Legal — Document 01
Privacy Policy
Last updated: July 8, 2026
This Privacy Policy describes how FAILSAFE (“FAILSAFE,” “we,” “us,” or “our”) collects, uses, and protects information when you use the FAILSAFE iOS application, the website getfailsafe.app, and related services (together, the “Service”). FAILSAFE is a wake-assurance alarm system. Because parts of the Service place real phone calls and send real text messages, we take the handling of your phone number seriously and explain it here in plain language.
1. Information we collect
We collect only what the escalation ladder needs to reach you. Specifically:
- Account phone number. The mobile number you register and verify in the app. This is the number the cloud watchdog calls and texts at Layer 4.
- Alarm schedules and labels. The times, wake windows, escalation settings, and any labels you give your alarms, so the server watchdog knows when to watch.
- Device push token. An Apple-issued token that lets our servers deliver notifications to your device. It does not identify you personally outside our system.
- Trusted-contact phone number. If you enable Layer 5, the phone number of the contact you designate. See Section 5 — this number is only ever used after your contact has separately opted in.
- Minimal usage and diagnostic data. Escalation outcomes (e.g., which layer an alarm reached, whether wake was confirmed), crash reports, and basic device information (model, OS version) used to keep the Service reliable.
We do not collect your contacts list, location, health data, advertising identifiers, or browsing history. We do not run third-party advertising or analytics SDKs.
2. How we use information
- To operate the escalation ladder: schedule alarms, monitor armed alarms server-side, and deliver calls, SMS, and push notifications when a layer fires.
- To verify that you control the phone numbers you register (one-time passcodes).
- To prevent abuse, enforce fair-use caps on escalation firings, and secure the Service.
- To provide customer support when you contact us.
- To improve reliability using aggregate, de-identified diagnostics.
We do not use your information for advertising, and we do not sell it to anyone. Ever.
3. On-device vs. server processing
FAILSAFE is designed to keep as much as possible on your device. Layers 0 through 3 (smart wake window, sound, silent-mode pierce, and proof-of-wake) run entirely on your iPhone. The server-side watchdog stores only what it needs to execute Layers 4 and 5: your verified phone number, your trusted contact’s verified number (if enabled), alarm timing, and escalation state. Alarm audio, wake tasks, and your interaction with them stay on the device.
4. Mobile Messaging (SMS) Program
This section governs FAILSAFE’s text-messaging program and applies to every SMS we send.
4.1 What the program is
FAILSAFE sends two categories of text messages: (a) account and verification texts, such as one-time passcodes used to confirm you control a phone number; and (b) time-sensitive wake-escalation alerts sent to the phone number you register when your alarm ladder reaches its cloud-escalation layer. In addition, if you enable the trusted-contact layer, FAILSAFE may send a safety alert to a contact you designate — but only after that contact has separately opted in as described below. FAILSAFE does not send marketing or promotional text messages.
4.2 How consent is obtained
Your number: you provide your own mobile number inside the app and verify it by entering a one-time passcode we text to that number. Completing verification constitutes your opt-in to receive the account and escalation messages described above.
Your trusted contact’s number: designating a trusted contact does not, by itself, cause them to receive alerts. We first send the contact a single confirmation message containing a link describing the program; the contact must actively accept via that link (double opt-in) before they can receive any safety alert. If they do not accept, or later opt out, they receive nothing further and Layer 5 remains disabled for that contact.
We do NOT share or sell your mobile opt-in information, phone number, or consent to any third parties or affiliates for their own marketing purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.
4.3 Message frequency and rates
Message frequency varies based on how you configure your alarms and how often escalation fires. Message and data rates may apply according to your mobile carrier plan.
4.4 Opting out
You can cancel the SMS program at any time by replying STOP (or STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT) to any FAILSAFE message. After you send STOP, we will send one final message confirming that you have been unsubscribed, and no further messages will be sent to that number unless you re-enroll. Trusted contacts may opt out the same way at any time.
Please note: because FAILSAFE’s texts are part of a safety escalation, opting out of SMS may degrade the escalation ladder for your account to voice-call-only at the cloud layer. The app will clearly show this degraded state.
4.5 Getting help
Reply HELP to any FAILSAFE message for assistance, or contact us at help@getfailsafe.app.
4.6 Carrier disclaimer
Carriers are not liable for delayed or undelivered messages.
4.7 Program terms
Use of the messaging program is also governed by our Terms of Service.
5. Trusted contacts
The trusted-contact layer exists to alert a real person only as a last resort. We treat their data with the same care as yours:
- We store only the contact’s phone number and their opt-in status.
- They receive exactly one confirmation request when you designate them, and nothing else until (a) they have accepted and (b) your ladder actually reaches Layer 5.
- They can revoke consent at any time by replying STOP or via the confirmation link.
- If you remove them, or they opt out, their number is deleted from our systems within 30 days.
6. Third-party processors
We use a small number of service providers to operate FAILSAFE. Each processes data only on our instructions and only to provide the Service:
- Telnyx — telephony provider that carries our SMS messages and voice calls. Telnyx receives the destination phone number and message content necessary to deliver each escalation.
- Cloudflare — hosting, networking, and backend infrastructure for our website and the server-side watchdog.
- Apple — push-notification delivery (APNs) and App Store distribution, subscriptions, and billing. We never see your payment details.
Consistent with Section 4, none of these providers may use your phone number or opt-in data for their own marketing purposes.
7. Data retention
- Account data (phone number, alarm schedules, device token) is retained while your account is active.
- Escalation logs (which layers fired and when) are retained for 12 months for support and abuse prevention, then deleted or de-identified.
- One-time passcodes are deleted immediately after use or expiry.
- If you delete your account, personal data is deleted from production systems within 30 days and from encrypted backups within 90 days.
8. Security
All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, logged, and protected by multi-factor authentication. Phone numbers are stored in a segregated datastore with access limited to the escalation service. No system is perfectly secure, but a product whose job is reliability is built by people who take failure modes seriously — including security failure modes. If we become aware of a breach affecting your personal data, we will notify you as required by applicable law.
9. Children’s privacy
FAILSAFE is not directed to children and is not intended for anyone under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly. If you believe a child under 13 has provided us personal information, contact help@getfailsafe.app.
10. Your rights
You may, at any time:
- Access a copy of the personal data we hold about you;
- Correct inaccurate data (your phone number can be re-verified in the app);
- Delete your account and associated data, either in-app or by emailing us;
- Withdraw consent to messaging as described in Section 4.4.
To exercise any of these rights, email help@getfailsafe.app from a means of contact associated with your account. We respond within 30 days. Depending on where you live, you may have additional rights under laws such as the GDPR or the California Consumer Privacy Act; we honor those rights regardless of where you live.
11. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by SMS/email before the changes take effect and update the “Last updated” date above. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact us
FAILSAFE — Privacy
Email: help@getfailsafe.app
Web: getfailsafe.app
SMS: reply HELP to any FAILSAFE message
By using FAILSAFE, you acknowledge that you have read and understood this Privacy Policy. Continued use of the Service constitutes acceptance of it.