Skip to content
WellAlert
How it works Features Pricing FAQ Support
Join the waitlist Get the app
← Back to WellAlert

Privacy Policy

Effective Date: July 5, 2026  |  Last Updated: July 5, 2026

Summary: WellAlert collects only the data necessary to deliver safety check-in, emergency alert, and optional location-sharing features. We do not sell your personal data or use it for advertising. Location sharing is off by default — when you turn it on, your location is shared only with the care-circle contacts you choose. Wellness entries and health-related information are treated as sensitive data. You can delete your account and associated data at any time from within the app.

This Privacy Policy explains how WellAlert, operated from British Columbia, Canada ("WellAlert," "we," "us," or "our"), collects, uses, stores, and shares information when you use the WellAlert mobile application, website, and related services (the "Service"). It also describes your rights and choices regarding your data. By using the Service, you agree to the collection and use of information as described in this Policy.

1. Information We Collect

1.1 Information You Provide Directly

CategorySpecific Data PointsRequired?
Account & Profile First name, last name, username, email address, phone number, country, city/region, avatar emoji, display name, bio, profile photo (stored in our cloud storage) Partially (email required; others optional)
Launch Waitlist Email address submitted through the coming-soon website, submission source, and submission timestamp No (optional)
Authentication Password (hashed and never stored in plaintext), Apple ID token (Sign in with Apple), magic link email, session tokens Yes
Wellness Entries Mood score (1–10), mood emoji, text notes, timestamps, check-in status No (user-initiated)
Wellness Media Photos, videos, and voice memos attached to wellness entries — stored locally on your device, not uploaded to our servers No (user-initiated)
Alarm Configuration Alarm title, scheduled time, response window duration, repeat schedule, escalation settings No (user-initiated)
Emergency Contacts Contact name, email address, phone number, relationship to user, acceptance status (see Section 5 regarding contacts who are not WellAlert users) No (user-initiated)
Location Data Precise device location (GPS coordinates), including live location updates and special responder instructions you enter — only if you enable location sharing, and shared only with the care-circle contacts you select. Location may also be attached to emergency/SOS alerts when sharing is enabled. No (off by default; opt-in)
Activity Logs Timestamps of check-ins, alarm events, alert escalations, contact notifications sent, and test alerts Generated automatically

1.2 Information Collected Automatically

  • Device identifiers: iOS device token used for push notification delivery via Apple Push Notification Service (APNs).
  • App usage data: Feature interactions, alarm firing events, and check-in response times used solely to operate the escalation workflow.
  • Crash and error logs: Anonymised diagnostic data to identify and fix bugs. This data does not include wellness content or contact details.
  • IP address: Collected when your device communicates with our backend (Supabase). Used for security monitoring and fraud prevention; not used for advertising.
  • Waitlist security metadata: A hashed version of your IP address and limited browser user-agent information may be stored when you submit the website waitlist form to prevent abuse.

1.3 Information We Do NOT Collect

  • Location data when location sharing is disabled (we request location permission only if you turn sharing on).
  • Contacts from your device's native address book (you enter emergency contact details manually or via in-app search/QR code).
  • Browsing history or data from other apps.
  • Biometric identifiers.
  • Payment card numbers (all payments are processed by Apple; we receive only subscription status).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Authenticating your account, scheduling and firing alarms, recording check-in responses, and triggering escalation and SOS notifications to your emergency contacts.
  • Notifications: Sending push notifications, in-app alerts, emails, and (where SMS alerting is enabled) SMS text messages for wellness prompts, missed check-ins, emergency alerts, and contact request updates.
  • Location Sharing: If you enable it, sharing your location with the care-circle contacts you select and displaying it on their in-app map, and including your location in emergency/SOS alerts to those contacts.
  • Contact Features: Allowing designated emergency contacts to view your wellness status and receive escalation alerts, strictly as configured by you.
  • Account Management: Processing account registration, password recovery, and subscription status.
  • Safety & Security: Detecting, preventing, and investigating fraud, abuse, and violations of our Terms & Conditions.
  • Service Improvement: Analyzing aggregated, anonymised usage patterns to improve app reliability and features. Individual wellness data is never used for this purpose.
  • Legal Compliance: Complying with applicable laws, regulations, legal process, or enforceable governmental requests.
  • Communications: Sending important service notices, security alerts, and (if you opt in) product updates. You may opt out of marketing communications at any time.

