Effective date: April 20, 2026 · StillHere / api.stillhereworld.net
01 What we collect
We collect the minimum data required to deliver the safety features you enable. Here is what we store and why:
👤
Account information
Display name, username, email address (if provided), and an optional profile photo. Email is provided via Apple Sign In or Google OAuth; XRPM wallet sign-in does not require an email address.
📱
Device push tokens
An APNs (iOS) or FCM (Android) token associated with your device, used exclusively to deliver push notifications to you. Tokens are removed automatically when they become invalid.
👥
Trusted contacts
Names, email addresses, phone numbers, or wallet addresses you add as trusted contacts, and the relationship label you assign. This information is used only to deliver your safety alerts.
⏱
Check-in & timer activity
Timestamps of your check-ins, your configured timer and grace period durations, and Guardian Mode status transitions (active, warning, grace, triggered). This is the core data powering your safety timer.
📁
Messages, files, and locations (Guardian Mode)
Content you choose to attach to your Guardian Mode delivery plan. Files are encrypted at rest and served via expiring download links. Locations are stored as coordinates and optional labels that you provide.
📥
Inbox and delivery logs
Records of notifications sent to your contacts and confirmations sent to you, including delivery status. Logs are used for retry logic and to help you verify that alerts reached their intended recipients.
We do not collect advertising identifiers, sell your data, or build behavioural profiles.
02 How we use your data
All data is used solely to operate StillHere for you:
🔔
Safety alerts and check-in reminders
Sending you warning and grace-period push notifications before your timer expires, and notifying you when contacts respond to check-in requests.
📨
Guardian Mode delivery
Delivering your pre-configured messages, files, and locations to your trusted contacts when your timer triggers. Delivery channels include push notification, email, and SMS, depending on your contacts' configuration.
🔐
Authentication and security
Verifying your identity through your chosen sign-in provider, maintaining your session, and protecting your account against unauthorised access.
📞
Mutual-trust calls
Signalling voice and video call requests between you and contacts who have mutually added each other to their Trusted Circle. No call audio or video is recorded or stored by StillHere.
03 Guardian Mode & trusted contacts
Guardian Mode is the core feature of StillHere. When you activate it, your device sends a heartbeat to our servers at the interval you configure. If you do not check in within your timer and grace period, the system automatically delivers your plan to each trusted contact using the channels they have available.
Your trusted contacts only receive information that you explicitly added to your delivery plan: the messages, files, and locations you chose. They do not have access to your account, your check-in history, or any other personal data.
When a contact is added to your Trusted Circle, they receive a push notification informing them that they may receive safety alerts from you. They can mute alerts at any time.
Check-in requests: You can send a manual check-in request to a contact who has mutually added you. The contact is notified by push; their response is delivered back to you as a push notification. Neither side sees the other's check-in history or guardian configuration.
04 Push notifications & avatars
Push notifications are delivered to your device using Apple Push Notification service (APNs) for iOS and Firebase Cloud Messaging (FCM) for Android. We pass your device token and the notification payload to these providers to complete delivery.
If you set a profile photo, its URL is included in push notification payloads sent to your trusted contacts and to devices that interact with you (for example, check-in request pushes include the requester's avatar). On iOS, a Notification Service Extension running locally on the recipient's device downloads the avatar image to display it as a notification thumbnail — the image is not sent to a third party for this purpose.
You can remove your profile photo at any time from the Settings screen. After removal, subsequent notifications will no longer include your avatar.
05 Camera, photo library & location
📷
Camera & photo library
Accessed only when you choose to set or change your profile photo, or during a video call. Photos are cropped and resized on-device before upload. We do not scan, index, or retain any photos beyond the one you explicitly choose as your avatar.
📍
Location
Location is accessed only when you explicitly choose to attach a Guardian Location to your delivery plan, or when you respond to a check-in request and opt to share your location. We do not track your location passively or in the background outside of these explicit actions.
🎙
Microphone
Accessed only during an active voice or video call with a mutually-trusted contact. Audio is transmitted peer-to-peer via the call session and is not recorded or stored.
06 Sign-in providers
StillHere supports three sign-in options:
🍎
Sign in with Apple
We receive your Apple-provided user identifier and, if you choose to share it, your name and email. Apple allows you to hide your email via a relay address; we store whichever address Apple provides. We never receive your Apple ID password.
🌐
Sign in with Google
We receive your Google-provided user identifier, your name, email, and profile picture URL. We never receive your Google account password.
🔗
XRPM wallet sign-in
Authentication via your XRPM wallet address. We read your wallet's XRPM token balance to verify eligibility for Guardian Mode. We do not access private keys, transaction history, or any other wallet data.
07 Third-party services
We use the following third-party services to operate StillHere. Each receives only the minimum data necessary for its function.
Service
Purpose
Privacy policy
Apple Push Notification service (APNs)
iOS push notification delivery. Receives your device token and notification payload.
We do not use analytics platforms, advertising networks, or session-recording tools.
08 Data retention & deletion
Account data is retained for as long as your account is active. You can request full account deletion at any time (see Section 9). Upon deletion, your profile, contacts, messages, files, locations, check-in history, device tokens, and delivery logs are permanently removed from our systems within 30 days.
Delivery logs are retained for up to 48 hours for push-retry purposes and then are no longer used for operational processing. Full deletion accompanies account deletion.
Files attached to your Guardian Mode plan are stored until you delete them or delete your account. Download links issued after a Guardian Mode trigger expire after 30 days (configurable by you).
Device tokens are automatically removed when APNs or FCM reports them as invalid, when you sign out, or when your account is deleted.
Trusted contact data held about you (i.e., you as someone else's contact) is removed when they remove you from their Trusted Circle or delete their account.
09 Your rights
Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you. You can exercise these rights directly in the app (Settings → Account) or by contacting us at the address in Section 12.
Specifically, you can:
✏️
Update or correct your information
Change your display name, username, email, or profile photo at any time from the Settings screen.
🗑
Delete your account
Permanently delete your account and all associated data from Settings → Account → Delete Account. Deletion is irreversible.
📤
Export your data
To request a copy of the personal data we hold about you, email us at the address in Section 12. We will respond within 30 days.
🔕
Revoke permissions
Camera, photo library, microphone, and location permissions can be revoked at any time via your device's system settings. Revoking a permission disables the related feature but does not affect other app functionality.
10 Children
StillHere is a safety app available to users of all ages. We believe everyone deserves access to personal safety tools, regardless of age.
For users under the age of 13, we require that a parent or legal guardian creates and manages the account on their behalf, provides any personal information, and consents to the use of the app. If you believe a child's account was created without appropriate parental consent, please contact us and we will address it promptly.
11 Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify you via a push notification or in-app message before the change takes effect. Continued use of StillHere after the effective date constitutes acceptance of the updated policy.
12 Contact us
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us: