← Back to Home

Privacy Policy

Last Updated: March 2026

            Privacy-First Design: WellCheck stores the absolute minimum data needed to provide automated emergency alerts. Your personal information (names, photos, settings) stays on your device.
            
            No Backend Accounts: We don't create user accounts or store any identifying information beyond what's required for SMS consent and delivery.

Data Stored on Your Device (Local Only)

The following data never leaves your iPhone:

Contact photos
Check-in history and app settings
Alarm schedules and preferences
App customization preferences

Minimal Backend Storage (Required for SMS)

To send automated emergency SMS alerts, WellCheck stores minimal data on secure servers:

Emergency contact phone numbers (to deliver SMS)
Opt-out records (phone numbers that opted out - legal requirement)
Device push tokens — Used to notify you if a contact opts out, and temporarily held in a Cloud Task payload scheduled at check-in time. When the grace period ends, the Cloud Task sends emergency SMS alerts directly via Twilio and then delivers a push notification to update app state. The token is stored only in the task payload and is automatically destroyed when you check in (task cancelled) or when the trigger fires (task executes). It is never written to Firestore or any persistent database.

What we DON'T store:

Contact photos
Device identifiers beyond push tokens
Usage patterns or analytics
Location data (if location sharing is enabled, your GPS snapshot is included in the emergency task payload for that check-in cycle only — it is never written to a persistent database)
Anything else

Data Stored for SMS Consent Management

To manage consent requests for SMS alerts, we store the following while a request is pending:

Contact name (to personalize the consent form)
Your full name (displayed in the consent request)
Contact phone number (displayed on the consent page for verification)
Consent status (pending)
Request timestamp

Once consent is resolved (accepted, declined, or expired after 7 days), we immediately delete the names. Only the minimum needed for TCPA compliance is retained:

Contact phone number
Consent status (confirmed/rejected/expired)
Timestamps (requested, responded)

Note: If you have enabled location sharing, your GPS coordinates at last check-in are included in the Cloud Task payload for that check-in cycle. They are automatically discarded when you check in successfully (task cancelled) or when the emergency trigger fires (task executes). They are never written to Firestore or any persistent database.

Why Backend Storage is Necessary

iOS Limitation: Apple doesn't allow apps to send automated SMS messages from your device. To provide emergency alerts, we must use a third-party SMS service (Twilio).

Legal Requirement: US law (TCPA) requires us to collect explicit consent before sending SMS messages and to permanently honor opt-out requests.

Third-Party Services

Twilio (SMS Delivery): Used only to send emergency alerts to contacts who have explicitly consented. Twilio processes phone numbers and message content but does not store or use this data for any other purpose.

Firebase (Minimal Storage): Google's Firebase securely stores phone numbers, consent records, and opt-out records. Data is encrypted in transit and at rest.

No Analytics or Tracking: We don't use analytics services, advertising networks, or any tracking tools.

Permissions Required

Contacts: To select trusted contacts from your existing contacts

Photos (Optional): To choose custom photos for contacts

Notifications: For check-in reminders and emergency alerts

Location (Optional): To include your last known GPS location in emergency alerts. Only requested if you enable location sharing in Settings. Location is captured at check-in time only — never tracked continuously.

You can manage permissions in: Settings → Privacy → WellCheck

Your Data Rights

View stored data: Contact support@wellcheckapp.com
Remove your data: Delete the WellCheck app to remove all local data
Remove backend data: Contact support to delete consent records and phone numbers
Opt-out: Any contact can reply STOP to opt out of alerts or decline the consent request

Data Security

All network communication uses HTTPS encryption
Backend data is encrypted at rest on Firebase servers
SMS delivery uses TLS encryption via Twilio
No employee access to user data
Regular security audits

Data Retention

Names: Deleted as soon as consent is resolved (accepted, declined, or expired)
Phone numbers: Retained after consent is confirmed (needed for SMS delivery)
Consent status & timestamps: Retained permanently (TCPA compliance)
Opt-out records: Retained permanently (legal requirement)
Emergency wakeup push token & optional location: Stored only in a Cloud Task payload. Automatically deleted when you check in (task cancelled) or when the emergency trigger fires (task executes) — never persisted longer than one check-in cycle.

Your Choices

If you prefer complete privacy with no backend storage, you can:

Use WellCheck without SMS alerts (check-in timer and notifications still work without contacts)
Keep location sharing disabled (the default) — no GPS data ever leaves your device

Changes to This Policy

We'll notify you of any significant changes through the app and update the "Last Updated" date above.

Contact Us

Questions about privacy? Email: support@wellcheckapp.com

By using WellCheck, you agree to this privacy policy.
This policy complies with Apple App Store requirements, COPPA, CCPA, GDPR, and TCPA.