Privacy Policy

1. Information We Collect

Account Information (Required)

When you create an account, we collect only the essentials:

• • Email address - for login, account recovery, and email alerts (if you choose email notification method)
• • Password (encrypted with bcrypt) - we never store plain text passwords (not required for Apple/Google sign-in)
• • Phone number (optional) - required only if you choose SMS alerts or need SMS-based trial verification. Stored for the duration of your subscription for alert delivery and yearly renewal verification.
• • Subscription plan type - to determine your feature access and billing
• • Device identifiers - when signing in via iOS App Store or Google Play, we receive a unique identifier from Apple/Google to authenticate your account and manage subscriptions. We do not receive your Apple ID or Google account password.

App Store Sign-In: When you sign up through the iOS App Store (Sign in with Apple) or Google Play (Sign in with Google), we receive: your email address (or Apple's private relay email), unique user identifier, and subscription status. We do not receive your full name, contacts, or any other device data unless you explicitly grant permission.

Alert Notification Preferences (You Choose)

You control how you receive disaster alerts. Alerts are proximity-based on the geographic areas (maps) you've downloaded - we don't monitor or track your location. We store only what's necessary for your chosen notification methods:

• • In-App Notifications - delivered through the mobile app (requires device push token)
• • Email Alerts - sent to your registered email address (if you enable email notifications)
• • SMS Alerts - sent to your phone number (only if you provide a phone number AND enable SMS notifications)
• • Alert frequency preferences - immediate, daily digest, or weekly summary
• • Severity filters - which disaster types and severity levels trigger alerts

Privacy advantage: Alerts are triggered based on disasters occurring in your downloaded map regions, not by tracking where you are. If a wildfire starts in "Los Angeles" and you have that map downloaded, you get an alert - regardless of whether you're currently in LA, at work, or on vacation.

Your choice: You can choose any combination: app-only, email-only, SMS-only, or all three. Change your preferences anytime in account settings.

Map Download Areas & Emergency Routing

We store only the geographic areas (maps) you choose to download. These downloaded map regions determine which disaster alerts you receive (proximity-based, not location-based). Key privacy features:

• • Downloaded map regions - general area coordinates (e.g., "San Francisco Bay Area")
• • Alerts for downloaded areas - you receive disaster alerts for any map region you've downloaded, regardless of where you physically are
• • On-device routing - emergency route calculation happens entirely on your device, not on our servers (unlike Google Maps or Waze)
• • No GPS tracking - we never receive or store your real-time location or movements
• • No location history - we don't know where you've been, where you are now, or where you're going
• • No travel patterns - we don't build profiles of your commute, frequently visited places, or travel habits

Example: If you download a map of "Los Angeles," we store "Los Angeles area downloaded" — not your home address, not your GPS coordinates, just the general region. You'll receive LA disaster alerts whether you're at home, at work, or traveling abroad.

Routing privacy: When you request emergency evacuation routes, all route calculations happen on your phone/tablet using the downloaded map data. Your start point, destination, and route are never sent to our servers. This means we can't provide real-time traffic data (beyond official road closure notices from authorities), but it also means your movements remain completely private.

Map Coverage Metadata (Privacy-Preserving Feature)

Transaction Data (Required by Law)

For paid subscriptions, we must retain:

• • Payment records - amount, date, payment method (last 4 digits only)
• • Transaction history - required for tax compliance (7 years)
• • Billing information - processed securely by Stripe (we don't store full card numbers)

Minimal Technical Data (Essential Operations)

We collect minimal technical data to keep the service running:

• • Error logs - to fix bugs and crashes (anonymized)
• • Session data - to keep you logged in securely
• • Device type - iOS or Android (for app compatibility)
• • App version - to ensure you have security updates

Support Communications (When You Contact Us)

When you contact support, we store:

• • Your messages - to provide assistance and resolve issues
• • Support ticket history - to track resolutions
• • Deleted after resolution - unless you request we keep them for reference

2. How We Use Your Information

We use your information only for the specific purposes you provide it. We do not repurpose your data for marketing, profiling, or any use beyond disaster monitoring services.

3. Data Sharing and Disclosure

Limited Sharing for Service Delivery:

We share minimal data with these trusted service providers only to deliver our service. They cannot use your data for their own purposes.

Limited Situations:

• Emergency Services: In rare cases of immediate life-threatening emergencies, we may share monitored location areas (not GPS coordinates) with emergency response services if legally required or you explicitly request assistance.
• Legal Requirements: We may disclose information when required by valid legal process, such as court orders or government requests, but only the minimum required by law. We will notify you unless legally prohibited.
• Business Transfers: If Keryx Maps is acquired or merged, your data may be transferred to the new entity. You will be notified and given the option to delete your account before any transfer.

4. Data Security

5. Your Rights and Controls

6. Data Retention

7. International Data Transfers

Keryx Maps is operated from the United States, and your data is stored on servers located in the United States. If you are accessing our service from outside the United States (including the European Union), your data will be transferred internationally to our US servers.

We ensure appropriate safeguards for international transfers:

• • EU-US Data Privacy Framework compliance for European users
• • Standard Contractual Clauses (SCCs) with all data processors
• • Regular adequacy assessments of international data transfer arrangements
• • All data encrypted in transit and at rest regardless of location

8. Cookies and Tracking

We use minimal cookies and tracking technologies:

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately and we will delete such information.

10. California Residents - Your Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

11. European Union Residents - Your Privacy Rights (GDPR)

If you are located in the European Union (EU) or European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with comprehensive rights regarding your personal data:

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• • Email notification to all registered users
• • In-app notifications when you next log in
• • Prominent notice on our website

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: