Privacy Policy

Scream4U.icu is a personal notification tool for alerting family and friends. It is NOT a substitute for professional emergency services.

In life-threatening emergencies, ALWAYS call your local emergency number (911, 112, etc.) directly before or instead of using this app.

Your Responsibility:

• Keep your address accurate and current
• Manually update your location when traveling or moving

📋 Quick Summary

Your privacy in 30 seconds:

• ✅ All personal data stays on your device - we cannot access it
• ✅ No tracking, no analytics, no data collection
• ✅ Optional GPS location - only accessed during emergencies if you enable it
• ✅ Works completely offline (internet only for payments)
• ✅ Payment via PayPal - we never see your credit card
• ✅ Only your email stored - for sending activation codes
• ✅ You control everything - update or delete anytime

Bottom line: We built this app to be as private as possible. Your emergency information stays on your device, period.

1. How Scream4U.icu Works

2. Information Stored on Your Device

When you set up Scream4U.icu, the app stores the following information locally on your device:

Address Flexibility

Important: You manually enter your home address, and you can update it anytime:

• When traveling → update to hotel/vacation address
• When moving → update to new home
• When visiting family → update to their address

Your Responsibility: Keep your address current and accurate so contacts can find you in an emergency.

Optional GPS Location Feature (v1.0.2+)

Starting with version 1.0.2, Scream4U.icu offers an optional GPS location feature:

How It Works:

• During setup, you can choose to grant location permission
• If enabled, the app accesses your device's GPS only when you send an emergency alert
• GPS coordinates are included in the emergency SMS message as a Google Maps link
• Contacts can tap the link to see your exact location

Important Details:

• Completely Optional: You can skip location permission during setup
• GPS NOT Guaranteed: Many devices require internet for GPS to work - coordinates may not be available offline
• No Tracking: Location is ONLY accessed when you press an emergency button
• Not Stored: GPS coordinates are never saved or logged by the app
• Device Dependent: GPS functionality varies by device hardware and settings
• Fallback: If GPS fails or is disabled, SMS still sends with your home address
• Control: Enable or disable anytime in Settings → Location Permission

What We Do NOT Do:

• ❌ Track your location in the background
• ❌ Store location history
• ❌ Share location with third parties
• ❌ Use location for any purpose other than emergency alerts

Critical Privacy Note:

GPS location is obtained directly on your phone at the moment you press an emergency button. The app retrieves your coordinates once, includes them in the SMS message, and then discards them immediately. Scream4U.icu never sees, tracks, or stores your GPS coordinates because we cannot access your phone's native SMS app. Everything happens locally on your device - your location data never reaches our servers or leaves your phone except through the SMS you send to your emergency contacts.

What We Do NOT Collect

We explicitly do NOT collect, access, or store:

• ❌ Device contacts (you manually enter them)
• ❌ SMS message content or delivery status
• ❌ Usage analytics or tracking data
• ❌ Crash reports or diagnostics
• ❌ Advertising identifiers
• ❌ Photos, videos, or other media
• ❌ Call logs, browsing history, or biometric data
• ❌ Credit card or payment information

3. How Emergency Alerts Work

Two-Tap Emergency Process:

1. First Tap: Press emergency button (Medical, Fire, Intruder, or Safety)
2. The app generates an SMS message containing:

- Emergency type

- Your name

- Your home address

- GPS coordinates (if location permission enabled)

- Current timestamp

1. Your device's native SMS app opens with pre-filled messages for your emergency contacts
2. Second Tap: You must manually tap "Send" in your SMS app
3. SMS is sent via your cellular carrier, not through our app or servers

Accidental Activation: If you tap an emergency button by mistake, simply close the SMS app or don't tap "Send" - no messages will be sent.

We do NOT:

• Send SMS messages automatically
• Store SMS content after generation
• Track whether messages were sent or delivered
• Access your SMS history
• Monitor or log your emergency alerts

4. Payment and Activation Code System

4.1 Payment Processing

Subscription payments are processed through PayPal (https://paypal.com). We use a simple activation code system that maximizes your privacy.

