Privacy Policy
Last updated: May 2026 • Version 1.0
Information We Collect
Account Information
When you create an account, we store your email address (or Apple-assigned private relay address). If you use Sign In with Apple, we receive only the information you choose to share. We generate a unique 8-character identifier (user_hex) for your account.
BLE Device Data
Shadow Prox scans for nearby Bluetooth Low Energy devices and collects:
- Manufacturer data and company identifiers
- Signal strength (RSSI) measurements
- Advertised service UUIDs
- Device names (when broadcast publicly)
- GATT service characteristics (Device Information, Battery, etc.)
This data describes the BLE radio advertisements that devices broadcast publicly. We do not access personal data stored on detected devices.
Location Data
GPS coordinates are collected only when:
- A surveillance camera or ALPR is detected (to map its location)
- You are actively using the map feature
- Location clustering is performed to detect if devices follow you across places
We do not continuously track your location in the background.
How We Use Your Data
- Personal Safety: Detect if BLE devices are following you across time and locations
- Community Surveillance Map: Detected camera and ALPR locations are shared with the Shadow Prox community to build a crowdsourced awareness map
- OpenStreetMap Contribution: Surveillance camera locations may be submitted to OpenStreetMap using standard tagging conventions, contributing to public awareness projects like DeFlock
- Device Identification: BLE fingerprints help identify device types and detect known trackers
Data Sharing
- Community Data: Surveillance camera locations and aggregate BLE device statistics are shared with other Shadow Prox users
- OpenStreetMap: Camera locations may be submitted as public map data
- We Never Share: Your email, personal identity, continuous location history, or data from your safe/owned devices
- Law Enforcement: We will only disclose user data when required by valid legal process (court order, warrant)
Data Security
- Authentication tokens stored in device Keychain (iOS) or system keyring (macOS)
- All API communication over HTTPS (TLS 1.2+)
- Passwords hashed with Django's PBKDF2 algorithm
- Token-based API authentication (no session cookies)
Data Retention
- Account data retained until you delete your account
- BLE scan logs stored locally on your device (not uploaded unless surveillance detected)
- Surveillance sightings retained indefinitely for community benefit
- Device tags retained until the tagged device is no longer seen
Your Rights
- Access: Export all your data via Settings > Data Export
- Deletion: Delete your account and all data by contacting support@shadowprox.com
- Correction: Update your account information at any time
- Opt Out: Use local-only mode without cloud data sharing
Children's Privacy
Shadow Prox is not intended for users under 13. We do not knowingly collect data from children.
Changes to This Policy
We will notify users of material changes via the app. Continued use after notification constitutes acceptance.
Contact
Privacy questions: support@shadowprox.com