ByStander

ByStander Privacy Policy

Last updated: May 13, 2026
Effective date: May 13, 2026

This Privacy Policy describes how ByStander Inc. (“ByStander,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the ByStander mobile application and the website at https://bystander.life (together, the “Services”).

ByStander is a personal-safety service. It lets you alert trusted contacts and trained advocates during emergencies, share live video, audio, and location during active incidents, schedule recurring safety check-ins, run dead-man’s-switch timers, and monitor heart-rate and blood-oxygen readings from connected wearables for the purpose of detecting potential medical emergencies. Because of what the app does, we handle information that is personal, sensitive, and occasionally urgent. This policy explains how.

Summary: We collect only what we need to provide safety features. Your live video, audio, and location are shared with the people you choose (emergency contacts and, when you request one, a matched advocate) only while an incident is active. We do not sell your personal information and do not use it for advertising. Incident recordings are automatically deleted on a schedule that depends on your subscription tier (30 days on Free, 60 days on Standard, retained while the account is active on Pro / LifeSupport). Starred items are kept indefinitely. Routine health readings are deleted after 7 days; readings flagged as clinically significant are kept 365 days, then deleted.
Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Incidents: Sharing With Contacts and Advocates
  4. Health Data
  5. Health Connect (Android): Approved Use Case
  6. Third-Party Sub-Processors
  7. SMS and Text Messaging
  8. Data Retention and Deletion
  9. Security
  10. Your Privacy Rights
  11. Notice for California Residents (CCPA/CPRA)
  12. Notice for EU/UK Residents (GDPR)
  13. Notice for Illinois Residents (BIPA)
  14. Children
  15. International Users
  16. Changes to This Policy
  17. Contact Us

1. Information We Collect

1.1 Information you give us

  • Account information: first name, last name, email address, phone number (verified by SMS), date of birth, language preference, timezone, and a safety PIN you create.
  • Emergency contacts: names, phone numbers, and (optionally) relationship labels for people you add as emergency contacts. We send each of them a one-time SMS asking them to opt in before we contact them for you.
  • Medical information (optional): conditions, allergies, medications, blood type, and notes you choose to record in your in-app medical card so emergency responders or advocates can see them during an incident.
  • Advocate application data: if you apply to become a ByStander advocate, we collect identity-verification information, background-check consent, tax forms, and payout details. Advocates are independent contractors, not employees.
  • In-app communications: messages you send through incident chat or customer support.
  • Referrals and affiliate codes: if someone refers you, we record the referral code so the referrer can be credited.

1.2 Information collected automatically

  • Device and app data: device model, operating-system version, app version, crash logs, and performance diagnostics.
  • Usage data: which features you use, timestamps of incidents and check-ins, and log data needed to operate and secure the Services.
  • Push-notification tokens: we receive a push token from Apple Push Notification Service (iOS) or Firebase Cloud Messaging (Android) so we can send you notifications.
  • Approximate location derived from your device to help us show local content and configure region-specific features.

1.3 Information collected during an incident, a CheckPoint response window, or a Scout timer

During an active incident that you trigger, the app collects and streams:

  • Precise location (continuously while the incident is active, including when the app is in the background).
  • Live video and audio from your device camera and microphone.
  • Incident chat messages between you, your emergency contacts, and any advocate you are matched with.
  • Health signals (heart rate and oxygen saturation, if you have granted access and are wearing a connected device).

CheckPoint response window. While you have an unresolved scheduled check-in (the app has prompted you to confirm you are safe and you have not yet responded), ByStander uploads your location to your private profile approximately every 60 seconds. This continues until you confirm you are safe, you dismiss the prompt, or the response window expires. The purpose is to give your emergency contacts the most recent possible location in the SMS sent if the window expires without your response. Updates stop automatically as soon as the response is resolved. On Android the app shows a persistent notification while this is active because the platform requires it for background-location use.

Scout (dead-man’s-switch) timer. When you start a Scout timer, ByStander does not stream live media. It tracks the timer locally and shares your location with your pre-configured contacts only if the timer expires without your check-in.

None of the data described in this section is collected when no incident, CheckPoint window, or Scout timer is active. Location tracking, camera, and microphone all stop automatically when the relevant flow ends.

1.4 Information from connected devices and phone permissions

  • Contacts: if you allow access, we read your phone contacts only so you can pick people to add as emergency contacts. We do not upload your full contact list.
  • Camera and microphone: used only to live-stream during incidents you trigger. We do not record ambient audio or video at any other time.
  • Location: precise location during incidents and during CheckPoint response windows (foreground and background); approximate or foreground-only location for non-incident features such as finding nearby advocates.
  • Health Connect (Android) and HealthKit (iOS) and Samsung Health: with your explicit permission, we read heart-rate, blood-oxygen, and (on Android) sleep-state readings from your connected wearable. We do not write data back to these platforms. See Section 5 for the Android-specific Health Connect terms.
  • Motion sensors and activity recognition: when you have opted into health monitoring on a paid Standard-tier subscription, ByStander reads the device accelerometer at 20 Hz to detect falls (sustained free-fall, then high-g impact, then prolonged stillness) and subscribes to the system step counter via the Android Pedometer API (which requires the ACTIVITY_RECOGNITION permission) solely to classify whether you were moving in the seconds before a detected impact. Step counts are consumed in real time by the fall-severity classifier and are not stored. We never use motion or step data for fitness tracking, exercise monitoring, gamification, advertising, or analytics.
  • Biometric authentication (Face ID / Touch ID / Android fingerprint): used locally on your device to unlock the app. The biometric itself stays on your device; we never receive or store it.

2. How We Use Your Information

We use information for these purposes, and no others:

  • To provide the Services: creating and securing your account, verifying your phone number, activating incidents, matching you with advocates, delivering notifications.
  • To share live incident information with the people you have chosen (your emergency contacts and, when applicable, an advocate).
  • To detect potential medical emergencies (cardiac, respiratory, or fall events) and dispatch the resulting alerts.
  • To improve reliability and safety of the Services, diagnose issues, and prevent abuse.
  • To communicate with you about your account, safety-critical events, or operational updates.
  • To comply with legal obligations and to respond to lawful requests (see Section 3.3).

We do not use your information to serve advertising, to build advertising profiles, or to sell to third parties.

3. Incidents: Sharing With Contacts and Advocates

3.1 Emergency contacts

When you add an emergency contact, we send them a one-time SMS asking them to opt in. Until they opt in, they receive no further messages. Once opted in, they receive SMS and push notifications about incidents you trigger and can view your live video, audio, and location through a secure link. They can opt out at any time by replying STOP.

3.2 Advocates

Advocates are independent contractors and trained volunteers who help users during incidents. When you request an advocate, the system matches you with one or more nearby approved advocates based on language, availability, and distance. Matched advocates receive:

  • Your first name and approximate location while the incident is active
  • The live video and audio stream
  • Your medical card, if you have created one
  • The incident chat thread

Advocates are bound by a confidentiality agreement and platform conduct rules. They do not see your account history, your payment information, or any information from past incidents they were not part of. You can block an individual advocate at any time; blocked advocates will never be matched to you again.

3.3 Legal and safety disclosures

We may disclose information when we believe in good faith that disclosure is necessary to: comply with law or valid legal process; protect the rights, safety, or property of any person; investigate fraud or abuse of the Services; or enforce our Terms.

3.4 In-app location viewing by your emergency contacts

Emergency contacts who have completed the SMS opt-in and who are themselves ByStander users can view your last known location from within the ByStander app, but only when you have explicitly enabled the “Share my location” toggle for that specific contact in your in-app Contacts screen. If you have not enabled sharing for a contact, the contact still receives incident alerts via SMS but cannot view your location in their app outside of an active incident.

You can revoke a contact’s ability to view your location at any time by disabling the per-contact sharing toggle or by removing them as an emergency contact. The change takes effect on their next refresh (typically within 10 seconds).

4. Health Data

ByStander reads heart rate and blood-oxygen saturation from connected wearables through Apple HealthKit (iOS) and Android Health Connect, for the sole purpose of detecting potential medical emergencies and dispatching alerts to your emergency contacts and (on supported tiers) a trained advocate. See Section 5 for the Android Health Connect-specific terms and the approved use case. These platforms require your explicit permission before we can read anything.

Not a medical device. ByStander is not a medical device. It does not diagnose, treat, or prevent any disease. Health readings are used only to detect potential emergencies and dispatch alerts you have configured, and accuracy depends on your wearable. Always seek professional medical care when needed.

We use health data only to: (a) detect cardiac, respiratory, or fall events that may indicate an emergency; (b) dispatch the resulting alert to your chosen emergency contacts and any matched advocate; and (c) include recent readings in an incident if one is triggered. We do not share health data with advertisers and we do not sell it. We do not use it for fitness tracking, wellness coaching, sleep tracking, training analytics, gamification, ML or AI training, insurance scoring, profiling, or any other purpose you did not enable.

5. Health Connect (Android): Approved Use Case

On Android devices, ByStander integrates with Health Connect under the Medical care – Emergency response and first aid approved use case. The integration is gated behind an in-app permission screen and is available only on paid Standard-tier subscriptions; we do not request Health Connect permissions at install time or on any free tier.

