Privacy Policy

Last updated: April 2, 2026

Safeword ("My Safeword," "we," "us") is built around one principle: your personal data should stay on your device. This policy explains exactly what data we handle and why.

What we collect

Phone number. We use your phone number to send a one-time SMS verification code when you sign in. After authentication, your phone number is stored by our auth provider (Supabase) to maintain your session. Your phone number is also used by the Coach feature to place practice calls via Twilio.

Phone ID. A keyed HMAC-SHA256 identifier derived from your phone number is stored in our registry so other users who have your number in their contacts can discover that you are on Safeword. This identifier cannot be used to recover your phone number without the server-side secret.

Public key. When you enroll, your device generates a cryptographic key pair. Only the public key is uploaded to our registry. Your private key never leaves your device.

Push notification token. If you allow notifications, your device's push token is stored so we can deliver verification requests. Push tokens are device identifiers issued by Apple or Google, not personal information.

What stays on your device

• Your private cryptographic key (stored in secure hardware via iOS Keychain / Android Keystore)
• Your contact names, photos, and other contact details
• Your biometric data (managed entirely by your device's OS; we never access or store biometric templates)
• Your verification codes (generated on-device from a shared secret derived on-the-fly)

Contact discovery

When you grant contacts permission, My Safeword sends your contacts' phone numbers over TLS to our authenticated contact discovery service, which is hosted on Supabase Edge Functions, so we can determine which of your contacts are already on Safeword. We do not upload contact names, photos, notes, or other contact fields. The phone numbers are processed transiently to compute HMAC-SHA256 identifiers for matching and are not stored in our application database after the request.

Third-party services

• Supabase — authentication, database, and edge functions, including contact discovery matching. supabase.com/privacy
• Expo — push notification delivery. expo.dev/privacy
• Twilio — Coach practice calls. twilio.com/legal/privacy

We do not use any analytics, advertising, or tracking SDKs.

Data retention

Your registry entry (phone hash, public key) and push token are stored as long as your account is active. When you sign out and clear your key, your registry entry is removed. You can also request full account deletion by contacting us.

Data sharing

We do not sell, rent, or share your data with third parties for marketing or advertising. Data is shared only with the service providers listed above, solely to operate the app.

Children's privacy

Safeword is not directed at children under 13. We do not knowingly collect data from children under 13.

Your rights

You can delete your account data at any time by signing out with "Sign out & clear key." For full account deletion or data export requests, contact us at the address below.

Changes

We may update this policy from time to time. Material changes will be communicated through the app or on our website.

Contact

Questions about this policy? Email privacy@mysafeword.ai.