Privacy Policy

Last updated: May 2, 2026

StillSafe.Life ("StillSafe," "we," "us") provides a wellness check-in service that helps you stay safe and connected. This policy explains what we collect, how we use it, and the choices you have. This Privacy Policy is incorporated into and subject to our Terms of Service.

Information We Collect

We collect the following categories of personal information. The categories marked (SPI) qualify as “sensitive personal information” under the California Consumer Privacy Act (Cal. Civ. Code §1798.140(ae)) and similar state laws; see “Sensitive Personal Information” below.

  • Account details: name, email address, time zone, profile information, and account password (stored only as a cryptographic hash, never as plaintext) (SPI—credentials).
  • Your phone number (optional, only if you enable SMS or voice features).
  • Emergency contact information you add: names, relationships, emails, phone numbers, and notification preferences for each contact you designate.
  • Check-in data: check-in times, intervals, status history, mode (regular, adventure, date safety), and your configured schedule.
  • Safety-feature data: adventure-mode trip details, date-safety details (e.g., partner description, meeting location), pet-care information, and emergency-card information (medical conditions, allergies, blood type) (SPI—health, where applicable).
  • Precise geolocation: GPS coordinates that you choose to share during an active alert, an adventure, or a date-safety session, used solely to convey your last known location to your Emergency Contacts (SPI—precise geolocation).
  • Mood and wellness data: optional check-in mood scores and notes, if you enable mood tracking (SPI—health, including consumer health data under the Washington My Health My Data Act).
  • Communication content: the text of SMS messages we send and receive on your behalf, scripts of AI-generated voice calls, and call metadata (call IDs, durations, status, key-press input from recipients) (SPI—contents of communications).
  • Voice-call audio: recordings of AI-generated voice calls may exist on the systems of our voice provider (Vapi.ai). StillSafe does not retain voice prints or biometric identifiers; see “AI-Generated Communications” below.
  • Communication logs: delivery records for emails, SMS, voice calls, and push notifications, plus opt-in / opt-out timestamps and consent verification records.
  • Device and usage data: IP address, approximate location derived from IP, browser type and version, device identifiers, and basic interaction logs (pages visited, error reports).
  • Payment data: billing status, subscription history, and PayPal transaction identifiers. We do not receive or store full card numbers.
  • Referral and attribution data: if you arrived via a partner referral link, we record the partner identifier in a cookie so the partner can be credited.

How We Use Your Information

  • Provide and operate the check-in service, reminders, and safety alerts.
  • Notify your Emergency Contacts if you miss a check-in or trigger a safety alert.
  • Capture and document express written consent from your Emergency Contacts to receive SMS messages and AI-generated voice calls, in compliance with the Telephone Consumer Protection Act (TCPA, 47 U.S.C. §227) and FCC rules.
  • Send service emails, SMS, voice calls, and push notifications related to the Service.
  • Process subscriptions and refunds through PayPal.
  • Detect and prevent fraud, abuse, security incidents, and violations of our Terms.
  • Comply with legal obligations, respond to lawful requests, enforce agreements, and protect rights, property, and safety.
  • Maintain backups and ensure system reliability.

What we do NOT do. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not send marketing emails. We do not use your personal information—including check-in data, mood scores, location, voice recordings, or message content—to train artificial-intelligence or machine-learning models, in each case without your separate, affirmative, opt-in consent.

Why We Process Your Information

We process personal information for the following purposes:

  • To perform the contract we have with you under the Terms of Service—delivering check-ins, sending notifications, and managing your account.
  • To comply with law, including breach-notification statutes, lawful subpoenas, and tax/accounting requirements.
  • For our legitimate operational interests, including detecting fraud, preventing abuse, ensuring security, debugging, and maintaining service reliability.
  • With your consent, for any optional features that require it (for example, mood tracking, location sharing). You may withdraw consent at any time by disabling the corresponding feature.

How Alerts Work

If you miss a check-in, we will attempt to reach you first (email, push, SMS, and/or AI voice call if enabled). If we cannot confirm you are okay, we notify the emergency contacts you configured. Those contacts may receive your name, last check-in time, safety mode details, and location when relevant to the alert.

SMS and Voice Communications

StillSafe sends SMS text messages and AI-generated voice calls as part of its safety check-in service. Messages include check-in reminders to you, missed check-in alerts to your Emergency Contacts, all-clear notifications, and urgent safety alerts. Message frequency varies based on your check-in schedule and settings (typically 1–10 messages per week). Message and data rates may apply.

How we capture consent. When you designate an individual as an Emergency Contact and enable SMS or voice notifications, the Service automatically sends that contact a verification message requesting their express consent to receive both SMS and AI-generated voice calls, as required by the TCPA and the FCC’s February 2024 ruling on AI-generated voice calls (CG Docket 23-362). We do not send any further SMS or voice call to that contact unless and until they affirmatively reply “YES.” We retain timestamped records of consent (date, phone number, content of the consent message, and network identifiers) for as long as the consent is relied upon plus a reasonable period thereafter for legal-defense purposes. See our Terms of Service, “Emergency Contact Consent Verification,” for details.

Periodic re-verification. To reduce the risk of contacting reassigned phone numbers, we automatically re-verify Emergency Contact consent at least every 365 days. If a contact does not affirmatively re-confirm, we stop sending SMS and voice calls to that number.

Opt-out and suppression list. You or any recipient may opt out of SMS at any time by replying STOP to any message. Reply HELP for assistance. When a number opts out, it is added to a suppression list, and we retain that record indefinitely so we do not contact the number again. You may also disable SMS or voice notifications in your account settings.

We will not share your mobile phone number, SMS opt-in data, or any mobile information with third parties or affiliates for marketing or promotional purposes. Mobile information is used solely to deliver the StillSafe safety check-in service.

Cookies and Session Data

We use a small number of strictly necessary and functional cookies. We do not use cookies for advertising, cross-site tracking, or behavioral profiling.

  • Session cookie (strictly necessary): keeps you logged in across pages.
  • CSRF-token cookie (strictly necessary): protects against cross-site request forgery on form submissions.
  • Referral-attribution cookie (functional): if you arrived via a partner link, records the partner’s identifier so the partner can be credited for your subscription.

Do Not Track / Global Privacy Control. No common industry standard exists for honoring browser-level “Do Not Track” signals, so we do not respond to them. We do honor the Global Privacy Control (GPC) signal as a request to opt out of any future sharing for cross-context behavioral advertising, in accordance with California regulations (11 CCR §7025). Because we do not currently engage in any such sharing, the GPC signal does not change how we process your data, but the signal is logged and respected.

Data Sharing

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA, the Texas Data Privacy and Security Act, or any similar state law. We share personal information only:

  • With your designated Emergency Contacts when an alert is triggered (your name, last check-in time, safety mode details, and last-known location, where applicable).
  • With our service providers / subprocessors listed below, each contractually limited to processing your data only as needed to provide their service to us.
  • With law-enforcement, courts, or regulators if required by valid legal process or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of any person.
  • With a successor in interest in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to commitments to honor this Privacy Policy.

Subprocessors. Each of the following processes personal data on our behalf, subject to the standard terms of service, customer agreement, and (where applicable) data processing addendum that the provider publishes for its customers. We do not authorize any subprocessor to use your personal information for its own commercial purposes; subprocessor use is limited to providing its service to us, plus the limited operational purposes (service improvement, fraud detection, aggregated analytics, billing, and similar) that each provider’s terms permit.

  • Twilio, Inc. — SMS delivery and inbound SMS handling; phone-number verification. (Receives: phone numbers, SMS message content.) Privacy.
  • Vapi.ai — AI-generated voice calls. Vapi.ai uses third-party language models (OpenAI GPT-4o-mini for script generation and OpenAI text-to-speech for voice synthesis) for inference only. We do not authorize, and Vapi.ai/OpenAI represent that they do not perform, model training on call data. (Receives: phone numbers, voice script content, recipient input.) Privacy.
  • Postmark (ActiveCampaign LLC) — transactional email delivery. (Receives: email addresses, email content.) Privacy.
  • PayPal Holdings, Inc. — subscription billing and payment processing. (Receives: name, email, billing identifiers; we do not receive full card numbers.) Privacy.
  • Web-hosting and infrastructure provider — application hosting and database storage in the United States.