Payment Flow:

1. You initiate payment in the app
2. App opens PayPal.me link with dynamic pricing
3. You complete payment via PayPal ($9.99 or $19.99)
4. PayPal sends confirmation email to our Gmail account (`pay@scream4u.icu`)
5. Our automated system (Google Apps Script) processes payment
6. System generates unique 16-character activation code
7. Code is emailed to your PayPal email address
8. You enter code in the app to activate 365-day subscription

4.2 Information We Collect for Payments

4.3 Pricing Structure

• Founder Tier: $9.99 USD/year (first 1,000 subscribers only)
• Regular Tier: $19.99 USD/year (subscriber 1,001+)
• Dynamic Pricing: App fetches current price in real-time from our Google Apps Script API
• Currency: USD only (PayPal handles currency conversion)

4.4 Device Transfers

• You can transfer to a new device by entering the same activation code
• Old device is automatically deactivated when new device activates
• No email requests or manual processes needed
• Your subscription remains valid for 365 days from the date you first activated it
• Device ID is updated in Google Sheets when transfer occurs

4.5 What We Do NOT Store

• ❌ Credit card information (handled entirely by PayPal)
• ❌ Your name (not needed for activation system)
• ❌ Your address (stays on your device only)
• ❌ Your emergency contacts (stays on your device only)
• ❌ Any personal emergency information

Important: Your credit card information is entered directly into PayPal's secure payment form. We never see or store your payment details. PayPal is PCI-DSS compliant.

Payment Currency: Prices shown in USD ($9.99 or $19.99/year). PayPal may process in your local currency based on your location.

No Automatic Renewal: Subscriptions do NOT auto-renew. After 365 days, you manually purchase a new subscription and receive a NEW activation code if you wish to continue using premium features.

PayPal Privacy Policy: https://www.paypal.com/privacy

5. Email Communications

We send automated emails for subscription management. All emails are sent from `pay@scream4u.icu` via Gmail.

5.1 Activation Email (Sent Within 2-5 Minutes After Payment)

Subject: 🎉 Your Scream4U Activation Code

Content:

• Your 16-character activation code (SUBS-XXXX-XXXX-XXXX-XXXX)
• Instructions to enter code in app
• Warning about email address importance
• Notification about 30-day renewal reminder
• Instructions for updating email address
• Consequences of not maintaining valid email

Purpose: Deliver activation code and educate about email importance

5.2 Renewal Reminder Email (30 Days Before Expiry)

Subject: ⏰ Your Scream4U Subscription Expires in 30 Days

Content:

• Your subscription expiry date
• Tier-specific renewal price (Founders: $9.99, Regular: $19.99)
• Personalized PayPal.me link with correct price for your tier
• Your current activation code
• Warning for Founders to use personalized link to maintain $9.99 pricing

Purpose: Remind users to renew before expiry and preserve Founder tier pricing

Frequency: Once only, 30 days before expiry

Trigger: Daily automated check at 9 AM (Google Apps Script)

5.3 Email Change Verification Emails

Scenario A: User Has Access to Old Email (Dual Verification)

• Email to old address: Confirm email change request
• Email to new address: Verify new email ownership
• Both must be verified to complete change

Scenario B: User Lost Access to Old Email (Device ID Verification)

• Email to new address only: Verify new email ownership
• Device ID must match subscription record to proceed

Scenario C: Device ID Mismatch

• User directed to contact support@scream4u.icu for manual verification

Verification Link Expiry: 24 hours

5.4 Email Change Confirmation

Subject: ✅ Email Address Updated - Scream4U

Content:

• Confirmation of email change
• New email address on record
• Activation code (unchanged)
• Security notice

5.5 Rejection Emails

A. Invalid Payment Amount

• Sent when payment is not $9.99 or $19.99
• Explains correct pricing
• Refund processed automatically (3-5 business days)

B. Founders Tier Full

• Sent when $9.99 payment received but Founders tier full (1,000/1,000)
• Explains Founders limit reached
• Offers Regular tier at $19.99
• Refund processed automatically (3-5 business days)

5.6 Opting Out of Emails

You cannot opt out of transactional emails (activation codes, email change verifications) as they are essential to service functionality. However, you can:

• Update your email address to a different one
• Request account deletion (see Section 8.3)
• Let your subscription expire (stops renewal reminders)

6. Data Security

We implement multiple security measures to protect your information:

