Privacy Policy

Last Updated: February 11, 2026

This Privacy Policy describes how TapAlert (the "App") handles your information. Your privacy is a priority, and the App is designed to minimize data collection and maximize user control. The App operates on a local-first principle: all personal data stays on your device.

1. Information the App Processes

To provide its core functionality (sending emergency alerts via SMS and/or email), the App processes the following information:

• Location Data: When you trigger an alert, the App accesses your device's GPS coordinates and may resolve them into a physical address. This information is included in the alert message sent to your chosen recipients via a Google Maps link. Location is only fetched at the moment of sending and is not tracked continuously.
• Recipient Contact Information: You provide the phone numbers and optionally email addresses of your trusted contacts. These are stored locally on your device.
• Alert Messages: You may create and customise predefined alert messages. These are stored locally on your device.
• Voice Recordings: The App uses speech-to-text to transcribe voice messages. Audio is processed on-device for transcription and is not stored or transmitted beyond the transcription result, which becomes part of the alert message.
• Alert History: The App maintains a local log of alerts sent, including timestamps, recipients, and delivery status. This history is stored on your device only.

2. Permissions

The App requests specific system permissions to function. Each permission is requested at runtime with a clear explanation, and you may deny any permission (though some features will be unavailable).

Android Permissions

• Fine & Coarse Location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION): To determine your geographic coordinates when sending an emergency alert.
• Send SMS (SEND_SMS): To send alert messages directly via your device's SIM card without requiring a third-party service.
• Read Phone State (READ_PHONE_STATE): To check SIM card availability and cellular network registration status, ensuring the App can accurately report whether SMS sending is possible.
• Record Audio (RECORD_AUDIO): To capture voice input for speech-to-text transcription of alert messages.
• Read Contacts (READ_CONTACTS): To allow you to select emergency recipients from your existing contacts.
• Post Notifications (POST_NOTIFICATIONS): To display notifications about alert delivery status and dead man's switch timer events.
• Internet & Network State (INTERNET, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE): To communicate with the Twilio SMS API (if configured), send email alerts via SMTP, perform address lookups from GPS coordinates, and verify connectivity status.
• Wake Lock (WAKE_LOCK): To prevent the device from sleeping during the alert sending process, ensuring delivery completes.
• Disable Keyguard (DISABLE_KEYGUARD): To allow alerts triggered from home screen widgets or external automation (e.g., Bluetooth buttons) to proceed without requiring the device to be unlocked.
• Battery Optimisation Exemption (REQUEST_IGNORE_BATTERY_OPTIMIZATIONS): To ensure the dead man's switch timer and widget-triggered alerts work reliably in the background.
• Billing (com.android.vending.BILLING): To process in-app purchases for unlocking the unlimited recipients feature via Google Play.

iOS Permissions

• Location (When In Use / Always): To determine your geographic coordinates when sending an emergency alert.
• Microphone: To capture voice input for speech-to-text transcription.
• Speech Recognition: To transcribe recorded voice into text for alert messages.
• Contacts: To allow you to select emergency recipients from your existing contacts.
• Notifications: To display delivery status and timer notifications.

3. SMS and Email Delivery Methods

The App supports multiple methods for sending alerts:

• Direct SMS (Android only): Messages are sent directly through your device's SIM card and carrier. The App uses the Android SMS Manager API. Standard carrier messaging rates may apply.
• Twilio API (iOS & Android): If you choose to configure Twilio, the App uses your personal Twilio account credentials to send SMS via the Twilio REST API. Your credentials are stored locally on your device using encrypted storage (flutter_secure_storage). Twilio processes the message according to Twilio's Privacy Policy.
• iOS SMS Composer: On iOS, the App may present the native SMS composer interface, which requires manual confirmation before sending.
• Email (SMTP): If you configure email redundancy, the App sends alert emails using your SMTP credentials. These credentials are stored locally on your device. The email is transmitted through your configured SMTP provider.

4. Data Storage and Security

• Local Storage Only: All configuration data, including recipient information, message templates, alert history, and app preferences, is stored locally on your device using SharedPreferences and encrypted storage.
• Sensitive Credentials: Twilio API credentials (Account SID, Auth Token) are stored using flutter_secure_storage, which uses the Android Keystore system and iOS Keychain for hardware-backed encryption.
• No Cloud Storage: The Developer does not operate any server to collect, store, or monitor your location data, contacts, messages, or usage patterns.
• No Analytics or Tracking: The App does not include any analytics SDKs, crash reporting tools, or advertising frameworks. No usage data is transmitted to the Developer or any third party.

5. Data Sharing

The App does not sell, trade, or share your personal data with any third parties. Data is only transmitted in the following circumstances, all initiated by your explicit action of pressing the alert button:

• To the recipients you explicitly configured when you trigger an alert (via SMS and/or email).
• To your mobile carrier when sending Direct SMS on Android.
• To Twilio when using the Twilio API for SMS delivery (only if you have configured it).
• To your SMTP email provider when sending email alerts (only if you have configured it).
• To Google Maps via a URL link included in the alert message (the recipient opens this link; no data is sent to Google by the App itself).
• To Apple/Google for in-app purchase verification (purchase status only, no personal data).

6. In-App Purchases

The App offers an optional in-app purchase to unlock unlimited recipients. This purchase is processed entirely through the Apple App Store or Google Play Store. The Developer does not receive or store any payment information. Purchase status is cached locally on your device.

7. Home Screen Widgets (Android)

The App provides optional home screen widgets for quick alert access. Widget configuration (custom message) is stored locally via SharedPreferences. Tapping a widget launches the App to send an alert and does not transmit any data independently.

8. Dead Man's Switch

The App includes a countdown timer feature that can automatically send an alert if not dismissed within a configured period. This operates entirely on-device. No data is transmitted until an alert is actually triggered.

9. Data Retention and Deletion

• All data is stored locally on your device and persists until you clear the App's data, uninstall the App, or manually delete entries (e.g., alert history, recipients).
• Uninstalling the App removes all locally stored data.
• The Developer has no access to your data and therefore cannot delete it on your behalf.

10. Children's Privacy

The App is not directed at children under 13. It does not knowingly collect any personal information from children. Since all data remains on the user's device and is never transmitted to the Developer, no child data is collected or processed by the Developer.

11. Your Rights

Because all data is stored locally on your device and the Developer does not collect or have access to any personal data:

• You have full control over all your data at all times.
• You can view, modify, or delete any data through the App's settings and history screens.
• You can revoke any permission at any time through your device's system settings.
• You can remove all data by uninstalling the App.

12. Changes to This Policy

The Developer may update this Privacy Policy from time to time. Any changes will be reflected by a new "Last Updated" date at the top of this document. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this Privacy Policy, please contact the developer through the official App Store or Google Play support channels.