We read the following data types from Health Connect, for the purposes described:

  • Heart rate (READ_HEART_RATE) to detect clinically-significant tachycardia (over 180 BPM active, or over 150 BPM resting) and bradycardia (under 40 BPM) that may indicate a cardiac emergency or loss of consciousness. We act only on two consecutive out-of-range readings (never a single reading), and the only resulting action is the automated dispatch of an emergency alert to your pre-configured emergency contacts.
  • Blood oxygen / SpO2 (READ_OXYGEN_SATURATION) to detect hypoxemia (under 90%) that may indicate respiratory distress. Same two-consecutive-reading conservatism and same emergency-dispatch action as heart rate.
  • Sleep state (READ_SLEEP) used only at read-time to determine whether you are asleep, so that the correct medical anomaly threshold (resting versus active) is applied to a concurrent heart-rate reading. Sleep data is not persisted to our backend and is not used for sleep tracking, sleep coaching, or sleep-quality scoring.
  • Activity recognition (ACTIVITY_RECOGNITION) used only to power on-device fall detection. The system step counter is read via the Pedometer API solely to classify whether you were moving in the seconds before a detected impact, in order to distinguish a serious fall during activity from a dropped phone. Step counts are consumed in real time by the fall-severity classifier and are not persisted.

What we never derive from these signals. ByStander never uses Health Connect data for fitness tracking, workout coaching, exercise monitoring, performance analytics, step-count gamification, daily-activity scoring, training analytics, social features, leaderboards, advertising, profiling, ML or AI training, insurance scoring, or third-party sharing of any kind. We do not sell Health Connect data and do not share it with advertisers.

Storage and deletion. Routine heart-rate and SpO2 readings are deleted from our backend 7 days after capture. Readings flagged by the anomaly detector as clinically significant are retained 365 days to support emergency-incident follow-up, then deleted. Sleep state and step counts are not persisted at all. You can revoke ByStander’s access in Health Connect at any time, disable health monitoring in the in-app Settings screen, or permanently delete every stored reading by deleting your account.

6. Third-Party Sub-Processors

We use the following service providers to operate the Services. Each is contractually required to handle your information only as needed to provide their service to us.

Provider Purpose Data they process
Supabase Database, authentication, file storage, realtime sync, serverless functions Account data, incident data, media files, location history, health readings
Twilio SMS verification and incident SMS notifications User and emergency-contact phone numbers, SMS content
Apple Push Notification Service Push notifications (iOS) Push tokens, notification payloads
Firebase Cloud Messaging (Google) Push notifications (Android) Push tokens, notification payloads
Agora Live audio and video streaming during incidents, cloud recording of incident streams Live media stream, session metadata; recorded MP4 written to our storage
RevenueCat Mobile in-app subscription management (App Store and Google Play) User ID, subscription tier, transaction history (payment card data is processed by Apple and Google and never reaches RevenueCat or ByStander)
Stripe Web-portal subscription payments at bystander.life Payment card data (processed by Stripe; we do not store card numbers)
Apple HealthKit / Google Health Connect / Samsung Health Provide heart-rate, blood-oxygen, and (on Android) sleep-state readings from your wearable Health readings (with your permission)
Google Maps Map rendering in the app Location data used to render maps (subject to Google’s privacy policy)

Data hosting location. Our backend (Supabase) is hosted in the us-west-2 region (Oregon, United States). All account data, incident records, location history, health readings, emergency-contact records, and stored media reside there. If you access the Services from outside the United States, your information is transferred to and processed in Oregon. Where required by law, we rely on Standard Contractual Clauses (or the UK and Swiss equivalents) as the lawful basis for these transfers.

We will update this list if we add or change sub-processors. If we ever introduce analytics or crash-reporting tools beyond what is described here, we will update this section and the app’s consent flow accordingly.

7. SMS and Text Messaging

ByStander sends SMS messages for two purposes:

  • Operational messages (required for the Services): phone-verification codes, incident alerts to you and to your emergency contacts, missed-CheckPoint alerts, and advocate opt-in confirmations. These are not marketing.
  • Optional product updates: only if you opt in separately.

You or your emergency contact can opt out of non-verification SMS at any time by replying STOP. Reply HELP for help. Message and data rates from your carrier may apply. We do not sell or share your phone number with third parties for their own marketing.

8. Data Retention and Deletion

Category Retention
Account data (name, email, phone, etc.) Until you delete your account
Incident recordings (video, audio, chat transcripts) 30 days on the Free tier; 60 days on Standard; retained while the account is active on Pro / LifeSupport. Items you star in the in-app Evidence Gallery are kept regardless of tier until you unstar or delete them.
Health readings (routine) 7 days, then automatically deleted
Health readings flagged as clinically-significant anomalies 365 days, then automatically deleted
Location data outside of incidents and CheckPoint windows Not retained beyond the current session
Push tokens Until you uninstall, sign out, or disable notifications
SMS opt-in / opt-out records Retained as required for compliance

Account deletion

You can delete your ByStander account at any time from inside the app (Settings → Account → Delete Account), which requires you to type your name to confirm. Deletion removes your profile, contacts, incident history, stored health readings, and evidence from active systems within 30 days. We may retain minimal records required by law (for example, transaction logs for financial reporting).

9. Security

We protect your information with:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256 via Supabase storage and database encryption).
  • Row-level security policies that restrict access to data based on who you are.
  • Strict scopes for service accounts and sub-processor credentials.
  • Two-factor phone verification for account creation and sensitive changes.

No system is completely secure. If we ever become aware of a security incident affecting your personal information, we will notify you as required by applicable law.

10. Your Privacy Rights (All Users)

Regardless of where you live, you can:

  • View and update your profile information in the app.
  • Delete your account (see Section 8).
  • Manage app permissions (camera, microphone, location, notifications, contacts, health, motion) from your device settings.
  • Disable health monitoring and fall detection from in-app Settings.
  • Opt out of SMS by replying STOP.
  • Block any individual advocate.
  • Revoke per-contact location sharing in the in-app Contacts screen.
  • Contact us at info@bystander.life for data access, correction, or deletion requests.

We respond to verified requests within 30 days.

11. Notice for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act gives you the following rights. We will not discriminate against you for exercising them.

  • Right to know what personal information we collect, use, and disclose.
  • Right to delete personal information we have collected from you.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell or “share” personal information for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information. We use sensitive information (such as precise location and health data) only to provide the service you requested.
  • Right to non-discrimination for exercising these rights.

To exercise any of these rights, email info@bystander.life with the subject line “California Privacy Request.” You may designate an authorized agent to make a request on your behalf; we will require reasonable verification.

12. Notice for EU/UK Residents (GDPR/UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, ByStander Inc. is the data controller for your personal information. The lawful bases on which we process data are:

  • Performance of a contract to provide the Services you request.
  • Consent for SMS opt-in, health-data access, camera, microphone, location access, and any future marketing.
  • Vital interests to share your location and live stream with contacts and advocates you have pre-authorized, during an active emergency.
  • Legitimate interests to secure the Services, prevent abuse, and improve reliability.
  • Legal obligation to comply with applicable laws.

You have the rights to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time. To exercise these rights, email info@bystander.life. You also have the right to lodge a complaint with your local data-protection authority.

Your data is transferred to and processed in the United States (Supabase, us-west-2 / Oregon, and the other US-based sub-processors listed in Section 6). Where required, we rely on Standard Contractual Clauses (or the UK and Swiss equivalents) with our sub-processors, together with supplementary measures (TLS-encrypted transit, AES-256 encryption at rest, role-scoped access, audit logging) to protect your data during transfer and processing.

13. Notice for Illinois Residents (BIPA)

ByStander operates in and is headquartered in Illinois. We do not collect, capture, purchase, or otherwise obtain biometric identifiers as defined by the Illinois Biometric Information Privacy Act (BIPA). Specifically:

  • Biometric authentication (Face ID / Touch ID / Android fingerprint) happens entirely on your device. The biometric template never leaves your device and is not transmitted to ByStander’s servers.
  • Heart rate, oxygen saturation, sleep state, and other physiological measurements are not biometric identifiers under BIPA.
  • We do not use face recognition, voice prints, or scans of hand or face geometry.

14. Children

ByStander is intended for individuals 13 years of age or older. Users between 13 and 18 must have verifiable parental consent to use the app in jurisdictions that require it. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at info@bystander.life and we will delete the account and related information.

For users under 18, we recommend reviewing this policy together with a parent or guardian. Parents and guardians who wish to review, modify, or delete their minor child’s account information may contact us at info@bystander.life.

15. International Users

ByStander is operated from the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and in any other jurisdiction where our sub-processors operate (see Section 6). By using the Services, you consent to such transfers.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. For material changes, we will provide notice through the app or by email at least 30 days before the change takes effect. Continued use of the Services after the effective date of an updated policy constitutes acceptance of the update.

17. Contact Us

For any privacy question, request, or concern, contact us at:

ByStander Inc.
683 83RD STREET, BOLINGBROOK, ILLINOIS 60440
Email: info@bystander.life
Website: https://bystander.life

This Privacy Policy is governed by the laws of the State of Illinois, without regard to its conflict-of-laws principles.

ByStander

Always Have A Bystander