Privacy Policy

Last Updated: March 29, 2026

This Privacy Policy describes how SenyAlert (the "App") handles your information. Your privacy is a priority, and the App is designed to minimize data collection and maximize user control. The App operates on a local-first principle: all personal data stays on your device.

1. Information the App Processes

To provide its core functionality (sending emergency alerts via SMS and/or email), the App processes the following information:

• Location Data: When you trigger an alert, the App accesses your device's GPS coordinates and may resolve them into a physical address. This information is included in the alert message sent to your chosen recipients via a Google Maps link. Location is only fetched at the moment of sending and is not tracked continuously or in the background.
• Recipient Contact Information: You provide the phone numbers and optionally email addresses of your trusted contacts. These are stored locally on your device.
• Alert Messages: You may create and customise up to seven predefined alert message slots plus one voice slot. These are stored locally on your device.
• Voice Input: The App uses on-device speech-to-text to transcribe voice messages into text. Audio is processed entirely on-device and is not stored or transmitted beyond the transcription result, which becomes part of the alert message.
• Voice Feedback (Text-to-Speech): Optionally, the App uses the device's built-in text-to-speech engine to read alert confirmations aloud. No audio data leaves the device.
• Alert History: The App maintains a local log of alerts sent, including timestamps, message content, recipients, delivery status, and the method used to send (SMS or email). This history is stored on your device only and is limited by your plan tier.

2. Permissions

The App requests specific system permissions to function. Each permission is requested at runtime with a clear explanation, and you may deny any permission (though some features will be unavailable).

Android Permissions

• Fine & Coarse Location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION): To determine your geographic coordinates when sending an emergency alert.
• Send SMS (SEND_SMS): To send alert messages directly via your device's SIM card without requiring a third-party service.
• Read Phone State (READ_PHONE_STATE): To check SIM card availability and cellular network registration status, so the App can accurately report whether SMS sending is possible.
• Record Audio (RECORD_AUDIO): To capture voice input for speech-to-text transcription of alert messages.
• Read Contacts (READ_CONTACTS): To allow you to select emergency recipients from your existing contacts.
• Post Notifications (POST_NOTIFICATIONS): To display notifications about alert delivery status and timer events.
• Internet & Network State (INTERNET, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE): To communicate with the Twilio SMS API (if configured), send email alerts via SMTP, perform address lookups from GPS coordinates, and verify connectivity status.
• Wake Lock (WAKE_LOCK): To prevent the device from sleeping during the alert sending process, ensuring delivery completes.
• Disable Keyguard (DISABLE_KEYGUARD): To allow alerts triggered from home screen widgets or external automation (e.g., Bluetooth buttons) to proceed without requiring the device to be unlocked.
• Foreground Service (FOREGROUND_SERVICE, FOREGROUND_SERVICE_SPECIAL_USE): To run the dead man's switch timer as a foreground service, keeping it active when the App is backgrounded or the device screen is off.
• Exact Alarms (SCHEDULE_EXACT_ALARM): To schedule a precise AlarmManager backup trigger for the dead man's switch timer, ensuring the alert fires on time even if the foreground service is interrupted.
• Battery Optimisation Exemption (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS): To ensure the timer and widget-triggered alerts work reliably in the background without being deferred by battery-saving systems.
• Camera (CAMERA, via flashlight): To flash the device's torch/flashlight as a visual alert signal. The camera is not used to capture images or video.
• Billing (com.android.vending.BILLING): To process in-app purchases for unlocking the premium recipients tier via Google Play.

iOS Permissions

• Location (When In Use): To determine your geographic coordinates when sending an emergency alert.
• Microphone: To capture voice input for speech-to-text transcription.
• Speech Recognition: To transcribe recorded voice into text for alert messages.
• Contacts: To allow you to select emergency recipients from your existing contacts.
• Notifications: To display delivery status and timer notifications.

3. SMS and Email Delivery Methods

The App supports multiple methods for sending alerts. You can set a preferred method in Settings; the App automatically falls back to an alternative if the primary method fails.

• Direct SMS (Android only): Messages are sent directly through your device's SIM card and carrier using the Android SMS Manager API. Standard carrier messaging rates may apply. Requires cellular signal.
• Twilio API (iOS & Android): If you choose to configure Twilio, the App uses your personal Twilio account credentials to send SMS via the Twilio REST API over an internet connection (Wi-Fi or mobile data). Your credentials are stored locally on your device using hardware-backed encrypted storage. Twilio processes the message according to Twilio's Privacy Policy. Using Twilio as preferred method provides redundancy: it can send alerts even when cellular SMS is unavailable, as long as an internet connection exists.
• iOS Messages Composer: On iOS, the App may present the native Messages app interface pre-filled with recipients and message text. Sending requires your manual confirmation by tapping Send in the Messages app. Delivery is handled by Apple's Messages service.
• Email (SMTP): If you configure email as a secondary channel, the App sends alert emails using your SMTP credentials directly from the device. Credentials are stored locally. The email is transmitted through your configured SMTP provider.

4. Admin Setup and Magic Link

The App includes an optional Admin Setup feature designed for caregivers who wish to remotely configure the App on behalf of a family member or someone in their care.

• The caregiver uses the Admin Setup screen to enter configuration data (recipient contacts, Twilio credentials, SMTP credentials, alert messages, and app preferences).
• The App generates a Magic Link: a URL containing all configuration data encoded as a Base64 payload. This link is shared via the device's standard OS sharing sheet (Messages, email, etc.).
• When the recipient opens the Magic Link on their device, the App displays a confirmation dialog before applying any configuration.
• Important: The Magic Link encodes sensitive information including Twilio credentials (Account SID and Auth Token) and SMTP credentials. You should share this link only via secure and private channels (e.g., a direct private message) and only with the intended recipient device.
• No configuration data from the Magic Link is transmitted to or stored by the Developer. The link is generated and consumed entirely on-device.

5. Data Storage and Security

• Local Storage Only: All configuration data, including recipient information, message templates, alert history, and app preferences, is stored locally on your device using SharedPreferences and encrypted storage.
• Sensitive Credentials: Twilio Auth Token and SMTP password are stored using flutter_secure_storage, which uses the Android Keystore system and iOS Keychain for hardware-backed encryption. The Twilio Account SID is stored in standard SharedPreferences.
• No Cloud Storage: The Developer does not operate any server to collect, store, or monitor your location data, contacts, messages, or usage patterns.
• No Analytics or Tracking: The App does not include any analytics SDKs, crash reporting tools, or advertising frameworks. No usage data is transmitted to the Developer or any third party.

6. Data Sharing

The App does not sell, trade, or share your personal data with any third parties. Data is only transmitted in the following circumstances, all initiated by your explicit action:

• To the recipients you explicitly configured when you trigger an alert (via SMS and/or email).
• To your mobile carrier when sending Direct SMS on Android.
• To Twilio when using the Twilio API for SMS delivery (only if you have configured it).
• To your SMTP email provider when sending email alerts (only if you have configured it).
• To Google Maps via a URL link included in the alert message (the recipient opens this link; no data is sent to Google by the App itself).
• To the recipient device via a Magic Link, if you use the Admin Setup feature to share configuration. See Section 4 for details.
• To Apple/Google for in-app purchase verification (purchase status only, no personal data).

7. In-App Purchases

The App offers an optional one-time in-app purchase to unlock the premium tier (up to 50 recipients and expanded alert history). This purchase is processed entirely through the Apple App Store or Google Play Store. The Developer does not receive or store any payment information. Purchase status is cached locally on your device. There are no subscriptions or recurring charges.

8. Home Screen Widgets (Android)

The App provides optional home screen widgets for quick alert access. Each widget may be configured with a custom message, stored locally via SharedPreferences. Tapping a widget launches the App to send an alert and does not transmit any data independently of the alert itself.

9. Automatic Alert Timers

The App includes timer-based features that can automatically send alerts without manual interaction. All timers operate entirely on-device; no data is transmitted until an alert is actually triggered.

• Dead Man's Switch: A countdown timer that sends an alert to your configured recipients if you do not check in before it expires. On Android, this uses a foreground service and an AlarmManager backup to remain reliable when the App is backgrounded.
• Activity Timer: A recurring period-based or time-of-day check-in timer. It can optionally send a start alert when the timer begins and sends an alert if you do not check in before the deadline.
• Daily Check-In: A scheduled daily reminder that sends an alert to your recipients if a check-in is missed by a configured deadline.

10. Data Retention and Deletion

• All data is stored locally on your device and persists until you clear the App's data, uninstall the App, or manually delete entries (e.g., alert history, recipients).
• Alert history is automatically capped at 20 entries (free tier) or 200 entries (premium tier).
• Uninstalling the App removes all locally stored data.
• The Developer has no access to your data and therefore cannot delete it on your behalf.

11. Children's Privacy

The App is not directed at children under 13. It does not knowingly collect any personal information from children. Since all data remains on the user's device and is never transmitted to the Developer, no child data is collected or processed by the Developer.

12. Your Rights

Because all data is stored locally on your device and the Developer does not collect or have access to any personal data:

• You have full control over all your data at all times.
• You can view, modify, or delete any data through the App's settings and history screens.
• You can revoke any permission at any time through your device's system settings.
• You can remove all data by uninstalling the App.

13. Changes to This Policy

The Developer may update this Privacy Policy from time to time. Any changes will be reflected by a new "Last Updated" date at the top of this document. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact

If you have any questions about this Privacy Policy, please contact the developer through the official App Store or Google Play support channels.