Privacy Policy

Effective date: 2026-06-14 · Last updated: 2026-06-14

1. Who we are

IWasKidnapped.com ("the App", "we", "us") is a personal-safety application for adults in the United States. When you trigger an emergency alert, the App sends information you have set up to the emergency contacts you have chosen. This policy explains what we collect, why, how long we keep it, who receives it, and your choices.

2. Summary (plain language)

• We do not collect your audio, photos, or live location until you trigger an alert.
• When you trigger an alert, that data is sent only to the emergency contacts you chose.
• Some account and security data (email, IP address) is collected so the App can work and stay secure.
• Your PINs never leave your device. Your password is stored only as a secure hash.
• All data is encrypted in transit. We do not sell your data and do not share it with advertisers.
• You can delete your account and request deletion of your data at any time.

3. Data we collect

3.1 Account data

• Email address — to create and manage your account. Required.
• Password — stored only as a secure hash (bcrypt) on our server. We never see your plain password.
• PIN codes — your normal and panic PINs are hashed on your device and stored only in the device secure storage. They are never sent to our servers.

3.2 Content you add

• Files you upload (e.g. ID or passport scans) — stored so they can be sent to your emergency contacts if you trigger an alert. Optional.
• Emergency contacts — the email address (required) and optional name, relationship, and phone number of each contact you add. Optional.

3.3 Data collected only during an alert

When (and only when) you trigger an alert — by entering your panic PIN, by repeated wrong PIN entries, or by an automatic dead-man-switch — the App may collect:

• Audio recording (about 30 seconds).
• Photos from the front and back camera (if you granted camera permission).
• Precise and approximate location, updated about every 10 minutes during the alert.
• Device battery level and online status.

Audio, photos, and camera require the relevant device permissions; if you do not grant them, that data is simply not collected.

3.4 Optional tracking outside an alert

• Location history — collected outside of an alert only if you turn on "location history" (off by default).
• Battery history — collected outside of an alert only if you turn on "battery history" (off by default).

3.5 Security and diagnostic data

• IP address — recorded at key account events (registration, login, session refresh, alert activation) for security and fraud prevention. Always collected for those events.
• IP address at routine check-ins — recorded only while the "IP history" setting is on (on by default; you can turn it off). During an active alert it is always recorded.
• Push token — if you enable notifications, so we can notify you about your alert. Optional.
• Crash / error diagnostics — only if you opt in. These are anonymous (tied to a random install ID, not to your account); email, user ID, files, and PINs are excluded.

We do not collect: payment card numbers (subscriptions are handled by the app store), government ID numbers as identifiers, face-recognition biometrics, or the contact list from your phone.

4. Who we share data with

• Your emergency contacts — when you trigger an alert, we email the contacts you chose. The message can include your uploaded documents (as attachments or secure download links), the audio clip and photos, your location as Google Maps links and a live tracking-map link, and your battery status. You choose the contacts; nothing is sent until you trigger an alert.
• Law enforcement — IP address and related forensic data may be disclosed only on a valid official request connected to a triggered alert. This is never shared with your contacts or the public.
• Service providers (processors) who operate the service on our behalf: email delivery, database hosting, push notifications, and subscription billing. They process data only to provide the service.
• We do not sell your personal data, and we do not share it with advertisers.

5. How long we keep data

• Account data and uploaded files: while your account exists; deleted when you delete your account.
• Alert media (audio and photos) and the alert record: kept for up to 1 year after the alert ends, then deleted.
• Location history: 30 days on a rolling basis. If an alert is triggered, the related history is frozen for 1 year from the alert.
• IP history: 30 days on a rolling basis; frozen for 1 year if an alert was triggered.
• Battery history: 30 days on a rolling basis; frozen for 1 year if an alert was triggered.
• Alert links sent to contacts (maps / evidence downloads): remain usable while the alert is active and for about 30 days after it ends.
• Anonymous crash diagnostics: up to 180 days.

6. Security

• All traffic is encrypted in transit (HTTPS/TLS).
• Passwords are stored as bcrypt hashes; session tokens are stored only as hashes on our server.
• On your device, authentication tokens and PIN hashes are kept in the operating-system secure storage (iOS Keychain / Android Keystore). Your PINs never leave your device in any form.
• Optional encrypted backups are encrypted on your device before upload — we store opaque data we cannot read.

During recording, your operating system shows standard indicators (a recording dot, a notification). This is required by Android/iOS and cannot be hidden.

7. Your choices and rights

You can:

• Access the data we hold about you and correct inaccurate data.
• Delete your account and data — in-app ("Delete account") or by emailing support (see Data Deletion).
• Turn off optional location history, battery history, and IP history; revoke camera/microphone/location permissions in your device settings.

U.S. residents (including under the California CCPA/CPRA): you have the right to know, access, delete, and correct your personal information, and not to be discriminated against for exercising these rights. We do not sell or "share" personal information as those terms are defined under U.S. privacy law. To exercise your rights, email us (Section 9).

8. Children

The App is intended only for adults 18 and older and is not directed to children. We do not knowingly collect data from anyone under 18. If you believe a minor has used the App, contact us and we will delete the data.

9. Recording laws and contact

You are responsible for following the recording laws in your location; see our Terms of Service (Recording of third parties).

Privacy questions and requests: support@iwaskidnapped.com.

10. Changes

We may update this policy. We will post the new version here and update the dates above. Material changes will be highlighted in the App.