6.1 Technical Security Measures

• Device Encryption: All local data encrypted by iOS Keychain (iOS) or Android Keystore (Android)
• HTTPS Only: All network communications use encrypted HTTPS connections
• No Backend Servers: We don't operate servers that could store or compromise your personal data
• Minimal Data Collection: We only collect email address for activation code delivery
• No Third-Party Tracking: No analytics, advertising, or tracking services
• Payment Security: PayPal handles all payment processing with PCI-DSS compliance
• Google Account Security: Payment logs stored in private Google Sheets with restricted access (only accessible by authorized personnel: antonolivier12345@gmail.com)
• Activation Code Hashing: Codes are hashed using SHA-256 before storage on device
• Email Verification: Token-based verification for email changes with 24-hour expiry
• Rate Limiting: API endpoints rate-limited to prevent abuse

6.2 Google Apps Script Security

• Runs in our private Google account with restricted access
• Uses OAuth 2.0 for secure API authentication
• All scripts version-controlled and auditable
• No third-party access to scripts or data
• Automated processes run on secure Google infrastructure

6.3 Data Breach Notification

In the unlikely event of a data breach affecting email addresses or activation codes stored in Google Sheets:

• We will notify affected users as soon as reasonably possible, and within 72 hours as required by GDPR
• Notification will include: nature of breach, data affected, steps taken, and recommended actions
• We will also notify relevant data protection authorities as required by law (GDPR, CCPA, POPIA, etc.)

7. Data Sharing and Third Parties

7.1 We Do Not Share Your Personal Data

Because your personal information (name, address, contacts) is stored locally on your device, we cannot and do not:

• Share your data with third parties
• Sell your information
• Use your data for marketing or advertising
• Access your personal data for any purpose

7.2 Third-Party Services We Use

PayPal (Payment Processing):

• Processes: Payment information only
• Purpose: One-time subscription payments
• Data Shared: Payment amount, customer email
• Data Collected by PayPal: Payment card details, billing address, transaction history
• Compliance: GDPR, PCI-DSS, POPIA
• Privacy Policy: https://www.paypal.com/privacy
• User Control: Manage payment methods in PayPal account

Google Services (Automation Backend):

• Gmail: Receives PayPal payment notifications, sends activation codes
• Google Apps Script: Generates and sends activation codes, processes email changes
• Google Sheets: Stores email addresses, activation codes, payment logs, subscription tiers, failed email logs, and rejected payment records
• Purpose: Automated activation code delivery and subscription management
• Data Processor: Google LLC
• Compliance: GDPR, CCPA, POPIA
• Privacy Policy: https://policies.google.com/privacy
• Data Location: Stored in Google Sheets via our Google account; may be processed internationally per Google's data center locations

Expo (Development Framework):

• Service: React Native development framework
• Data Collected: None (analytics disabled)
• Purpose: App development and deployment
• Privacy Policy: https://expo.dev/privacy

expo-sms (SMS Functionality):

• Service: Opens device native SMS app via URL scheme
• Data Collected: None
• Privacy: Uses device's native SMS, no data transmitted through app
• Purpose: Send emergency SMS alerts

expo-device (Device Identification):

• Service: Device ID generation for subscription management
• Data Collected: Device ID (osInternalBuildId or modelId)
• Privacy: Stored locally and in Google Sheets
• Purpose: Prevent subscription sharing across multiple devices

Your Device's SMS App:

• Service: Native SMS application on your device
• Managed By: Your device manufacturer and cellular carrier
• Not Controlled By: Scream4U.icu
• Privacy Policy: Refer to your device manufacturer and carrier

App Stores (Apple App Store / Google Play Store):

• Service: App distribution only
• Data Collected: Per their respective policies
• Privacy Policies:
• Apple: https://www.apple.com/legal/privacy/
• Google: https://policies.google.com/privacy

7.3 Service Providers

We use the above third-party services as data processors. They process data on our behalf under contractual obligations to:

• Only process data as instructed
• Implement appropriate security measures
• Not use data for their own purposes (except as required by law)
• Comply with applicable data protection laws

7.4 Legal Disclosure

We may disclose information if required by law, court order, or government authority. Since we do not collect or store your personal data on our servers, we can only disclose:

• Email addresses and activation codes from Google Sheets (if legally compelled)
• PayPal payment records (handled by PayPal directly)
• General app functionality information

We will notify affected users of legal requests unless prohibited by law.

