Estia Legal Policy and Privacy Policy

Application: Estia mobile application and Estia online management dashboard
Last updated: 11 May 2026
Operator: Marios Messios
Registered address: United States
Contact email: info@studio3dx.com
Privacy contact: info+privacy@studio3dx.com

These policies describe how Estia is intended to be used for community coordination, municipal communication, emergency response coordination, public announcements, help requests, volunteer participation, reporting, alerts, local information and related civic functions. Municipalities, councils, public bodies and other deployers should ensure that their use complies with applicable law and seek professional advice where required.

---

Part B — Estia Privacy Policy

1. Introduction

This Privacy Policy explains how Estia collects, uses, stores, shares and protects personal data when you use the Estia mobile application, Estia online management dashboard, Estia website or related services.

Estia is designed for community coordination, municipal communication, emergency coordination, help requests, volunteer participation, public announcements, alerts, reporting, local information and related civic functions.

This Privacy Policy applies to:

1. members of the public using the Estia mobile application;
2. people submitting help requests or reports;
3. volunteers and verified volunteers;
4. Council staff and dashboard administrators;
5. users receiving alerts, announcements or notifications;
6. visitors to Estia websites or public pages;
7. business contacts and Council representatives communicating with Estia.

2. Who is responsible for your personal data?

The responsible party depends on how Estia is being used.

2.1 Estia as independent controller

Marios Messios is the controller for personal data processed for Estia’s own purposes, including:

1. operating and securing the Application;
2. managing registered accounts controlled directly by Estia;
3. responding to support requests sent to Estia;
4. managing Estia business communications;
5. improving the Application;
6. preventing misuse, fraud, abuse and security incidents;
7. maintaining legal, accounting and contractual records;
8. managing Estia’s own website, analytics and communications.

2.2 Councils and subscribers as controllers

Where a Council or other Subscriber uses Estia for its community, municipal, administrative, emergency, public-interest or local communication functions, that Council or Subscriber may be the controller for personal data processed in that deployment.

This may include personal data in help requests, reports, volunteer approvals, local announcements, alerts, case management, public submissions and dashboard records.

In those cases, Estia may process personal data on behalf of the Council or Subscriber as a processor, under a separate agreement.

2.3 Joint or separate roles

Some features may involve both Estia and the Council processing data for different purposes. For example, a Council may control the handling of a local help request, while Estia separately controls technical logs needed to protect the security of the Application.

Where required, additional privacy information may be provided by the relevant Council, public body or Subscriber.

3. Personal data we collect

Depending on how you use Estia, we may collect the following categories of personal data.

3.1 Account data

This may include name, email address, phone number, password or authentication data, profile image, preferred language, account role, volunteer status, verification status, Council affiliation, organisation, position and user settings.

3.2 Help request and report data

This may include the details you submit in a help request, report, incident, assistance request, comment, form, message, image, video, voice note, document or other submission.

This may include location, description of need, requested supplies, household information, accessibility needs, urgency level, contact details and other information you choose to provide.

3.3 Volunteer data

This may include contact details, location or service area, availability, skills, categories of help offered, languages, profile description, identification or verification information, approval status, history of actions, assigned requests, ratings, notes, restrictions or communications.

3.4 Council and administrator data

This may include name, email address, role, department, Council or organisation, dashboard permissions, login records, actions taken in the dashboard, approval decisions, moderation history, published announcements and audit logs.

3.5 Location data

Estia may collect approximate or precise location data where you choose to provide it, where the feature requires it, or where your device permissions allow it. This may be used to route requests, show local alerts, identify relevant Councils, display nearby assistance, support maps or improve coordination.

You can control device location permissions through your device settings.

3.6 Device, technical and usage data

This may include IP address, device type, operating system, app version, browser type, language, time zone, identifiers, crash logs, diagnostic data, security logs, pages or screens viewed, actions taken, notification delivery data and similar technical information.

3.7 Communications data

This may include emails, support messages, in-app messages, notifications, call notes, feedback, complaints, queries and other communications with Estia, Councils, administrators or volunteers through the Application.

3.8 Optional sensitive or special-category data

Some help requests or emergency-related features may involve information that is sensitive, such as health information, disability or accessibility needs, vulnerability, household risk, emergency circumstances or information about children.

You should only provide sensitive information where it is necessary for the purpose of the request or feature. Estia and Councils should process such information only where a valid legal basis and appropriate safeguards apply.

4. How we collect personal data

We collect personal data:

1. directly from you when you submit information through Estia;
2. from registered users, volunteers, Council staff and administrators;
3. from your device when you use the Application;
4. from Councils, Subscribers or administrators who manage an Estia deployment;
5. from other users where they submit Content involving you;
6. from third-party services integrated with Estia, such as authentication, maps, notifications, app stores, hosting, support tools or analytics services;
7. from public or official sources where necessary for verification, safety, legal or operational purposes.

5. Why we use personal data

We may use personal data for the following purposes.

5.1 To provide Estia

We use personal data to operate the Application, create and manage accounts, route help requests, display local information, manage volunteers, publish announcements, send alerts, support dashboard functions and provide the services requested by users and Councils.

5.2 To process help requests and reports

We use personal data to receive, review, approve, route, assign, respond to, moderate, display, update and close help requests, reports, incidents and related submissions.

5.3 To manage volunteers

We use personal data to create volunteer profiles, verify volunteers, manage approval status, display volunteer offerings where applicable, assign or coordinate help, prevent misuse and protect community safety.

5.4 To support Councils and administrators

We use personal data to provide dashboard access, manage roles and permissions, record administrative actions, support moderation, publish announcements, send notifications and provide reporting or analytics to authorised Councils.

5.5 To send alerts and notifications

We may use personal data to send push notifications, emails, SMS messages or in-app notifications about alerts, announcements, help requests, account activity, volunteer actions, safety information or service updates.

5.6 To protect safety, security and integrity

We use personal data to prevent abuse, investigate misuse, detect false reports, protect users, secure the Application, monitor suspicious activity, maintain logs, enforce Terms and respond to incidents.

5.7 To improve Estia

We may use usage, diagnostic and analytics data to understand how Estia is used, identify errors, improve features, test performance, support product development and improve user experience.

Where possible, we use aggregated or anonymised data for improvement and reporting.

5.8 To comply with law and legal obligations

We may use personal data to comply with legal obligations, court orders, public authority requests, accounting rules, audit obligations, data protection requests, security requirements and dispute handling.

6. Legal bases for processing

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases.

Purpose	Possible legal basis
Creating and managing user accounts	Contract; legitimate interests
Operating the Application	Contract; legitimate interests; public task where controlled by a public body
Processing help requests and reports	Public task; vital interests in emergency contexts; legitimate interests; consent where applicable
Volunteer registration and verification	Contract; legitimate interests; public task where managed by a Council; consent where applicable
Sending service notifications	Contract; legitimate interests; public task; consent for optional notifications where required
Emergency or safety-related processing	Vital interests; public task; legitimate interests; legal obligation where applicable
Council dashboard administration	Contract; legitimate interests; public task
Security, fraud and abuse prevention	Legitimate interests; legal obligation
Analytics and service improvement	Legitimate interests for necessary analytics; consent for non-essential tracking where required
Marketing communications to Council or business contacts	Consent or legitimate interests, depending on applicable law
Legal compliance and dispute handling	Legal obligation; legitimate interests
Cookies and similar technologies	Consent for non-essential cookies; legitimate interests or necessity for strictly necessary technologies

Where a Council is the controller, the Council is responsible for confirming the legal basis for its processing activities. Estia may process the data under the Council’s documented instructions.

7. Public visibility of Content

Some Content submitted through Estia may be visible to other people. This may include public reports, public announcements, published requests, comments, volunteer profile information, map markers, event details, alerts or other content depending on the feature and settings.

You should assume that any Content marked as public, submitted to a public area, or approved for publication may be seen by other users, Councils, administrators, volunteers, search engines or members of the public.

Do not include unnecessary personal data, sensitive data, information about children, identity documents, medical details, financial details, private addresses, telephone numbers or personal data about third parties in public submissions.

Where appropriate, Estia or administrators may redact, hide, anonymise or remove personal information from public Content.

8. Sharing personal data

We may share personal data with:

1. the relevant Council, Subscriber, public body or organisation responsible for the local deployment;
2. authorised administrators and Council staff;
3. verified volunteers, where necessary to coordinate help or respond to requests;
4. emergency services, competent authorities or public bodies where necessary or legally required;
5. service providers that help us operate Estia, such as hosting, database, cloud infrastructure, email, SMS, push notification, maps, analytics, security, support and monitoring providers;
6. professional advisers, insurers, auditors, lawyers or accountants;
7. courts, regulators, law enforcement bodies or public authorities where required by law or necessary to protect rights, safety or security;
8. another organisation in connection with a merger, restructuring, acquisition, financing, sale of assets or similar transaction, subject to appropriate safeguards.

