Privacy Policy

Haven ("the app", "we", "our", "us") is a personal safety application developed by Ben Bates. This privacy policy explains what information Haven collects, how it is used, where it is stored, and what rights you have over your data.

Haven is designed with privacy at its core. It is a safety tool, not a surveillance tool. We collect only what is necessary to deliver alerts to your trusted contacts, and nothing more.

1. Information we collect

When you use Haven, the following information is collected and stored on your device or transmitted as part of the alert process.

1.1 Information you provide during setup

Display name: The name you enter during onboarding, used to identify you to your trusted contacts when an alert is sent.

Phone number: Used to link your Haven account to your identity so trusted contacts can find you. Your phone number is published to a secure lookup directory (see Section 3) so that contacts who add you by phone number can route alerts to your device.

Email address (optional): Collected during onboarding for contact purposes only. Not used for marketing or shared with third parties.

Trusted contact details: The names, phone numbers, and email addresses of people you add as trusted contacts. These are stored locally on your device and used solely to route alerts.

1.2 Information collected when you send an alert

GPS location: When the app is open and location permissions are granted, your device's GPS coordinates are attached to the alert so your trusted contact can see where you are. Location is not tracked continuously. It is captured only at the moment an alert is triggered. If you activate Haven from the lock screen via Siri, only a cached location (if recently available) may be included.

Audio recording (optional): If you have opted in to audio recording in Settings, a short audio clip (10 to 30 seconds) is recorded from your device's microphone immediately after an alert is sent. This clip is attached to the alert and delivered to your trusted contact. Audio recording is off by default and requires your explicit consent to enable.

Alert metadata: Each alert includes a unique identifier, your sender ID, the recipient's ID, a timestamp, and an optional message (such as "HELP" or "HELP (Siri)"). If campus security alerting is enabled, a flag indicating that institutional security was also notified is included.

1.3 Information collected automatically

Device token: When you open Haven, Apple assigns your device a push notification token. This token is sent to our push notification server (see Section 3) so that alerts can be delivered to your device instantly. The token is a random string generated by Apple. It does not contain your name, phone number, or any personal information.

App preferences: Your chosen settings (alert mode, audio opt-in, audio duration, icon disguise choice, activation phrases, notification and location permission status) are stored locally on your device using Apple's standard on-device storage. These are never transmitted to us or any third party.

2. Information we do not collect

Haven does not collect, store, or transmit any of the following:

• Browsing history or web activity
• Contacts from your phone's address book (beyond what you manually enter into Haven)
• Photos, messages, or files on your device
• Advertising identifiers or tracking data
• Usage analytics or behavioural data
• Financial or payment information

Haven does not contain advertisements. We do not sell, rent, or share your personal information with advertisers, data brokers, or any third party for commercial purposes.

3. Where your data is stored

Haven uses three systems to store and transmit data. Each serves a specific purpose in the alert delivery process.

3.1 Your device (on-device storage)

Your display name, phone number, trusted contact details, app preferences, and activation settings are stored locally on your device using Apple's UserDefaults system. This data does not leave your device except as described below.

3.2 Apple CloudKit (alert storage and delivery)

Alert records (including your sender ID, recipient ID, GPS coordinates, audio clips, timestamps, and messages) are stored in Apple's CloudKit service using the public database of Haven's iCloud container. CloudKit is operated by Apple Inc. and is subject to Apple's privacy policy (apple.com/privacy). Haven uses CloudKit's public database so that alert recipients do not need to be signed in to iCloud to receive alerts. Your phone-to-sender-ID mapping is also stored in CloudKit to enable contact linking by phone number.

Apple's CloudKit infrastructure is hosted in data centres that comply with international data protection standards.

3.3 Haven push notification server (alert delivery)

To deliver instant push notifications, Haven operates a lightweight server hosted on Fly.io (fly.io) in the United States. This server stores only two pieces of information per registered device:

• Your Haven sender ID (a randomly generated identifier, not your name or phone number)
• Your device's push notification token (assigned by Apple)

When an alert is triggered, the sending device contacts this server with the recipient's sender ID. The server looks up the corresponding device token and sends a push notification via Apple's Push Notification service (APNs). The server does not store alert content, GPS locations, audio recordings, or message text. It acts solely as a relay to trigger instant delivery.