7.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, user data (email addresses and activation codes in Google Sheets) may be transferred to the acquiring entity. We will notify users via email before any such transfer and provide options to delete data if desired.

8. Your Rights and Control

8.1 Access and Modify Your Data

You have complete control over all information stored in the app:

8.2 Subscription Management

• View Status: Settings → Subscription Status shows expiry date
• No Auto-Renewal: Subscription expires after 365 days, no automatic charges
• Renew Manually: Purchase new activation code when current subscription expires
• Transfer Device: Enter same activation code on new device (old device auto-deactivated)
• Cancel: Simply let subscription expire - no action needed

8.3 Your Email Data

Access: Your email is stored in our Google Sheets database (linked to activation code and subscription)

Update: Use in-app feature (Settings → Update Email Address) with verification process, or email support@scream4u.icu

Delete: Email support@scream4u.icu with subject "Delete My Data" to remove your email address and activation code from Google Sheets. We will respond within 30 days and delete your data unless legally required to retain (e.g., for accounting, fraud prevention, or legal compliance).

Export: Email support@scream4u.icu with subject "Data Export Request" to receive a copy of your stored data (email address, activation code, payment date, expiry date, device ID, subscription tier).

8.4 Data Deletion

Local Data (Device): Deleted immediately when you uninstall the app or tap the Home button in Settings.

Google Sheets Data (Email & Activation): Retained for 5 years for accounting, fraud prevention, and legal compliance. To request earlier deletion, email support@scream4u.icu with "Delete My Data." We will respond within 30 days and manually delete your data unless legally required to retain.

Exceptions to Deletion: We may retain data longer if:

• Required by law (e.g., tax records, anti-fraud regulations)
• Necessary to resolve disputes or enforce agreements
• Required for legal claims or investigations

9. Data Retention

Data Type	Retention Period	Purpose
Personal data (name, address, contacts)	Until you delete it or uninstall the app	Local functionality
Email address	5 years from payment date	Accounting, fraud prevention, renewal reminders
Activation code	5 years from payment date	Subscription validation, accounting
Payment logs	5 years from payment date	Legal and accounting requirements
Device ID	5 years from payment date	Prevent subscription sharing
Subscription tier	5 years from payment date	Renewal pricing accuracy
Email change logs	5 years from request date	Security audit trail
Failed email logs	5 years from attempt date	Delivery audit trail, dispute resolution
Rejected payment logs	5 years from rejection date	Fraud prevention, refund tracking
Device backups	Per your device backup settings	Managed by iOS iCloud or Android Google Drive

After Retention Period: Data will be manually deleted from Google Sheets and cannot be recovered.

10. International Users and Data Transfers

10.1 Local Data (No Transfers)

Since all personal data (name, address, contacts) is stored locally on your device, there are no international data transfers of this personal information.

10.2 Google Sheets Data

Email addresses and activation codes stored in Google Sheets may be processed internationally in accordance with Google's data center locations and privacy policy. Google complies with:

• GDPR (for EU users)
• EU-U.S. Data Privacy Framework
• Swiss-U.S. Data Privacy Framework
• Standard Contractual Clauses for international transfers

10.3 PayPal Data

PayPal may process payment data internationally in accordance with their privacy policy and applicable data protection frameworks.

10.4 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, our legal basis for processing includes:

• Consent: You provide explicit consent when entering information during setup and payment
• Contract: Processing necessary to provide subscription services you requested
• Legitimate Interest: Preventing subscription fraud through activation code and device ID system

11. Legal Compliance

11.1 GDPR (European Union, UK, Switzerland)

For users in the EEA, UK, and Switzerland, you have the following rights under GDPR:

Data Controller: Anton Olivier (Scream4U.icu), support@scream4u.icu

Data Processor: Google LLC (for Google Sheets data), PayPal Holdings, Inc. (for payment data)

EU Representative: Not applicable (we are a small business under GDPR Article 27 exemption)

To exercise GDPR rights, email support@scream4u.icu with subject "GDPR Request" and specify your request. We will respond within 30 days.

11.2 CCPA (California)

California residents have the right to:

Categories of Personal Information Collected:

• Identifiers (email address, device ID)
• Commercial information (payment amount, subscription tier)
• Internet/network activity (activation date, device transfers)

Business Purpose: Provide subscription-based emergency alert service

Third Parties with Access: PayPal (payment processing), Google (data storage and automation)

To exercise CCPA rights, email support@scream4u.icu with "CCPA Request" in the subject line. We will respond within 45 days.

11.3 South African POPIA (Protection of Personal Information Act)

For South African users, we comply with POPIA by:

• Processing data lawfully and minimizing collection
• Ensuring data quality and accuracy
• Implementing security safeguards
• Providing transparency about data use
• Respecting your rights to access, correct, and delete data

Information Officer: Anton Olivier, support@scream4u.icu

To exercise POPIA rights, email support@scream4u.icu with "POPIA Request."

11.4 Children's Privacy

Scream4U.icu is not intended for children under 13 years. The app requires:

• Understanding of emergency situations
• Ability to enter accurate information
• Judgment to use emergency features appropriately
• Understanding of when to call official emergency services

We do not knowingly collect information from children under 13. If you believe a child under 13 has provided information, contact us immediately at support@scream4u.icu and we will:

• Delete all data associated with the subscription within 24 hours
• Remove email address and activation code from Google Sheets
• Refund any payment made

Parental Consent: For users aged 13-17, parental consent is recommended. Parents/guardians are responsible for minors' use of the app.

12. App Permissions

12.1 Android Permissions

SEND_SMS (Implicit via expo-sms):

• Purpose: Open device native SMS app with pre-filled emergency message
• Data Access: None - app does not send SMS directly or read SMS
• User Control: You must manually tap "Send" in native SMS app
• Can Be Denied: No (required for core functionality)

INTERNET (Implicit):

• Purpose: PayPal payment processing, Google Apps Script API calls, dynamic pricing fetch
• Data Access: Network access for payment and subscription management only
• User Control: Cannot be denied (required for subscription)
• When Used: Only during subscription purchase, email changes, and pricing fetch

12.2 iOS Permissions

No Special Permissions Required:

• iOS does not require permission to open native SMS app via `sms://` URL scheme
• No location, contacts, or other sensitive permissions requested

12.3 Permissions NOT Required

We do NOT request or use:

• ❌ READ_SMS or RECEIVE_SMS
• ❌ READ_CONTACTS or WRITE_CONTACTS
• ❌ ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION
• ❌ CAMERA
• ❌ MICROPHONE
• ❌ READ_EXTERNAL_STORAGE or WRITE_EXTERNAL_STORAGE
• ❌ READ_PHONE_STATE
• ❌ CALL_PHONE
• ❌ Any biometric permissions

13. Cookies and Tracking

We Do NOT Use:

• ❌ Cookies
• ❌ Web beacons
• ❌ Analytics services (Google Analytics, Firebase, etc.)
• ❌ Advertising trackers
• ❌ Social media pixels
• ❌ Crash reporting services
• ❌ A/B testing tools
• ❌ Session recording

Third-Party Cookies:

• PayPal may use cookies during payment process (managed by PayPal)
• Google may use cookies during email change verification links (managed by Google)

Your Control: Manage cookies through your browser settings when using PayPal or clicking email verification links.

13. Cookies and Tracking

We Do NOT Use:

• ❌ Cookies
• ❌ Web beacons
• ❌ Analytics services (Google Analytics, Firebase, etc.)
• ❌ Advertising trackers
• ❌ Social media pixels
• ❌ Crash reporting services
• ❌ A/B testing tools
• ❌ Session recording

Third-Party Cookies:

• PayPal may use cookies during payment process (managed by PayPal)
• Google may use cookies during email change verification links (managed by Google)

Your Control: Manage cookies through your browser settings when using PayPal or clicking email verification links.

14. Changes to This Privacy Policy

14.1 How We Notify You

We may update this policy from time to time. Changes will be communicated by:

• Posting the updated policy at https://scream4u.icu/privacy
• Updating the "Last Updated" date at the top of this document
• In-app notification for material changes
• Email notification for significant changes affecting your rights

14.2 Your Acceptance

Continued use of the app after changes constitutes acceptance of the updated policy. If you disagree with changes:

• Stop using the app
• Cancel your subscription
• Request data deletion

14.3 Version History

We maintain a version history of this Privacy Policy. Previous versions available upon request at support@scream4u.icu.

© 2025 Scream4U.icu. All rights reserved.

Last Reviewed: December 24, 2025

Next Scheduled Review: June 24, 2026