Account Data
Authentication
- What
- Email, phone number, or Apple/Google account identifier.
- Why
- To create your StealthGuard account and enable multi-device pairing.
- Where
- Firebase Authentication (Google servers, encrypted).
- Control
- Delete your account by contacting us or signing out and requesting deletion.
Face Photo (Onboarding)
- What
- A single face photo captured during signup.
- Why
- Identity verification — ensures the account holder is a real person.
- Where
- Uploaded to Firebase Storage, linked to your user profile.
- Control
- You can request deletion at any time.
Student Verification
- What
- Your .edu email address (auto-detected).
- Why
- To verify eligibility for the 50% student discount.
- Where
- Email stored in Firestore.
- Control
- You can remove student status from your profile.
On-Device Data (Never Uploaded)
Camera & Microphone — All camera frames are processed on-device for motion detection and face recognition. Video is recorded locally in the app sandbox. Viewable and deletable from the Recordings screen.
Face Recognition — Uses Apple Vision framework on the Neural Engine. Feature prints stored locally. Never uploaded to any server. Delete any enrolled face from the Face Setup screen.
Room Sweep (Bluetooth, Network, EMF) — All scan data processed and displayed on-device only. Not transmitted.
Firebase Services
- Firebase Auth — Email, phone, Apple/Google ID for user authentication
- Firestore — User profile, device list, pairing tokens, alert metadata
- Firebase Storage — Onboarding face photo and alert thumbnails
- Cloud Messaging (FCM) — Device token for push notification delivery
- Cloud Functions — Alert documents for server-side push dispatch
No data is sent to Firebase unless you create an account and use pairing or push features.
Subscription Data
Processor: Apple (StoreKit 2). We never see your payment information. We store your subscription tier in Firestore to enforce feature gates and device limits. Student pricing is determined by .edu email domain detection.
Multi-Device & QR Pairing
Device ID, device name, platform, and FCM token are stored in Firestore under your user account. QR pairing tokens are short-lived (5 minutes), single-use, and auto-expire. Remove any device from the Device Manager screen.
Data We Never Collect
- We do not sell, share, or monetize any data.
- We do not use advertising SDKs or tracking analytics.
- We do not process face recognition biometrics on any server.
- We do not upload video recordings (stored locally only).
- We do not access your contacts, calendar, or browsing history.
Third-Party Services
- Firebase (Auth, Firestore, Storage, Cloud Messaging) — Account management and push delivery
- Google STUN Server — IP address for WebRTC NAT traversal during live streaming
- Apple StoreKit — Purchase receipts for subscription management
No third-party analytics, advertising, or tracking SDKs are used.
Data Retention
- Account data: Stored until you delete your account or request deletion.
- Local recordings: On your device until you delete them.
- Firebase alerts: Remain until deleted.
- Pairing tokens: Auto-expire after 5 minutes.
- Face profiles: Local only, deleted from Face Setup screen.
- Subscription status: Synced with Apple.
Your Rights
- Delete recordings: Recordings screen or Settings > Clear All.
- Delete face profiles: Face Setup screen.
- Remove devices: Device Manager screen.
- Revoke permissions: iOS Settings at any time.
- Delete account: Contact us at support@mystealthguard.com to delete all Firebase-stored data.
- Cancel subscription: iOS Settings > Apple ID > Subscriptions.
Security
- Local data protected by iOS app sandbox with file-level encryption.
- Firebase data encrypted in transit (TLS) and at rest.
- WebRTC streams end-to-end encrypted (DTLS-SRTP).
- Face ID / Touch ID required to arm and disarm.
- QR pairing tokens are single-use with 5-minute expiry, validated server-side.
Children's Privacy
StealthGuard is not directed at children under 13. We do not knowingly collect data from children.