The push server is protected by API key authentication. Communication between your device and the server is encrypted via HTTPS.

4. How your data is used

All data collected by Haven is used for one purpose: delivering safety alerts to your trusted contacts when you need help.

Specifically:

• Your display name and phone number are used to identify you to your trusted contacts and to enable contact linking.
• GPS location is used to show your trusted contact where you are at the moment of an alert.
• Audio recordings are used to provide your trusted contact with additional context about your situation.
• Device tokens are used to deliver push notifications instantly when an alert is sent to you.
• Alert metadata is used to route alerts to the correct recipient and to distinguish between alert types.

We do not use your data for profiling, advertising, marketing, or any purpose unrelated to the core safety function of the app.

5. Data sharing

Haven shares your data only with the specific people and systems necessary to deliver alerts.

• Your trusted contacts receive your display name, GPS location (if available), audio clip (if opted in), and alert timestamp when you send an alert.
• If campus security alerting is enabled, the same alert information is also sent to your institution's designated security contact.
• Apple receives alert data through CloudKit and push notification tokens through APNs, subject to Apple's privacy policy.
• Fly.io hosts the push notification server infrastructure, subject to Fly.io's privacy policy (fly.io/legal/privacy-policy).

Haven does not share your data with any other third party.

6. Data retention

Alert records stored in CloudKit are retained indefinitely to allow recipients to review past alerts in their inbox. Audio clips attached to alerts are retained as part of the alert record.

Device registration records on the push notification server (sender ID and device token) are retained for as long as the device remains registered. If Apple reports a device token as invalid or expired, the corresponding record is automatically deleted.

On-device data (preferences, contact details, settings) persists until you delete the app or reset it through Settings.

You may request deletion of your data at any time by contacting us (see Section 11).

7. Data security

Haven uses the following measures to protect your data:

• All communication between your device, CloudKit, and the push notification server is encrypted in transit using HTTPS/TLS.
• The push notification server uses API key authentication to prevent unauthorised access.
• Alert data in CloudKit is protected by Apple's infrastructure security controls.
• On-device data is protected by your device's built-in security (passcode, Face ID, Touch ID) and Apple's data protection framework.
• Audio recordings are stored as encrypted CloudKit assets.

No system is completely secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If you become aware of a security concern, please contact us immediately.

8. Children's privacy

Haven is designed to be set up by a parent or guardian on a child's device. The app does not target children directly or knowingly collect personal information from children under the age of 13 without parental involvement.

When a parent or guardian sets up Haven on their child's phone, the parent provides the child's display name and phone number during onboarding, and designates themselves (or another trusted adult) as the emergency contact. The child does not need to create an account, provide an email address, or interact with any registration process.

Haven does not collect age information, school names, or any child-specific data beyond what is entered by the parent during setup.

If you believe a child under 13 has provided personal information to Haven without parental consent, please contact us and we will promptly delete it.

9. Institutional use

When Haven is deployed through an institution (such as a school, university, or care provider), the institution may designate a security or safeguarding contact to receive alerts alongside the user's personal trusted contact. In this case:

• The institutional contact receives the same alert information as the personal trusted contact (display name, location, audio clip if opted in, timestamp).
• The user must explicitly enable institutional alerting through a toggle in the app. It is not enabled by default.
• The institution is responsible for its own data handling practices regarding alerts received by its staff.

Haven does not provide institutions with access to user data, alert history, or usage information beyond the alerts sent directly to their designated contact.

10. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You may request a copy of the personal data Haven holds about you.
• Correction: You may update your display name, phone number, and trusted contacts at any time through the app's Settings.
• Deletion: You may request deletion of your data from CloudKit and the push notification server by contacting us. Deleting the app from your device removes all locally stored data immediately.
• Withdrawal of consent: You may disable location permissions, microphone access, or audio recording at any time through your device's Settings or within the Haven app.

To exercise any of these rights, contact us using the details in Section 11.

11. Contact us

If you have questions about this privacy policy, want to request data deletion, or have any concerns about how Haven handles your data:

Email: hello@havenalert.com
Developer: Ben Bates
Location: George Town, Cayman Islands

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in the app or applicable laws. When we make changes, we will update the "Last updated" date at the top of this policy. Continued use of Haven after changes are posted constitutes acceptance of the updated policy.