Privacy Policy
Last updated: March 24, 2026
Check In Circle (“we”, “our”, or “us”) operates the Check In Circle mobile application (the “App”). This Privacy Policy explains how we collect, use, and protect your information when you use our App.
Information We Collect
Information You Provide
- Phone number: Used as your primary account identifier and for sending check-in reminders via SMS during escalation.
- Name and email address: Used for your profile and as additional contact channels during the escalation process.
- Emergency contacts: Names, phone numbers, and email addresses of people you designate to be notified if you miss a check-in.
- Check-in schedule: Your preferred check-in frequency, time, and response window.
- Vault contents: Personal information you choose to store in your encrypted vault, such as medical details, legal documents, financial accounts, pet care instructions, and other sensitive data. You control what information to include.
Information Collected Automatically
- Device tokens: Push notification identifiers used to send check-in reminders to your device.
- Check-in history: Timestamps and status of your check-ins, used to determine whether escalation is needed.
- Device and platform information: Operating system type (iOS/Android) for delivering notifications correctly.
- Location data: When you perform a check-in, we collect your approximate location (latitude, longitude, city, and country) to provide location context in your check-in history. Location is collected only at the moment of check-in and only with your permission.
- Analytics data: We collect anonymous usage events (such as check-in completions, feature usage, and subscription events) to understand how the App is used and improve the service. On Android, we may collect install attribution data (campaign source, medium) to measure the effectiveness of our outreach.
Information That Never Leaves Your Device
- Biometric data: Face ID, Touch ID, and fingerprint data is processed entirely on your device by the operating system. We never receive, store, or transmit your biometric data.
- Passcode: Your 4-digit app passcode is stored securely on your device using platform-specific secure storage. It is never transmitted to our servers.
How We Use Your Information
We use your information solely to provide the Check In Circle service:
- Sending check-in reminders via push notifications at your scheduled times.
- Verifying check-ins to determine if you’ve responded within your configured window.
- Escalation: If you miss a check-in and don’t respond within your configured response window, we contact you via push notification, SMS, and email, then notify your designated emergency contacts.
- Vault timed release: If you miss a check-in and the escalation process completes without a response, vault sections you have configured for release are made accessible to the trusted contacts you have granted access to. This is the core safety purpose of the vault feature.
- Account management: Maintaining your profile, schedule, and contact preferences.
- Service improvement: Analyzing anonymous usage patterns to improve App reliability and features.
We do not use your information for advertising, marketing profiling, or selling data to third parties.
Vault Data and Encryption
Vault contents contain sensitive personal information that you choose to store. We protect this data with multiple layers of security:
- Field-level encryption: All personally identifiable information in your vault is encrypted using AES-256-GCM envelope encryption via Google Cloud Key Management Service (KMS) before it is stored in our database. This means individual fields (names, account numbers, medical details) are encrypted separately — not just the database as a whole.
- On-device encryption: Vault data cached on your device is stored in an encrypted SQLite database with a unique key held in your device’s secure storage.
- Timed release: Vault sections are only released to your designated trusted contacts after a missed check-in escalation completes. You control which contacts can access which sections, and you can revoke access at any time.
- Account deletion: When you delete your account, all vault data — including encrypted fields, attachments, and access grants — is permanently deleted from our servers.
Third-Party Services
We use the following third-party services to operate the App:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, database, cloud functions, push notifications, analytics, crash reporting | Phone number, email, name, device tokens, check-in data, anonymous usage events |
| RevenueCat | Subscription management and billing | Anonymous user ID, purchase history, platform |
| SendGrid (Twilio) | Email delivery for escalation and verification | Email addresses, message content |
| Twilio | SMS delivery for escalation and verification | Phone numbers, message content |
| Google Maps | Reverse geocoding of check-in location | Latitude and longitude coordinates |
| Apple / Google | Push notification delivery, in-app purchases | Device tokens, notification content, purchase transactions |
Each third-party service processes data according to their own privacy policies. We only share the minimum data necessary for each service to function.
SMS Communications
Check In Circle uses SMS to deliver safety-critical messages, including trusted contact verification requests, missed check-in alerts, check-in recovery notifications, vault access notifications, and vault viewer verification codes. Phone numbers provided by users and their designated contacts are used exclusively for these transactional notifications.
