Legal
Privacy Policy
Overview
Safe Signals LLC ("we," "us," or "our") is committed to protecting the privacy of our website visitors, app users, and customers. This Privacy Policy explains what data we collect across our products and website, how we use it, and your rights regarding that data.
The short version: We collect what we need to run our products and nothing more. We do not sell your data. Our products are designed to protect people — that principle extends to how we handle your information.
This policy covers safesignals.io, skimguard.io, the SkimGuard iOS and Android apps, the SkimGuard B2B portal, the public SafeMap, and Muster when it launches.
What we collect
Website visitors (safesignals.io, skimguard.io)
- Contact information submitted via forms — name, email address, company, phone number, and any message content you provide.
- Usage data via analytics — pages visited, time on site, browser type, referring URL, approximate location (country/region level), and IP address.
- Cookie data — see Cookies below.
SkimGuard app users
- Account information — email address, sign-in method (Google, Apple, or email/password).
- Scan data — location, timestamp, and result of each scan you perform. This data populates the community safety map and is used to improve detection accuracy.
- Submitted reports — location, description, and any photos you choose to attach when reporting a suspected skimmer.
- Device information — app version, OS version, device type, and crash reports.
- Subscription status — managed via RevenueCat. We do not store payment card details.
SkimGuard business subscribers
- Business information — company name, billing address, and location data for registered terminal locations.
- Payment details — processed by Stripe. We never see or store card numbers.
- Portal usage — alert history, dashboard activity, and user management actions.
Muster users (when launched)
- Department information — department name, size, and contact details.
- Operational data — incident records, personnel accountability logs, PAR history, and exposure records. This data is stored locally on your devices by default and optionally synced to cloud storage on Tier 2+ subscriptions.
- Sensitive health data — rehab vitals and medical records captured during incidents. This data is subject to strict access controls and is never used for any purpose other than the department's own records.
How we use your data
- To provide, maintain, and improve our products and services.
- To process payments and manage subscriptions.
- To send service notifications, product updates, and support communications.
- To populate and improve the SkimGuard community safety map — scan data from all users is aggregated to create the shared safety layer.
- To send marketing communications — only with your consent, and you can unsubscribe at any time.
- To detect and prevent fraud or misuse of our platform.
- To comply with legal obligations.
What we don't collect
Safe Signals does not sell your data to third parties. Ever. We do not collect cardholder data, payment card numbers, or personal financial information from the customers of businesses using our products.
SkimGuard detects wireless signals — it does not collect transaction data, card numbers, or any personal information about people interacting with payment terminals at locations we monitor.
Muster is designed with privacy at its core. Vitals, medical notes, and exposure details are never logged. Crew members cannot view other personnel's health data. Exposure records are maintained with OSHA-required retention controls that cannot be shortened by department administrators.
Data sharing
We do not sell your data. We share data only with service providers necessary to operate our products:
- Google Cloud Platform / Firebase — hosting, database, authentication, and cloud functions. Data is stored in the United States.
- Stripe — payment processing for business subscriptions. Your card data goes directly to Stripe; we never see it.
- RevenueCat — in-app subscription management for SkimGuard consumer tiers.
- Mailgun — transactional email delivery (alerts, confirmations, notifications).
- Google Places API — used to verify business location hours for the SkimGuard grace period feature. We do not share your data with Google beyond what is necessary for this function.
- Law enforcement — when required by law, court order, or to protect the safety of users or the public. For SkimGuard, we maintain a law enforcement portal for authorized data requests.
- Business transfers — in the event of a merger or acquisition, your data may transfer to the acquiring entity subject to the same privacy commitments.
All third-party service providers are contractually required to protect your data and use it only for the purposes we specify.
Data retention
- SkimGuard scan and alert logs are retained for 24 months, then automatically deleted.
- Account and billing records are retained for the duration of your subscription plus 12 months.
- Website form submissions and support communications are retained for 3 years.
- Muster exposure records are retained for a minimum of 30 years post-separation, as required by OSHA 29 CFR 1910.1020. Department administrators cannot configure a shorter retention period.
- Muster incident archives are retained per the department's configured policy, with a minimum of the incident duration.
You may request deletion of your personal data at any time by contacting [email protected]. We will respond within 30 days. Note that some data may be retained where required by law.
Cookies
Our websites use cookies in two categories:
- Essential cookies — required for the site to function (session management, form security). These cannot be disabled.
- Analytics cookies — help us understand how visitors use the site. Optional and can be disabled via your browser settings.
We do not use advertising cookies. We do not allow third-party ad networks to place cookies on our sites.
Your rights
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — request that inaccurate data be corrected.
- Deletion — request that your personal data be deleted, subject to legal retention requirements.
- Objection — object to certain uses of your data, including direct marketing.
- Portability — receive your data in a structured, machine-readable format.
To exercise any of these rights, contact [email protected]. We will respond within 30 days and may need to verify your identity before processing your request.
Security
We implement industry-standard security controls across our infrastructure on Google Cloud Platform, including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and Firebase App Check to verify that requests come from legitimate app instances.
Muster peer-to-peer mesh traffic is encrypted using ChaCha20-Poly1305 with Ed25519 key authentication. No operational data traverses unencrypted channels.
In the event of a security breach affecting your personal data, we will notify you within 72 hours of discovery, as required by applicable law.
Children's privacy
Safe Signals products are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to your account address on file) and update the "Last updated" date at the top of this page. Your continued use of our products after the effective date constitutes acceptance of the updated policy.
Contact
Privacy questions, data requests, or concerns:
Safe Signals LLC
[email protected]
safesignals.io