Privacy Policy
Last Updated: December 2025
Table of Contents
1. Introduction
WalkHer ("we," "our," or "us") is a safety-focused mobile application designed to connect women for safe walking companionship. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using WalkHer, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.
2. Data Controller Information
Data Controller: WalkHer Ltd
Address: 282 Franciscan Road, London SW17 8HF
Email: mgmt@walkherapp.com
3. Data We Collect
3.1 Account Registration Data
| Data Type | Required | Purpose |
|---|---|---|
| Email address | Yes | Account creation, communications |
| Username | Yes | Profile identification |
| Password | Yes | Account security (stored as hash) |
| Full name | Yes | Personalization, verification |
| Phone number | Yes | SMS verification, 2FA, emergency contact |
| Date of birth | Yes | Age verification (18+) |
| Profile photo | After verification | Profile identification |
3.2 Identity Verification Documents
To ensure the safety of our female-only community, we require identity verification through our partner Ondato:
- Passport - Full name, DOB, nationality, gender, document number, expiry date
- Selfie/facial photograph - Facial matching with passport
Important: Identity verification documents and biometric data are NOT stored by WalkHer - they are processed and retained solely by our verification partner Ondato.
3.3 Payment Information
Payment processing is handled securely through Stripe. We store only card brand, last 4 digits, expiry date, and cardholder name. Full card numbers are never stored on our servers.
3.4 Location Data
Location data is essential for our core matching and safety features:
- Current GPS coordinates for trip matching
- Meeting point and destination for trip coordination
- Real-time location updates for location sharing sessions
- Safety alert location for emergency response
3.5 Communication Data
Important: Direct messages, trip chat, and location sharing messages are volatile and are not permanently stored on our servers. Messages exist only during the active session and are not retrievable after the session ends.
4. How We Use Your Data
4.1 Core Service Delivery
- Creating and managing your account
- Verifying your identity and gender for community safety
- Processing subscription payments
- Matching you with nearby walking companions
- Enabling real-time location sharing
- Facilitating in-app communication
4.2 Safety & Security
- Operating safety mode and SOS features
- Notifying emergency contacts during alerts
- Detecting and preventing fraud
- Enforcing community guidelines
5. Legal Basis for Processing
Under GDPR, we process your data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Account creation & management | Contract performance |
| Payment processing | Contract performance |
| Identity verification | Legitimate interest (safety) |
| Biometric processing | Explicit consent |
| Safety mode & SOS | Vital interests |
| Marketing communications | Consent |
6. Third-Party Service Providers
We share your data with the following third-party processors:
Stripe (Payment Processing)
Full card details, billing address, transaction history
Ondato (Identity Verification)
ID document images, selfie/facial photo, gender information
Expo (Push Notifications)
Push notification token, notification content
Twilio (SMS Services)
Phone number, SMS content for verification codes and alerts
Google Maps (Geocoding)
GPS coordinates for address lookup
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion (anonymized) |
| Identity verification documents | Not stored by WalkHer (retained by Ondato) |
| Payment records | 7 years (legal requirements) |
| Messages (direct, trip, location) | Not stored (volatile) |
| Trip & location data | 7 years (legal compliance) |
| Safety alerts | 1 year |
8. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access (Art. 15) - Request a copy of all personal data we hold about you
- Right to Rectification (Art. 16) - Request correction of inaccurate personal data
- Right to Erasure (Art. 17) - Request deletion of your personal data
- Right to Restrict Processing (Art. 18) - Request restriction of processing in certain circumstances
- Right to Data Portability (Art. 20) - Receive your data in a structured, machine-readable format
- Right to Object (Art. 21) - Object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7) - Withdraw consent at any time
Response Time: We will respond to your request within 30 days.
Right to Lodge a Complaint: UK Information Commissioner's Office (ICO) - ico.org.uk
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.3 for all connections |
| Encryption at rest | AES-256 for sensitive data |
| Password security | Bcrypt hashing with salt |
| API security | JWT tokens, rate limiting |
Breach Notification: In the event of a data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay if high risk.
10. International Data Transfers
Your data may be transferred outside the European Economic Area (EEA). All transfers are protected by EU-US Data Privacy Framework certification or Standard Contractual Clauses (SCCs).
11. Children's Privacy
WalkHer is intended for users 18 years of age and older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email notification, in-app notification, or notice on our website. Continued use after changes constitutes acceptance of the updated terms.
13. Contact Us
For any questions about this Privacy Policy or to exercise your data rights:
WalkHer Ltd
282 Franciscan Road, London SW17 8HF
Email: mgmt@walkherapp.com
For complaints:
UK Information Commissioner's Office: ico.org.uk
Phone: 0303 123 1113
Document Version: 1.0 | Last Updated: December 2025