We do not sell personal data.

9. Subprocessors and service providers

Estia uses trusted service providers to host, secure and operate the Application. These providers may process personal data only as necessary to provide their services to us and subject to appropriate contractual obligations.

A current list of key subprocessors should be maintained separately and may include:

Provider	Purpose	Location / region	Notes
[Insert hosting provider, e.g. AWS]	Hosting, infrastructure, storage, backups	[Insert region]	[Insert details]
[Insert database provider]	Database hosting	[Insert region]	[Insert details]
[Insert map provider, e.g. Mapbox/Google Maps]	Maps and geolocation features	[Insert region]	[Insert details]
[Insert email provider]	Service emails	[Insert region]	[Insert details]
[Insert push notification provider]	Mobile notifications	[Insert region]	[Insert details]
[Insert analytics provider]	Analytics and diagnostics	[Insert region]	Consent may be required for non-essential tracking
[Insert support provider]	Support and helpdesk	[Insert region]	[Insert details]

Complete and update this table as subprocessors are confirmed.

10. International transfers

Where personal data is transferred outside the European Economic Area, the United Kingdom or another jurisdiction with applicable data protection restrictions, we will use appropriate safeguards where required. These may include adequacy decisions, standard contractual clauses, transfer risk assessments, data processing agreements or other lawful transfer mechanisms.

Where a Council is the controller, the Council may have additional requirements for international transfers under its own policies or applicable law.

11. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required by law, public authority requirements, legal claims, audit obligations or Council retention rules.

Recommended retention periods for Estia are:

Data category	Recommended retention period
User account data	Until account closure, then delete or anonymise within 30–90 days unless retention is required
Inactive registered accounts	Review after 24 months of inactivity
Help requests and reports	Keep while active; after closure, delete, anonymise or retain according to Council rules and public-interest needs
Public reports or announcements	Keep while relevant; review periodically; redact or anonymise personal data where possible
Volunteer profiles	Until volunteer account closure or removal; then delete or anonymise within 30–90 days unless retention is required
Volunteer verification records	Keep while volunteer is active; retain limited records for up to 24 months after removal where needed for safety or dispute handling
Dashboard administrator accounts	Until access ends; retain audit records separately as needed
Security and access logs	30–90 days, unless required for investigation or legal purposes
Audit logs	Up to 12 months, unless required for legal, Council or security purposes
Support communications	Up to 24 months after closure
Analytics event data	Up to 14 months, unless anonymised or aggregated
Cookie consent records	Up to 13 months or as required by applicable law
Legal, contract and billing records	Up to 6 years or as required by law
Backups	Rolling backup period, normally 35–90 days

The final retention schedule should be confirmed with the relevant legal adviser and Council obligations.

12. Deletion, anonymisation and public-interest records

Where deletion is requested, we may delete, anonymise, restrict or redact personal data, depending on the circumstances.

Some information may need to be retained where required for public safety, audit, legal claims, Council records, abuse prevention, security, investigation, financial records or compliance with law.

Where public Content must remain available for transparency, continuity, public-interest, emergency coordination or Council record purposes, we may remove or anonymise identifying information instead of deleting the entire record.

13. Your rights

Depending on your location and applicable law, you may have rights to:

1. access your personal data;
2. correct inaccurate personal data;
3. request deletion of personal data;
4. restrict processing;
5. object to processing;
6. withdraw consent where processing is based on consent;
7. request data portability;
8. lodge a complaint with a data protection authority.

You may exercise your rights by contacting info+privacy@studio3dx.com.

Where your request relates to data controlled by a Council or Subscriber, we may forward your request to the relevant Council or ask you to contact them directly. We will assist the Council where Estia acts as processor.

We may need to verify your identity before responding. We aim to respond within one month where GDPR applies, unless an extension is permitted by law.

14. Cookies and similar technologies

Estia websites, public pages and web dashboards may use cookies, local storage, pixels, SDKs or similar technologies.

We use strictly necessary technologies to operate the service, maintain security, remember settings and provide core functions.

Where required by law, analytics, advertising, marketing or other non-essential technologies will only be used with consent. Users should be able to change or withdraw consent through cookie settings or the relevant consent interface.

A separate Cookie Policy or cookie register should identify the specific cookies and similar technologies used by Estia.

15. Push notifications

Estia may send push notifications or similar alerts about local announcements, active alerts, help requests, volunteer activity, events, account updates or service information.

You can control push notification permissions through your device settings. Some critical service messages may still be shown inside the Application.

16. Security

We use appropriate technical and organisational measures designed to protect personal data. These may include encryption in transit, access controls, authentication, role-based permissions, audit logs, secure hosting, backups, monitoring, vulnerability management, staff access controls and supplier oversight.

No system is completely secure. Users should use strong passwords, keep devices secure, avoid sharing login details and report suspected misuse or security issues promptly.

Security concerns may be reported to info@studio3dx.com.

17. Personal data breaches

If a personal data breach occurs, we will assess the incident and take appropriate action. Where legally required, we will notify the relevant controller, supervisory authority or affected individuals.

Where Estia acts as processor for a Council, we will notify the Council in accordance with the applicable data processing agreement.

18. Children and vulnerable persons

Estia is not designed to encourage children to publish personal data publicly. Where children or vulnerable persons use Estia, a parent, guardian, responsible adult, Council or competent authority should supervise use where appropriate.

Users should avoid posting images, names, addresses, school information, medical information or other identifying details of children or vulnerable persons unless strictly necessary and lawful.

Where a specific Estia deployment is intended for children, schools, youth groups or vulnerable persons, additional safeguards and notices should be provided.

19. Automated decision-making

Estia does not currently make decisions with legal or similarly significant effects based solely on automated processing.

Estia may use automated rules, filters, prioritisation, routing, fraud detection, notification triggers or risk flags to support moderation, request routing, security or operational workflows. Human administrators may review decisions where appropriate.

20. Analytics and aggregated data

We may use analytics to understand usage, performance, feature adoption, incidents, errors and overall community activity.

Where possible, analytics are aggregated or anonymised. Aggregated or anonymised information that cannot reasonably identify a person may be used for reporting, product improvement, Council dashboards, public statistics, funding reports or research.

21. App stores and device platforms

Where you download Estia from an app store, the app store provider may process personal data independently under its own terms and privacy policy. Device operating systems may also process data such as crash logs, installation data or notification settings.

We are not responsible for the privacy practices of app stores, operating system providers or device manufacturers.

22. Links to other websites

Estia may contain links to websites or services operated by Councils, public bodies, emergency services, charities, volunteer groups, map providers, social media platforms or third parties.

This Privacy Policy does not apply to third-party websites or services. You should review their privacy policies before using them.

23. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be made available in the Application or on the Estia website.

Where changes are material, we may notify users, Councils or administrators through appropriate means.

24. Complaints

You may contact us at info+privacy@studio3dx.com if you have questions or concerns about privacy.

If you are in the European Union, you may also have the right to complain to your local data protection authority. In Cyprus, the competent authority is the Office of the Commissioner for Personal Data Protection.

Where your data is controlled by a Council or Subscriber, you may also contact that Council or Subscriber directly.

25. Contact details

Estia operator: Marios Messios
Address: United States
General contact: info@studio3dx.com
Privacy contact: info+privacy@studio3dx.com
Security contact: info@studio3dx.com

---

Part C — Additional Recommended Notices for the Estia App UI

1. Short notice before submitting a help request

Before you submit, please make sure the information is accurate. Do not include unnecessary personal details, medical information, identity documents, financial information or information about other people unless it is needed for your request. Submitting a request through Estia does not replace calling emergency services.

2. Short notice before uploading a photo

Photos may reveal personal information such as faces, addresses, vehicle plates or private property. Please upload only what is necessary and avoid showing children or other people unless required.

3. Short notice for public posts

This content may be visible to other users or the public. Do not publish private information about yourself or anyone else.

4. Volunteer disclaimer

Verified volunteers are community participants whose access has been reviewed for use of Estia. Verification does not guarantee professional qualifications, availability, insurance, suitability or authority to act on behalf of Estia, a Council or emergency services.

5. Emergency disclaimer

Estia is a coordination and communication tool. It does not replace official emergency numbers, emergency services, police, fire services, ambulance services, civil defence or competent authorities. In an emergency, call the official emergency number immediately.