A current list of subprocessors is available on request. We will provide reasonable advance notice of any new subprocessor that processes personal data on our behalf.

Security

We protect personal data using technical and organizational safeguards commensurate with the sensitivity of the data, including: TLS 1.2 or higher for data in transit; AES-256 application-level encryption for designated categories of personal information at rest (including phone numbers); cryptographic password hashing using industry-standard algorithms; CSRF protection on form submissions; rate limiting; and access controls limiting personal data to personnel with a legitimate operational need. No system is 100% secure, but we work to keep your information safe.

Data Retention

We retain personal information only for as long as needed for the purposes described in this Privacy Policy, to comply with our legal obligations, or to resolve disputes and enforce our agreements. The table below describes our typical retention periods by data category. After the listed period, data is deleted, anonymized, or moved to inactive backups that are themselves purged within ninety (90) days.

  • Account profile and credentials: for the life of your account, then deleted within thirty (30) days after account closure (subject to legal-hold or fraud-prevention exceptions).
  • Emergency Contact records: for the life of your account; on contact deletion or account closure, deleted within thirty (30) days.
  • Consent verification records (TCPA): retained for the life of the underlying consent plus four (4) years after revocation, to support TCPA defense.
  • Suppression list (opted-out phone numbers): retained indefinitely in hashed form so we do not contact the number again.
  • Check-in history, mood data, and adventure/date-safety records: retained for the life of your account; deleted within thirty (30) days after account closure unless aggregated into anonymized service-quality statistics.
  • Precise geolocation: retained only for the duration of the active alert or session in which it was captured, plus thirty (30) days for incident review, then deleted.
  • Voice-call audio recordings (held by Vapi.ai): retained for no more than ninety (90) days unless required for a specific legal or service-quality matter.
  • Communication logs (delivery receipts, message metadata): twenty-four (24) months.
  • Payment records: seven (7) years (tax and accounting requirements).
  • Server access and security logs: ninety (90) days, except where extended retention is needed to investigate a specific incident.

You may request deletion of your account and associated data at any time as described under “Your Choices” below. Deletion requests are honored subject to legal-retention obligations (for example, billing records or TCPA defense logs).

Sensitive Personal Information

Some categories of personal information we collect qualify as “sensitive personal information” (SPI) under the California Consumer Privacy Act (Cal. Civ. Code §1798.140(ae)) and similar state laws, including:

  • Account login credentials (your password, stored only as a cryptographic hash);
  • Precise geolocation, captured only during active alerts or location-sharing sessions;
  • Contents of communications (the text of SMS messages and the audio/script of AI-generated voice calls we send on your behalf);
  • Health-related information, where you choose to provide it (for example, medical conditions on your emergency-info card, mood scores from optional mood tracking).

Limited use of SPI. We use SPI only as reasonably necessary to provide the Service you have requested, to verify identity, to detect security incidents, to ensure the integrity and authenticity of communications, and to comply with law—in each case as permitted under Cal. Civ. Code §1798.121(d). We do not use SPI to infer characteristics about you, to build advertising or behavioral profiles, or for any purpose that would require a separate “Right to Limit” notice under California regulations.

Right to limit use of SPI. California residents (and residents of states with equivalent rights) may nonetheless request that we further limit our use of their sensitive personal information by emailing tim@stillsafe.life with the subject line “Limit Use of Sensitive Personal Information.” If we cannot continue providing the Service after applying the requested limit, we will tell you which features are affected.

Children

The Service is intended only for individuals who are at least eighteen (18) years of age. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a child under 13, we will delete it promptly in accordance with the Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. §§6501–6506) and 16 C.F.R. Part 312. To report a concern, contact tim@stillsafe.life.

Your Choices

  • Update or correct your profile and contact information in your account settings.
  • Choose which alert methods are enabled for each contact.
  • Request account deletion by emailing us at tim@stillsafe.life.

Your Privacy Rights

Depending on your jurisdiction, you may have additional rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data.
  • Portability: Request a copy of your data in a portable, machine-readable format.
  • Objection: Object to our processing of your data in certain circumstances.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at tim@stillsafe.life. We will respond within the timeframe required by applicable law.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), provides you with the following rights:

  • Right to know. You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
  • Right to correct inaccurate personal information we maintain about you.
  • Right to delete personal information we have collected from you, subject to legal exceptions (for example, billing records or TCPA defense logs).
  • Right to limit use of sensitive personal information as described in “Sensitive Personal Information” above.
  • Right to opt out of sale or sharing. We do not sell personal information and do not share personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals as required by 11 CCR §7025.
  • Right to opt out of automated decision-making and profiling. See “Automated Decision-Making” below.
  • Right to non-discrimination. We will not deny services, charge different prices, or provide a different level of service because you exercised any of these rights.

How to submit a request. Email tim@stillsafe.life with the subject line “California Privacy Request” and tell us which right you are exercising. We will acknowledge your request within ten (10) business days and respond substantively within forty-five (45) calendar days. We may extend the response period by an additional forty-five (45) days when reasonably necessary, with notice to you. We will verify your identity before fulfilling your request by confirming your account credentials and, if needed, requesting additional verification information.

Authorized agents. You may designate an authorized agent to submit a CCPA request on your behalf. The agent must provide written, signed permission from you, and we may require you to verify your own identity directly with us before fulfilling the request, in accordance with 11 CCR §7063.

“Shine the Light” (Cal. Civ. Code §1798.83). California residents may request information about our disclosures of personal information to third parties for those third parties’ direct marketing purposes. We do not make any such disclosures.

Texas Privacy Rights (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code Ch. 541), effective July 1, 2024, provides you with the following rights:

  • Right to confirm and access the personal data we process about you;
  • Right to correct inaccuracies in your personal data;
  • Right to delete personal data provided by or obtained about you;
  • Right to data portability: obtain a copy of your personal data in a portable, readily usable format;
  • Right to opt out of (i) the sale of personal data, (ii) targeted advertising, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.

StillSafe does not sell personal data, does not engage in targeted advertising, and does not engage in covered profiling for consequential decisions about you. Submit a Texas privacy request by emailing tim@stillsafe.life with the subject line “Texas Privacy Request.” We will respond within forty-five (45) days, with a single forty-five (45) day extension when reasonably necessary, in accordance with Tex. Bus. & Com. Code §541.054.

Appeals. If we deny your request, you may appeal by replying to our denial email within a reasonable time. We will respond to your appeal within sixty (60) days. If your appeal is denied, you may submit a complaint to the Texas Attorney General at www.texasattorneygeneral.gov.

Sale or processing of sensitive data—notice. NOTICE: We may process biometric data (specifically, the contents of voice communications) and precise geolocation data only as necessary to provide the Service. We do not sell sensitive personal data.

Washington Consumer Health Data (My Health My Data Act)

If you are a Washington resident, the Washington My Health My Data Act (RCW 19.373) provides specific protections for “consumer health data,” which may include mood-tracking entries, medical information you place on your emergency-info card, and precise geolocation when collected in connection with health-related features.

  • Consent. We collect and process consumer health data only for purposes you have consented to or that are necessary to provide a feature you have requested (such as mood tracking or emergency-info display). You may withdraw consent at any time by disabling the feature in your account settings.
  • No sale. We do not sell consumer health data and we do not authorize our subprocessors to do so.
  • No geofencing. We do not use geofences to identify, track, or send messages to you based on your proximity to any health-care facility.
  • Right to access, delete, and withdraw consent. Submit a Washington consumer-health-data request by emailing tim@stillsafe.life with the subject line “WA Consumer Health Data Request.” We will respond within forty-five (45) days.

Geographic Scope and International Transfers

The Service is offered only to residents of, and from within, the United States. Personal data is collected, processed, and stored on servers located in the United States. As described in our Terms of Service, residents of the European Union, the United Kingdom, the European Economic Area, and Switzerland should not use the Service; we do not represent or warrant that the Service complies with the General Data Protection Regulation, the UK GDPR, the ePrivacy Directive, or other non-US data-protection laws.

If you access the Service from outside the United States in violation of our Terms, you do so at your own initiative and you are responsible for compliance with local law. We do not implement Standard Contractual Clauses, Binding Corporate Rules, or other GDPR Article 46 transfer mechanisms.

