Privacy Policy

Our Commitment to Privacy

SafeTea is a personal safety utility. We collect only what's necessary to provide our safety features, we encrypt what we store, and we never sell your data. This Policy explains what we collect, how we use it, who processes it, how long we keep it, and the rights you have — including under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (together, "CCPA").

Data Controller: SafeTea, Inc. ("SafeTea", "we", "us"). Contact us anytime at support@getsafetea.app.

Information We Collect

Account Information

• Email address — for login, password reset, and safety-critical notifications (Name Watch alerts, check-in reminders)
• Password — never stored in plain text; hashed with bcrypt
• Display name — a pseudonym you choose; not required to be your real name
• City and state — to connect you with your local community and route area alerts
• Phone number (optional, required for some safety features) — for SMS two-factor authentication, SafeTea Check-In notifications, and SOS alerts
• Date of birth — to confirm you are 18 or older

Identity Verification Data

• Selfie and liveness gesture photos — used by our AI to confirm a live human is present. Analyzed and discarded after the verification attempt; not retained as image files.
• Government ID data via Didit — when you opt into enhanced verification, Didit (our regulated identity-verification processor) collects a scan of your government-issued ID and a selfie. Didit, not SafeTea, processes and stores this biometric and document data. SafeTea receives only a pass/fail result, a redacted record, and a session ID.
• Connected social accounts (optional) — if you choose to link a social profile to boost your Trust Score, we store the public URL and an AI-derived legitimacy score. We do not store your social credentials.
• Illinois residents: Biometric processing for identity verification is performed by Didit under Didit's own Biometric Information Privacy Act (BIPA) disclosure, which you will be shown prior to the verification step.

Content You Create

• Community posts, replies, reports, and comments
• Name Watch entries (stored privately to your account; not visible to other users)
• SafeTea Check-In ("SafeWalk") meeting details and trusted-contact phone numbers (shared only with the contacts you choose)
• Conversation Scanner text you submit (analyzed by AI, summary retained for up to 90 days, raw text not retained after analysis)
• Photos you upload (verification photos discarded after analysis; community photos stored and watermarked)
• SOS / Record & Protect recordings and GPS track (audio chunks, location samples, and transcripts captured during an active SOS session)

Usage Data (Automatically Collected)

• Device identifier — a randomly generated device ID used to bind a session to a device and detect abusive re-registration
• IP address — for rate limiting, abuse prevention, and security logging
• Device model, operating system, app version, and browser — for compatibility and crash diagnostics
• Search history within SafeTea — queries you run against Conversation Scanner, Name Watch, scam database, and background check. Stored against your account to populate recent-search UI and power product improvements.
• Approximate location — only when you enable "Use My Location" for area alerts, SafeWalk, or SOS. Precise GPS is collected only during an active SafeTea Check-In or SOS session.
• Purchase metadata — Stripe customer and subscription IDs; Apple and Google in-app-purchase receipts. We never see or store your full payment card number.

Name Watch & Third-Party Data

Name Watch is a private alert system: you add names or initials of people you intend to meet, and SafeTea notifies you if anyone in the community posts content matching those names. Because this feature inherently involves querying against data about people other than you, we apply additional limits:

• Queries are private to you. Entries in your Name Watch list are visible only to you. Other users cannot see whom you are watching.
• We do not purchase or scrape third-party dossiers. Name Watch matches against community posts submitted inside SafeTea, not external social media, public records, or data brokers.
• Non-matching third-party data is not retained. When you run a Name Watch scan, the query strings are matched against existing posts and the result set is returned. We do not build a permanent profile of the third party from the query, and non-matching names generate no new record about the third party.
• Matches are logged. When a new community post matches one of your watched names, we store the match (post ID, match type, timestamp) so we can notify you and show you the alert history.
• Conversation Scanner and Background Check follow the same rule: third-party content you submit for analysis is processed by our AI providers, a summary result is returned to you, and the raw content is not retained beyond operational timeouts (see Retention below).

How We Use Your Information

• To provide safety features (Name Watch, SafeTea Check-In, Conversation Scanner, Background Check, Photo Verification, SOS / Record & Protect)
• To send you safety-critical notifications (Name Watch matches, check-in reminders, SOS escalations to trusted contacts)
• To verify your identity and age, and to calculate your Trust Score
• To moderate user-generated content and enforce Community Guidelines
• To process payments and manage subscriptions
• To detect, prevent, and investigate fraud, abuse, harassment, and security incidents
• To comply with legal obligations and respond to lawful requests

AI Moderation Disclosure

SafeTea uses automated systems, including large-language-model AI, to help identify potentially harmful or policy-violating content (profanity, doxxing, threats, NCII, off-platform solicitation). AI moderation is advisory in nature only — automated systems do not create, modify, or contribute to user content. Flagged content may be reviewed by our team. Use of AI moderation does not constitute editorial control over user content under Section 230 of the Communications Decency Act.

Third-Party Processors (Sub-Processors)

We share data only with the service providers needed to operate SafeTea. Each processor is bound by a data processing agreement that restricts them to processing on our instructions.

• Vercel (US) — web hosting, serverless API functions, edge caching
• Railway (US) — Node.js application server, cron worker, scheduled jobs
• Neon / Vercel Postgres (US) — primary encrypted database
• Stripe (US, global) — payment processing for subscriptions and one-time purchases. Card data is tokenized by Stripe; we never see or store your full card number.
• Apple (In-App Purchase, iOS push notifications) and Google (Play Billing, Android push, Play Integrity) — mobile purchase processing and device-level notifications
• Twilio (US) — SMS for two-factor authentication, SafeTea Check-In reminders, SOS notifications to trusted contacts
• SendGrid (US) — transactional email (welcome, password reset, Name Watch alerts)
• Didit (EU) — regulated identity and age verification. Didit processes government-ID scans and biometric data as an independent controller under its own privacy policy; SafeTea receives only the verification result and session reference.
• Anthropic (US) — Claude language model for Conversation Scanner, Background Check analysis, AI moderation, and SOS fake-call script generation. Inputs are processed under Anthropic's zero-retention API terms and are not used to train Anthropic's models.
• ElevenLabs (US) — synthesized voice generation for the SOS fake-call feature. Only generated audio is returned; voice samples submitted for preview are ephemeral.

We publish a canonical list of current sub-processors; material changes will be notified by email or in-app notice at least 14 days before they take effect.

How We Store and Protect Your Data

• In transit — all traffic is encrypted with TLS 1.2+ (HTTPS). The mobile app enforces HTTPS-only connections.
• At rest — databases and object storage are encrypted using AES-256 managed by our hosting providers (Neon, Vercel, Railway).
• Passwords — hashed with bcrypt. We cannot recover a password; we can only reset it.
• Biometrics — processed by Didit under their BIPA-compliant flow; SafeTea does not retain biometric images.
• SOS recordings — uploaded in encrypted chunks during an active session and retained for 90 days so you and your trusted contacts can review or download the incident evidence.
• Watermarking — community photos are tagged with a steganographic watermark identifying the viewer's user ID to deter unauthorized redistribution.
• Access controls — only a small number of authorized employees can access production data, and only under least-privilege and audit logging.
• Rate limiting and abuse prevention — API endpoints are rate-limited to protect against credential stuffing and scraping.

Data Retention

• Account data — retained for the life of your account. On account deletion, data is removed from production within 30 days and from backups within 90 days.
• Community posts, comments, reports — retained until removed by you or a moderator; moderation records retained 2 years for appeals.
• Name Watch entries and match history — retained until you remove them or delete your account.
• Conversation Scanner results — summary retained up to 90 days; raw submitted text is not retained after analysis.
• Background Check queries — result summary retained up to 90 days; underlying third-party query data not retained.
• Photo Verification / Catfish Scanner images — analyzed and discarded immediately after the decision is returned.
• SOS / Record & Protect sessions — audio chunks, location pings, and transcripts retained 90 days so you can download evidence, then purged.
• Identity verification records — verification pass/fail and session ID retained up to 7 years for fraud prevention and legal compliance. Raw biometric images are not stored by SafeTea.
• Security, access, and request logs — retained up to 30 days except where needed for an active investigation.
• Payment records — retained as required by applicable tax and financial-records law (typically 7 years).

Legal Bases for Processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)) — to create your account and deliver the safety features you sign up for.
• Consent (Art. 6(1)(a)) — for optional phone collection, marketing email, precise location, social-account linking, and identity verification. You can withdraw consent at any time.
• Legitimate interests (Art. 6(1)(f)) — to secure our service, prevent fraud and abuse, moderate harmful content, and develop product improvements. Our interests are balanced against your rights; you may object at any time.
• Legal obligation (Art. 6(1)(c)) — to respond to lawful government requests, tax records, and mandated reporting (including NCII under the TAKE IT DOWN Act).
• Protection of vital interests (Art. 6(1)(d)) — during an active SOS session when we reasonably believe you or another person is at risk of serious harm.

Special categories of data (biometric, precise location, audio of individuals) are processed only with your explicit consent (Art. 9(2)(a)) or to protect vital interests (Art. 9(2)(c)).

Your Rights

Regardless of where you live, you can exercise the following rights by emailing support@getsafetea.app or by using the in-app controls in Settings:

• Access — request a copy of the personal data we hold about you.
• Portability / Export — receive your data in a machine-readable format.
• Correction — update your profile directly in Settings or ask us to fix inaccurate data.
• Deletion — delete your account and associated data (Settings → Delete Account), subject to limited exceptions for legal, fraud, and safety obligations.
• Restriction / Objection — ask us to restrict or stop processing in defined circumstances.
• Withdraw consent — at any time, without affecting processing that already occurred.
• Lodge a complaint — EU/UK users may complain to their supervisory authority.

California Residents (CCPA/CPRA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete, the right to correct, and the right to limit the use of sensitive personal information. We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined by the CCPA. No opt-out is necessary because no sale or cross-context sharing occurs. To exercise any CCPA right, email support@getsafetea.app; we will not discriminate against you for exercising your rights.

Authorized Agents

You may use an authorized agent to submit a request on your behalf; we will verify the agent's authority before acting.

International Transfers

Most SafeTea processors are based in the United States. If you access SafeTea from outside the US, your data will be transferred to and processed in the US and other jurisdictions where our processors operate. Where required by law, we rely on Standard Contractual Clauses (EU/UK) or equivalent safeguards to protect transferred data.

Age Requirements

SafeTea is for users 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe a minor is using SafeTea, contact support@getsafetea.app and we will investigate and remove the account.

Changes to This Policy

We may update this Policy from time to time. When we do, we will change the "Last updated" date above. For material changes, we will notify you by email or in-app notice at least 14 days before the new Policy takes effect. Continued use of SafeTea after changes take effect constitutes acceptance.

Contact Us

For any privacy question, data request, or complaint:

• Email: support@getsafetea.app (Subject line: "Privacy Request")
• General inquiries: info@getsafetea.app

We aim to respond to all verifiable privacy requests within 30 days (or 45 days for CCPA requests, with a 45-day extension where permitted).