the CNPD in Portugal.
We may update this Policy to reflect legal or operational changes. We will publish the updated version with the new “Last updated” date. Where appropriate, we will provide additional notice in the app/website.
For privacy questions, rights requests, or additional information:
SIMPLYCONNECTED Lda.
E-mail: info@connected.space
Address: IPN, Edifício C, Rua Pedro Nunes 3030-199 Coimbra - Portugal