Privacy Policy: Safe Return (Rescue Mission System)

Last Updated: February 12, 2026

1. The "Safety vs. Privacy" Covenant

Safe Return operates on a "Break Glass" Protocol.

• Normal State (DEFCON 5-4): Your data is encrypted, private, and visible ONLY to your designated Family Caregivers. We (the developers) cannot see it.
• Emergency State (DEFCON 2-1): When a wandering event turns critical, the wall of privacy drops for the sake of survival. We transmit your location and medical bio directly to Emergency Responders and our Search Intelligence Engine.

By using this service, you explicitly consent to this automated transition of privacy states during life-threatening emergencies.

2. Data We Collect (The "Rescue Bio")

To facilitate a rescue, we must collect what we call a "Rescue Bio". This includes:

2.1 Identity & Context

• Current Photos: Facial recognition-ready photos for Search Parties.
• Physical Description: Height, weight, hair color, distinct marks (scars/tattoos).
• Memory Anchors: Addresses of past homes, workplaces, or emotional locations (used to predict wandering destinations).

2.2 Telemetry (Real-Time)

• Precise Location: GPS/GNSS coordinates collected in the background (even when the app is closed).
• Motion Data: Accelerometer/Gyroscope data to detect Falls, walking speed, direction of travel, or High-Velocity transit (Vehicle detection).
• Health Metrics: Heart Rate (via Apple Health/Health Connect) to detect panic or exhaustion.
• WiFi State: Whether the watch is connected to the home WiFi network (used for instant departure detection — we do NOT collect WiFi passwords, only connection status and the home network name you provide during setup).
• Wrist Detection: Whether the watch is being worn (Apple Watch wrist detection / Wear OS off-body sensor). Used to alert caregivers if the watch is removed.
• Battery Level: Watch battery percentage (used to boost urgency scoring when the watch is about to die and to maximize data capture before shutdown).

2.3 Audio & Environment (Optional)

• If enabled: The system may capture short audio snippets during a confirmed DEFCON 1 alert to help rescuers hear background noise (traffic, wind, voices).

2.4 Guest Mode & Drill Mode

Guest Mode (No Account):

• Purpose: Safe Return offers a "Try Before You Commit" experience through Guest Mode, allowing users to test the full rescue system without creating an account.
• Demo Data Only: Guest mode uses pre-configured demo data for drill simulations. No personal data is collected, stored, or transmitted.
• Drill Mode Simulations:
  • Drill Mode creates simulated GPS movements for testing purposes
  • No real location data is transmitted during drill mode
  • No SMS alerts are sent to emergency contacts during drills
  • All drill activity is confined to your device
• Account Creation: When you create an account, you set up your loved one's profile from scratch in our secure database. All account data is then subject to the protections described in this Privacy Policy.

What This Means:

• ✅ Guest Mode is 100% private — no personal data is collected
• ✅ No tracking — we don't know who you are or what you're testing
• ✅ Clean start — creating an account means setting up your real profile securely from day one

3. How We Share Data ("The Breakdown")

We define three circles of trust:

3.1 The "Break Glass" Protocol (HIPAA Exemptions)

In a Life-or-Death Emergency (DEFCON 1), specifically when specific medical intervention is required (e.g., "Patient is diabetic and missing for 4 hours"), we share your Medical Rescue Bio with certified First Responders.

• Legal Basis: This sharing is permitted under HIPAA (45 CFR 164.510(b)(4)) and GDPR (Vital Interests) to prevent "serious and imminent threat to the health or safety of a person."

4. Data Retention & Sovereignty

4.1 Guest Mode Data Retention

• No Data Collected: Guest mode uses demo data only. No personal data is collected, stored, or retained on your device or our servers.

4.2 Mission Logs (Account Users)

• Tracking History: Detailed breadcrumbs of a rescue mission are retained for 30 Days to allow for "After Action Reviews" by family or police.
• Auto-Deletion: After 30 days, high-fidelity tracking data is permanently deleted or anonymized into "Heatmaps" for research (if opted-in).

4.3 Account Deletion & Residency

• Right to Delete (Permanent Purge): Users have the right to permanently purge their account and all associated personal, medical, and tracking data at any time.
  1. Self-Service (App): Navigate to INTEL > System Settings and tap PERMANENTLY DELETE ACCOUNT. This initiates an immediate "Hard Delete" via our secure backend.
  2. Manual Request: Send an email to support@safereturn.care with the subject "Account Deletion Request". Manual requests will be processed within 7 business days.
• Right to Export: You can download a full archive of your mission logs (e.g., for analytics or medical consultation).

5. Security Architecture

Your data is protected by Military-Grade Encryption:

• Transmission: TLS 1.3 (Bank-grade security) for all data in flight.
• Storage: AES-256 Encryption at rest in our databases (Supabase).
• Access: Strict Row Level Security (RLS) ensures even our database admins cannot browse user locations casually.

6. International Transfers (Korea / EU)

• South Korea: We comply with the Location Information Protection Act. Your location data is processed on secure cloud servers. You have the right to withdraw consent for location tracking at any time, though this renders the Service useless.
• EU Users: We process data based on Vital Interests (Article 6(1)(d) GDPR) during emergencies and Consent (Article 6(1)(a)) during setup.

CONTACT US For privacy concerns or to execute a "Right to be Forgotten" request: Email: support@safereturn.care address: Safe Return Privacy Office