We do not use your data for targeted advertising and do not sell, rent, or trade your personal data to any third party.

3. Sensitive Data – Wellness, Health & Location Information

Wellness scores, mood data, health-related notes, and precise location data are treated as sensitive personal data. We apply the following additional protections:

  • Sensitive data is encrypted in transit (TLS 1.2+) and at rest.
  • Access to sensitive data by our team is restricted on a strict need-to-know basis and logged.
  • Sensitive data is never shared with advertisers, data brokers, or analytics providers.
  • Location sharing is opt-in, off by default, and limited to the contacts you explicitly select. You can stop sharing at any time in the app or by revoking location permission in iOS Settings.
  • Wellness data shared with your emergency contacts is limited to the information you explicitly choose to share through the app's contact features.
  • We do not use sensitive data to make automated decisions that produce legal or similarly significant effects on you.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 With Your Emergency Contacts

When you designate emergency contacts and they accept your request, they may see your wellness check-in status, alarm information, escalation and SOS alerts, and — if you enable location sharing — your location and any special responder instructions you enter, as configured by you. You control what information is visible through the app settings.

4.2 With Service Providers

ProviderPurposeData SharedLocation
Supabase Database, authentication, file storage, serverless functions App data stored server-side (profile, profile photo, contacts, alarms, location shares, logs) United States (AWS)
Apple (APNs) Push notification delivery Device token, notification payload (no wellness content in payload) Apple infrastructure
Apple (Sign in with Apple / App Store) Authentication and subscription payment processing Apple ID token, email (may be a private relay address), subscription transaction status Apple infrastructure
Twilio SMS delivery of emergency and escalation alerts (where SMS alerting is enabled) Recipient phone number, sender name, alert message content United States
Resend Email delivery of emergency alerts, escalation notices, and contact invitations Recipient email address, sender name, alert message content United States
RevenueCat Subscription entitlement management Anonymised app user ID, subscription status and transaction metadata (no payment card data) United States

All service providers are engaged to process data only on our behalf, according to our instructions, and with appropriate security safeguards.

4.3 For Legal Reasons

We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal process; (b) protect the rights, property, or safety of WellAlert, our users, or the public; or (c) detect, prevent, or address fraud or security issues.

4.4 Business Transfers

If WellAlert is involved in a merger, acquisition, asset sale, incorporation of a successor entity, or bankruptcy proceeding, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent in-app notice before your data is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your data for any other purpose with your explicit consent.

5. Information About Your Emergency Contacts (Non-Users)

When you add an emergency contact who is not a WellAlert user, you provide us with that person's name, email address, and/or phone number. We process this information solely to send them the alerts and invitations you configure — never for marketing. Before adding someone, you must have their consent (see our Terms). If you are an emergency contact and do not wish to receive alerts:

  • You may use the opt-out or unsubscribe mechanism included in messages you receive (e.g., replying STOP to an SMS), or
  • Contact us at damione@gmail.com and we will remove your details from the designating user's contact list and suppress future alerts to you.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account & profile data: Retained until you delete your account.
  • Wellness entries & activity logs: Retained until you delete the entry or your account, whichever comes first.
  • Media attachments (photos, videos, voice memos): Stored locally on your device and deleted when you delete the entry or the app.
  • Profile photos: Stored in our cloud storage; deleted within 30 days of account deletion.
  • Location shares: Current shared location is retained only while sharing is active; historical location points are not retained after a share ends, except in escalation logs where a location was attached to an alert.
  • Escalation & notification logs: Retained for up to 12 months for safety and dispute resolution purposes, then deleted.
  • Waitlist emails: Retained until launch communications conclude or you unsubscribe, whichever comes first.
  • Anonymised analytics data: Retained indefinitely (no personal identifiers).
  • Legal hold: We may retain data longer if required by law or in connection with an active legal proceeding.

Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

  • TLS 1.2+ encryption for all data in transit between the app and our servers.
  • Encryption at rest for data stored in Supabase.
  • Row-level security (RLS) policies on the database so each user can only access their own data and data explicitly shared with them.
  • Authentication via hashed passwords and short-lived session tokens with automatic refresh.
  • Restricted internal access to production data with audit logging.

No method of transmission or storage is 100% secure. In the event of a data breach that creates a real risk of significant harm to you, we will notify you and the applicable regulators without undue delay and within the timeframes required by applicable law (including PIPEDA and, where applicable, the GDPR).

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

8.1 Rights Available to All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data. You can also delete your account directly through the app settings.
  • Data Portability: Request a machine-readable export of the data you have provided to us.
  • Withdraw Consent: Turn off location sharing at any time in the app or in iOS Settings; withdraw other consents by adjusting app settings or contacting us.
  • Opt-Out of Marketing: Unsubscribe from promotional communications at any time by tapping "unsubscribe" in any marketing email or contacting us directly. Service-related notifications cannot be fully disabled while you have an active account, as they are core to the Service's safety function.
  • Push Notifications: You can revoke notification permissions at any time in your device's iOS Settings. Note that disabling notifications will prevent the Service from alerting you and your contacts, which is central to its safety purpose.

8.2 Canada (PIPEDA & Provincial Privacy Laws)

WellAlert is operated from British Columbia, Canada, and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the British Columbia Personal Information Protection Act (PIPA) where applicable. You have the right to access and correct your personal information, to withdraw consent (subject to legal or contractual restrictions), and to be informed of how your information is used and disclosed — including that it is stored with service providers in the United States (see Section 10). You may challenge our compliance by contacting us, and you have the right to complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner for British Columbia.

8.3 EU / EEA / UK Residents (GDPR)

If you are located in the EU, EEA, or UK, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • Right to Restrict Processing: Request that we restrict processing of your data in certain circumstances.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right Not to Be Subject to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce significant legal effects. WellAlert does not engage in such processing.
  • Right to Lodge a Complaint: Lodge a complaint with your local data protection authority.

Our legal bases for processing under GDPR are: (a) contractual necessity (to provide the Service); (b) legitimate interests (security, fraud prevention, service improvement); and (c) your consent (for optional features such as location sharing, and for marketing).

8.4 California & Other U.S. State Residents

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA (similar rights may apply under other U.S. state privacy laws):

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to delete your personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA.
  • The right to limit the use and disclosure of sensitive personal information (including precise geolocation). We use sensitive personal information only to provide the Service at your direction.
  • The right not to be discriminated against for exercising your CCPA rights.

To exercise any of these rights, contact us at damione@gmail.com with the subject line "Privacy Request." We will respond within the legally required timeframe for your jurisdiction (30 days in Canada; 45 days under the CCPA). We may need to verify your identity before processing your request.

9. Children's Privacy

The Service is intended for adults and is restricted to users who are at least 18 years old (or the age of majority in their jurisdiction, whichever is greater). We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a minor, we will delete that information as quickly as possible and terminate the associated account. If you believe a minor has provided us with personal information, please contact us at damione@gmail.com.

10. International Data Transfers

WellAlert is operated from Canada, and your data is stored with service providers (including Supabase, Twilio, Resend, and RevenueCat) on infrastructure located in the United States. Personal information stored or processed in the United States may be subject to access by U.S. courts, law enforcement, and national security authorities under U.S. law. By using the Service, you consent to this transfer and processing.

For transfers of data from the EU/EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms recognised by applicable data protection law.

11. Third-Party Links & Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party service you visit. This Policy applies only to information collected by WellAlert through the Service.

12. Apple-Specific Disclosures

In compliance with Apple App Store requirements:

  • Data Used to Track You: None. We do not track you across apps or websites owned by other companies.
  • Data Linked to You: Contact info, identifiers, health & fitness data (wellness scores), user content (notes, profile photo), precise location (only when you enable location sharing), usage data.
  • Data Not Linked to You: Crash data (anonymised).
  • We do not use any Apple frameworks or APIs to share data with third parties for advertising or tracking purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via in-app notice or email at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy.

We encourage you to review this Policy periodically. Previous versions will be made available upon request.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

WellAlert – Privacy
British Columbia, Canada
Email: damione@gmail.com
Subject line: "Privacy Request"
Website: wellalerapp.com

We aim to respond to all privacy-related inquiries within 30 days (or within the legally required timeframe for your jurisdiction).

WellAlert is not an emergency service. It alerts the people you choose; it is not a medical device and does not contact emergency services (911). In a life-threatening emergency, always call your local emergency number first.

© 2026 WellAlert. All rights reserved. Terms & Conditions · Privacy Policy · Support