Privacy Policy

Beta Version - Last Updated: February 3, 2026

Your Privacy Matters

Key Points:

Your data is isolated - only you and the platform administrator can access it
We never share your data with third parties
We don't send marketing emails or track your location
Your SMTP/SMS credentials are encrypted and used only for your notifications
You can export or delete your data at any time

1. Introduction

Dead Man's Switch ("we", "our", "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address - For account login and notifications
Password - Stored as a secure hash (bcrypt)
Username - Optional, auto-generated from email if not provided
Phone number - Optional, for SMS notifications to you

2.2 Emergency Contact Information

You provide information about your emergency contacts:

Full name - Legal name of contact
Nickname - Friendly name for personalized emails
Email address - Required for all contacts
Phone number - Optional, for SMS notifications
Role - Optional description (e.g., "Mother", "Best Friend")

Important: By adding emergency contacts, you confirm that you have informed them that their name and contact details will be stored by this Service and that they may receive notifications on your behalf. Emergency contacts may request removal of their information by contacting the platform administrator.

2.3 Service Configuration

You configure your monitoring system with:

Check-in schedule - Daily/weekly times or intervals
Grace period - Buffer time before notifications
Timezone - For accurate deadline calculations
Pause status - Whether monitoring is active

2.4 Third-Party Service Credentials

You provide credentials for notification delivery:

SMTP credentials - Email provider login (encrypted)
Twilio credentials - Optional, for SMS (encrypted)

2.5 Usage Data

We automatically collect:

Check-in timestamps - When you check in
IP addresses - For security and audit purposes
User agent, browser, and device type - Browser/device information including PWA detection; analyzed in aggregate by the platform administrator for compatibility and support purposes
Email logs - Success/failure of notification attempts
Push subscriptions - Device endpoint, encryption keys, and user agent (if push notifications enabled)
Rate limiting - IP address and user agent of blocked requests (login, password reset) for abuse prevention

3. How We Use Your Information

3.1 Core Service Functionality

We use your information to:

Monitor your check-ins according to your schedule
Send notifications to your emergency contacts when overdue
Send reminder notifications to you before deadlines
Calculate deadlines based on your timezone
Maintain your account and settings

3.2 SMTP/SMS Credentials

Your email and SMS credentials are used exclusively to:

Send notifications from your email address
Send SMS messages via your Twilio account

We never:

Access your personal email inbox
Send emails/SMS not related to Dead Man's Switch notifications
Share your credentials with third parties
Use your credentials for any other purpose

3.3 Security and Audit

We use IP addresses and check-in logs to:

Detect unauthorized account access
Provide an audit trail of your check-in history
Troubleshoot technical issues

4. Data Storage and Security

4.1 Where Data is Stored

Your data is stored in:

Database: Supabase (PostgreSQL) - cloud-hosted
Location: Canada/US data centers
Isolation: Multi-tenant architecture with data isolation between users

The platform administrator has access to user accounts, check-in history, and contact information for operational and support purposes.

4.2 Security Measures

We protect your data with:

Encryption in transit: SSL/TLS for all connections
Encryption at rest: Sensitive credentials encrypted in database
Password hashing: Bcrypt with 10 rounds (industry standard)
JWT authentication: Secure token-based access
Database security: Row-level security policies enabled

4.3 Data Retention

Data Type	Retention Period
Account information	Until account deletion
Emergency contacts	Until removed or account deletion
Check-in history	Indefinitely (prunable by user)
Email logs	90 days (automatic cleanup)
Notification queue	7 days after delivery (automatic cleanup)

Database backups: Automated weekly backups of the database are generated and emailed to the platform administrator for disaster recovery purposes. These backups may contain your data even after account deletion, and are retained at the administrator's discretion.

5. Data Sharing and Third Parties

5.1 We DO NOT Share Your Data

Your data is never shared with third parties for marketing, analytics, or any other purpose.

5.2 Third-Party Services We Use

The Service relies on these third-party services to operate:

Heroku (Salesforce) - Application hosting; all requests and data pass through their infrastructure
Supabase - Database hosting (PostgreSQL) and real-time WebSocket connections
Cloudflare - DNS, SSL/TLS encryption, CDN, and DDoS protection; all web traffic is proxied through Cloudflare
Firebase Cloud Messaging (Google) - Delivers push notifications to your devices (if enabled)
Your email provider - Sends emails via your SMTP credentials
Twilio - Sends SMS via your Twilio account (if configured)

These services process data only as necessary to deliver the Service functionality. None of these services have access to your stored data; they handle data only in transit.

5.3 Emergency Contact Data

We process emergency contact information (name, email, phone) provided by you for the purpose of delivering safety notifications. This processing is based on the legitimate interest of ensuring your personal safety — the core function of this Service. Emergency contacts will only be contacted if you miss your check-in deadlines and grace period. Contacts who wish to have their information removed may contact the platform administrator or ask the user who added them to remove their details.

5.4 Legal Requirements

We may disclose your information if required by law, such as:

In response to a valid court order or subpoena
To comply with legal obligations
To protect our rights or safety

6. Your Rights and Choices

6.1 Access Your Data

You can access all your data via:

Dashboard: View status, settings, contacts
Admin Panel: View check-in history, detailed logs
Data Export: You can delete your account at any time; a data export is provided automatically.

6.2 Modify Your Data

You can modify your data at any time:

Account Settings: Update email, username, phone, password
Contacts: Add, edit, or delete emergency contacts
Settings: Change schedule, grace period, timezone
SMTP/SMS: Update or remove service credentials

6.3 Delete Your Data

You can delete your account at any time through self-service deletion:

Go to Admin Panel → Account Tab → Delete Account
Confirm with your password
A copy of all your data will be emailed to you as a JSON export
Your account and all associated data will be immediately and permanently deleted
Includes: account, contacts, check-ins, logs, settings, push subscriptions
This action cannot be undone

6.4 Pause the Service

You can pause monitoring without deleting your account:

Click "Pause Check-Ins" on dashboard
No monitoring or notifications while paused
Resume anytime by clicking "Resume Check-Ins"

7. Cookies and Tracking

7.1 Cookies We Use

We use minimal cookies/localStorage for:

Authentication: JWT token stored in secure httpOnly cookie (inaccessible to JavaScript for XSS protection)
Dark mode: User preference stored in localStorage

7.2 What We DON'T Track

We do not use:

Google Analytics or similar analytics services
Marketing cookies or tracking pixels
Social media tracking
Location tracking
Behavioral advertising

8. Children's Privacy

Dead Man's Switch is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you are under 18, please do not use this Service.

9. Data Breach Notification

In the event of a data breach affecting your personal information:

We will notify affected users within 72 hours of becoming aware of the breach
Notification will be sent to your registered email address
We will provide details about the nature and scope of the breach, the data affected, and steps you can take to protect yourself
We will report the breach to relevant privacy authorities where required by applicable law (e.g., the Office of the Privacy Commissioner of Canada)

10. International Users

Your data is stored in Canada/US data centers. By using the Service, you consent to the transfer and processing of your data in these jurisdictions.

11. Beta Testing Specifics

During the beta testing period:

We may collect additional feedback data to improve the Service
We may review anonymized usage patterns to identify bugs
Your privacy rights remain the same as described above
If we need to reset data during beta, we will notify you first

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Canada, without regard to its conflict of law provisions. This is consistent with our Terms of Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

If we make significant changes, we will notify you via:

Email to your registered email address
Prominent notice on the dashboard

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact our privacy representative at:

Email: deadmansswitch35@gmail.com

Subject: Privacy Policy Question

We aim to respond to all privacy inquiries within 30 days.

15. Your Consent

By using Dead Man's Switch, you consent to this Privacy Policy and our collection, use, and storage of your information as described above.