Skip to content

Privacy Policy

Last updated: 10 June 2026

Safewords is a web tool that helps a family or trusted group create and practice a shared verification safeword for suspicious calls and messages. The mobile apps described on this site are planned and not required to use the web generator, protocol builder, drills, or printable cards.

What we collect

No account data and no server-side safeword storage. Safewords does not collect personal profiles, logins, analytics events, advertising identifiers, or telemetry. The web app can save local browser data on your device so you can keep progress or continue a protocol draft.

What stays on your device

For the planned mobile apps, when released:

  • Group seeds used to derive rotating safewords would stay on your device.
  • Group names and member labels would stay on your device.
  • App preferences such as rotation interval, biometric lock, and accessibility mode would stay on your device.
  • Any emergency override word would stay on your device.

When the mobile apps are released, their storage behavior must be reviewed against the shipped app before this policy claims platform-specific storage such as Android EncryptedSharedPreferences or iOS Keychain.

On the web tool (safewords.io):

Your browser may store `safewords_progress` for drill scores, read articles, and last drill state. It may also store `safewords_protocol_draft`, including group name, members, safeword, and protocol draft details. Clear this by deleting site data for safewords.io in your browser. QR/import links contain encoded protocol details, including the safeword, and printed cards expose the safeword to anyone who can read them.

What we send over the network

The web tool loads as static HTML, CSS, JavaScript, fonts, and assets, and it makes no backend API calls to store safewords or protocols. Data leaves your device only when you choose to share it, such as showing a QR code, opening an import link, printing a card, or using your own messaging app.

Permissions (mobile apps)

  • Camera — when mobile apps are released, camera access should only be used after you choose to scan a QR code.
  • Biometric — when mobile apps are released, biometric access should only be used if you enable an app lock setting.
  • SMS — when mobile apps are released, any SMS feature should open your default messaging app and should not send a safeword on your behalf.

Hosting (web)

The safewords.io site is hosted as static files. The hosting provider may collect standard server logs (IP addresses, request timestamps) as part of normal web server operation. We have no access to or control over these logs.

Third parties

Safewords does not embed third-party SDKs for analytics, crash reporting, advertising, or tracking. Web fonts are self-hosted with the app assets.

Children

Safewords is suitable for all ages. Because we collect no personal data, there is nothing to disclose under COPPA, GDPR-K, or similar regimes.

Changes

If this policy changes, the last-updated date above will change. We will not retroactively expand data collection without an explicit update.

Contact

Questions or concerns: mail@theholding.company.

Safewords is published by The Holding Company. The web privacy boundary is no accounts, no analytics SDK, no backend API for safewords or protocols, and only local browser storage for progress and drafts.