We will never share phone numbers with third parties, sell them, or use them for marketing purposes. You will never receive promotional or marketing messages from Check In Circle via SMS or any other channel. SMS is sent only when directly required by the safety functions you or the person who designated you have configured.
Message Frequency
- Primary users: SMS is used only as a fallback when push notifications cannot be delivered. Typical frequency is 0–1 messages per day.
- Trusted contacts: SMS is sent during contact verification (one-time), missed check-in escalation events, check-in recovery notifications, and vault access notifications. Frequency depends on the primary user’s check-in schedule and is typically very low.
Opt-Out
Any SMS recipient may reply STOP at any time to immediately opt out of all future SMS messages from Check In Circle. Reply HELP for support information. When a trusted contact opts out via STOP, the primary user is notified so they can designate an alternative contact.
Message and Data Rates
Standard message and data rates may apply depending on your mobile carrier and plan.
Data Retention
- Account data: Retained while your account is active. You can request deletion at any time.
- Check-in history: Retained for the duration of your account to provide history features and verify escalation accuracy.
- Vault data: Retained in encrypted form while your account is active. Permanently deleted when you delete your account.
- Location data: Stored as part of your check-in history for the duration of your account.
- Analytics data: Retained in aggregate, anonymous form. Not linked to your identity after collection.
- Verification codes: Automatically deleted after 10 minutes or upon successful verification, whichever comes first.
- Device tokens: Removed when you log out or unregister your device.
Data Security
We protect your data using:
- Encryption in transit: All data transmitted between the App and our servers uses TLS encryption.
- Encryption at rest: Data stored in our database is encrypted at rest using Google Cloud’s default encryption.
- Field-level encryption: Vault PII is additionally encrypted field-by-field using AES-256-GCM envelope encryption via Cloud KMS.
- On-device encryption: Local data is stored in an encrypted SQLite database with keys in platform secure storage.
- Authentication: All API requests require valid authentication tokens.
- Access controls: Firestore security rules ensure users can only access their own data.
- On-device security: Sensitive data like passcodes and biometric templates never leave your device.
Your Rights
You have the right to:
- Access your personal data stored in the App.
- Correct inaccurate information via your profile settings.
- Delete your account and all associated data from within the App or by contacting us.
- Export your check-in history data.
- Revoke vault access grants to trusted contacts at any time.
For California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information. We do not sell your personal information. To exercise your rights, contact us at the email below.
For European Residents (GDPR)
If you are located in the European Economic Area, you have additional rights including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing your data is your consent (provided at account creation) and the performance of our service contract with you.
Platform-Specific Privacy Details
Apple (iOS)
- We use Apple’s Push Notification service (APNs) to deliver check-in reminders and escalation alerts.
- Biometric authentication uses Apple’s LocalAuthentication framework. Biometric data (Face ID / Touch ID) is processed entirely by the Secure Enclave on your device and is never accessible to us.
- Subscription purchases and payment information are handled entirely by Apple. We do not receive or store your payment details.
- We do not use the Identifier for Advertisers (IDFA) or participate in cross-app tracking.
Google (Android)
- We use Firebase Cloud Messaging (FCM) to deliver check-in reminders and escalation alerts.
- On Android, we may collect install referrer data (campaign source, medium, and name) from the Google Play Store to understand how users discover the App. This data is stored locally and used for aggregate analytics only.
- Biometric authentication uses Android’s BiometricPrompt API. Biometric data is processed entirely by the device’s secure hardware and is never accessible to us.
- Subscription purchases and payment information are handled entirely by Google Play. We do not receive or store your payment details.
Web
- The web check-in feature allows users to complete a check-in via a one-time link sent by SMS or email during escalation. No additional data is collected beyond what is described in this policy.
- Web-based vault access for trusted contacts uses one-time verification codes. No cookies or tracking technologies are used on these pages.
Children’s Privacy
Check In Circle is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy in the App and updating the “Last updated” date.
Contact Us
If you have any questions about this Privacy Policy or your data, please contact us at:
Email: support@checkincircle.co