Legal

Privacy Policy

Last Updated: February 22, 2026

AT A GLANCE

Captured photos are encrypted and stored in app-private local storage.
No automatic cloud upload for captured images.
Data requests can be submitted to support@whomovedmyphone.com.
Third-party processors are limited to billing and reliability operations.

1. Operator and Scope

This Privacy Policy explains how "Who Moved My Phone" (the "App") collects, uses, and protects information when you use the App on your Android device.

The App is operated by GLOBALHASHTAG Corp. ("Operator", "we", "us"). The App follows a local-first model for anti-theft monitoring and evidence collection.

This Policy applies to App use and the official policy page at whomovedmyphone.com/privacy.

2. What Information We Process

Information is processed only to deliver security and anti-theft features:

User ID and entitlement metadata: App user identifier and subscription entitlement state used for Pro feature access.
Purchase history metadata: Purchase, renewal, restore, and cancellation status provided by Google Play and RevenueCat.
Device and safety event data (local): Event timestamps, unlock attempts, motion/charger events, and alarm state.
Intruder photos (optional): Front-camera images captured only when capture features are enabled and allowed by permissions.
Diagnostics and device identifiers: Crash/reliability logs and installation/device identifiers used for app stability analysis.

3. Permissions and Device Access

The App requests permissions only when needed for features you enable:

Camera: Used for intruder evidence photos.
Usage Access: Used to record activity context for intruder timeline context.
Overlay: Used for in-app alarm visuals and lock-style warning screens.
Battery, notifications, and device-admin related capabilities: Used to keep monitoring reliable and secure on supported devices.

If a permission is denied or revoked, related features may stop working as designed.

4. Storage and Retention

App-private local storage: Security events and settings are stored in app-private storage on your device.
Encrypted photo files: Captured photos are encrypted using Android Keystore-backed AES-GCM file encryption.
Automatic photo retention: A scheduled WorkManager job deletes older photos by retention policy (default: 2 days).
No automatic cloud upload: Captured photos are not automatically uploaded to cloud storage by the App.
Retention settings: Retention period is user configurable in App settings and can be set to 1, 2, 3, or 7 days.
Third-party operational data: Billing and crash diagnostics data are retained by service providers according to their own policies and legal requirements.

5. Third-Party Services

We do not sell personal information and do not serve ads.

Google Play Billing: Purchase, subscription, renewal, and refund processing. Google Privacy Policy
RevenueCat: Subscription entitlement management and billing state synchronization. RevenueCat Privacy Policy
Firebase Crashlytics and Firebase Installations: Crash diagnostics, reliability monitoring, and installation/device identifiers. Firebase Data Processing and Security

These providers may process limited operational data as needed to provide their services. We do not share personal data with advertisers or data brokers.

6. Why We Process Data

Provide core anti-theft app functionality and subscription entitlements.
Detect, diagnose, and fix crashes and reliability issues.
Improve security, prevent abuse, and satisfy legal obligations.

7. Data Safety Summary (Google Play)

Collected: User ID (app functionality), Purchase history (app functionality and analytics), Crash logs (analytics), Device or other IDs (analytics).
Shared: No user data is shared with third parties for advertising or marketing.

8. Security

We apply standard platform protections for local-first security: Android app sandboxing, encrypted local storage, and minimum required permissions. App logs and diagnostics are sanitized before sending, and we do not upload photo files.

9. Children's Privacy

The App is not intended for children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

10. Your Rights and Data Requests

Revoke permissions at any time in Android settings.
Disable monitoring features in the App.
Delete stored photos and timeline data by using in-app data clearing or retention settings.
Adjust retention period (1/2/3/7 days) to align with your privacy preference.
Uninstall the App if you no longer want to use it.
Request access, correction, deletion, or portability of personal data where applicable law provides those rights.

To submit a rights request, emailsupport@whomovedmyphone.comwith subject line "Privacy Request" and include your App user ID (if available), request type, and jurisdiction.

We may request additional verification to protect account security. We aim to respond within 30 days unless a longer period is allowed by applicable law.

11. International Data Processing

Some third-party providers may process operational data in countries outside your place of residence. Where required, we rely on contractual and organizational safeguards provided by those processors.

12. Policy Updates

We may update this Policy from time to time. When we do, we update the date above and publish the revised version on this page.

13. Contact and Legal Notices

Questions or legal notices:support@whomovedmyphone.com

Operator: GLOBALHASHTAG Corp.

Registered business mailing address is provided in formal legal communications upon verified request.