Privacy Policy

1. Introduction

Welcome to Are You Alive? ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website at areualive.app (collectively, the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

• Register for an account (email address, display name)
• Complete your profile (bio, avatar image)
• Add emergency contacts (email addresses)
• Connect with friends
• Contact us with inquiries

2.2 Information Automatically Collected

When you use our Service, we automatically collect:

• Check-in timestamps and history
• Device information (device type, operating system)
• App usage data (features used, session duration)
• Push notification tokens (for sending notifications)

2.3 Contact Information (Hashed)

If you grant permission, we may access your device contacts to help you find friends who also use Are You Alive?. We only store cryptographic hashes (SHA-256) of phone numbers, not the actual phone numbers. This means we cannot read or expose your contacts' real phone numbers.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process check-ins, display friend statuses, send notifications
• Safety Alerts: Send emergency notifications to your designated contacts when you miss check-ins
• Friend Recommendations: Suggest friends based on mutual connections (when you opt in)
• Improve the Service: Analyze usage patterns to enhance features
• Communicate: Send important updates about your account or the Service
• Security: Detect and prevent fraud, unauthorized access, and other malicious activities

4. Information Sharing

We share your information only in the following circumstances:

• With Friends: Your display name, avatar, bio, and check-in status are visible to users you've accepted as friends
• Emergency Contacts: If you miss check-ins for your configured duration (1-3 days), we send email notifications to your designated emergency contacts
• Service Providers: We may share data with third-party vendors who assist in operating our Service (e.g., cloud hosting, email delivery)
• Legal Requirements: We may disclose information if required by law or to protect our rights

We do not sell your personal information to third parties.

5. Data Storage and Security

Your data is stored on secure servers with industry-standard encryption. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. If you delete your account, we will delete your personal information within 30 days, except as required by law.

Check-in history is retained for up to 365 days to calculate streaks and provide historical data.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Withdraw consent for data processing
• Data portability (receive your data in a structured format)
• Object to processing of your personal information

To exercise these rights, please contact us at [email protected].

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

11. The Philosophy of Our Data Collection

In the modern digital economy, data is often treated as an asset to be harvested, packaged, and sold. At **Are You Alive?**, we treat your data as a liability—something that must be minimized, protected, and eventually destroyed. Our architecture is designed around "Data Minimalism." If we don't need a piece of information to keep you safe, we don't ask for it.

This is why we have made the decision to operate without continuous background GPS tracking. While other safety apps build detailed maps of your movements, we only care about your *presence* and your *intent*. A manual check-in is a far more powerful and private signal of well-being than a silent GPS coordinate.

11.1 The "Presence" Metric

Our core metric is "Presence." When you tap the heart icon, you are asserting your agency and confirming your wellness. This data point is stored with a high-precision timestamp. We use this to calculate your safety status:

• **Active:** You have checked in within your designated timeframe.
• **Pending:** Your check-in window is approaching.
• **Overdue:** You have missed your designated window, but the escalation delay has not yet expired.
• **Alerted:** The escalation delay has expired, and your contacts have been notified.

11.2 Why We Hash Contact Data

When you grant us access to your contacts (optional), we don't upload your address book to our servers. Instead, we use a process called "One-Way Hashing." We take each phone number and convert it into a unique, irreversible string of characters using the SHA-256 algorithm.

If an attacker ever gained access to our database, they wouldn't see phone numbers. They would see random strings that are useless for marketing or surveillance. This allows us to find your friends on the platform without ever knowing who your friends actually are in the real world.

12. Detailed Data Processing Activities

To be fully transparent, here is a list of exactly how we process your information:

12.1 Account Authentication

We use industrial-grade authentication providers to manage your login. This ensures that your password never touches our servers and is handled by experts in identity security.

12.2 Notification Routing

To send you reminders, we use push notification tokens. These tokens are unique identifiers provided by your device's operating system (iOS or Android). They allow us to send a message to *your* device specifically, without knowing your device's hardware ID or location.

12.3 Email Delivery

When an alert is triggered, our system generates an automated email. This email contains your display name and a link to your status page. We use specialized email service providers to ensure these critical messages reach your contacts' inboxes and don't get lost in spam filters.

13. Your Rights Under Global Regulations

13.1 General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have specific rights under the GDPR. We act as a **Data Controller** for your personal information. This means we determine the purposes and means of processing your data.

Our legal basis for processing your data is primarily **Contractual Necessity** (to provide the safety service you've requested) and **Legitimate Interest** (to improve our service and prevent fraud).

13.2 California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you have the right to:

• **Know:** What categories of personal information we collect and how we use them.
• **Delete:** Request that we delete your personal information.
• **Opt-Out:** Since we do not sell data, there is no "sale" to opt out of, but you have the right to be informed of our data-sharing practices.
• **Non-Discrimination:** We will never provide a lower quality of service if you choose to exercise your privacy rights.

14. Data Retention and Destruction

We don't believe in "forever" storage. Data has a shelf life, and we are committed to purging it once it is no longer useful for your safety.

• **Inactive Accounts:** If you haven't used the app in 12 months, we will send you a notification. If you remain inactive for another 3 months, we will permanently delete your account and all associated data.
• **Interaction Logs:** Server logs and interaction data are automatically purged after 90 days.
• **Deleted Data:** When you delete a contact or a friend, that connection is removed from our active database immediately and purged from all backups within 30 days.

15. Contacting Our Data Protection Officer (DPO)

We have appointed a dedicated team to oversea our privacy practices. If you have specific questions about our compliance or wish to escalate a privacy concern, please contact our Data Protection Officer at **[email protected]**.