Security Incidents

In the event of a data breach affecting your personal information, we will notify you without undue delay and, where required under Texas law (Tex. Bus. & Com. Code §521.053), within 60 days of discovery. We will also notify the Texas Attorney General if required by law. Notification may be provided via email to the address associated with your account, through in-app notification, or by other means as required by applicable law.

Automated Decision-Making

The Service is, by design, an automated escalation system. Based on your configured check-in schedule and notification preferences, the Service automatically determines: (i) when to send you a reminder or attempt a self-check-in voice call; (ii) when to mark a check-in as missed; (iii) when to escalate by notifying your Emergency Contacts; and (iv) what information to share with those contacts (which may include your name, status, last check-in time, and last-known location). These automated decisions can produce significant effects, including disclosure of your safety status and personal information to the contacts you have designated.

You control the logic. You configure and can change all relevant settings: your check-in schedule, your notification preferences, the escalation tiers and delays, your designated Emergency Contacts, and the alert types each contact may receive. You may pause check-ins, deactivate safety modes, or close your account at any time. Because automated escalation is the core function of the Service, opting out of automated processing means deactivating the corresponding feature or closing your account.

What we do not do. StillSafe does not use your personal data to: build advertising or behavioral profiles; evaluate you for credit, employment, insurance, housing, education, or any other consequential decision; train artificial-intelligence or machine-learning models (without your separate, affirmative, opt-in consent); or perform “profiling in furtherance of decisions that produce legal or similarly significant effects” as that phrase is used in the California CCPA (Cal. Civ. Code §1798.140(z)) and the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code §541.001).

AI-Generated Communications

We use Vapi.ai as our voice-call provider. Vapi.ai uses third-party AI models from OpenAI (GPT-4o-mini for script generation and an OpenAI text-to-speech voice for synthesis). Call content—including the text of the script, the name of the recipient, and any spoken response or key-press input—is transmitted to those providers solely for inference (generating the call in real time).

No training without consent. Our agreements with Vapi.ai require that call data not be used to train, fine-tune, or otherwise improve general-purpose AI models without our authorization. We do not authorize such training, and we do not use your communications to train any model, in each case without your separate, affirmative, opt-in consent.

Recordings. Where call recordings are created (for example, for service-quality monitoring or to investigate a delivery failure), they are retained for no more than ninety (90) days unless we are required to retain them longer for a specific legal or service-quality matter.

No biometric identifiers. StillSafe does not extract, generate, store, or use voice prints, voice embeddings, facial geometry, or other biometric identifiers (as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14/), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code §503.001), or similar laws) for the purpose of identifying any individual.

AI calls are generated by artificial intelligence and are not made by a human operator. While we take measures to ensure clarity, StillSafe makes no warranty as to the accuracy, intelligibility, or delivery of AI-generated messages. For full disclaimers, see our Terms of Service.

Notification Delivery

Although we use industry-standard providers (Twilio for SMS, Vapi.ai for voice, SMTP for email), we cannot guarantee that any notification will be successfully delivered, received, or acted upon. Delivery depends on third-party networks, carriers, and infrastructure beyond our control. For comprehensive notification delivery disclaimers, see our Terms of Service.

Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date at the top of this page when we do.

Material changes. For changes that materially affect your rights or how we use your personal information, we will provide at least thirty (30) days’ advance notice by email and through the Service, and the changes will take effect for your account only after you affirmatively accept the revised policy. If you do not accept the revised policy within the notice period, your account will be closed at the end of your current billing period and you will receive a pro-rated refund of any prepaid amounts attributable to the post-closure portion of the term.

Non-material changes (clarifications, typographical corrections, contact-information updates, or changes required by law) take effect when posted; your continued use of the Service constitutes acceptance.

We review this Privacy Policy at least annually.

Dispute Resolution

This Privacy Policy is governed by and subject to our Terms of Service, including the binding arbitration clause, class action waiver, jury trial waiver, DTPA acknowledgment, and two-year statute of limitations set forth therein. Any dispute regarding this Privacy Policy or our data practices shall be resolved in accordance with the dispute resolution provisions in our Terms of Service, under the laws of the State of Texas, with venue in Harris County, Texas.

Contact

Questions about privacy? Contact us at tim@stillsafe.life. Our primary service area is Harris County, Texas.