Privacy & Data Lifecycle
Just Chicken In is a daily safety check-in service designed to help people stay connected without surveillance, monitoring, or profiling. We collect and retain the minimum data required to deliver alerts and operate the service.
1. Who this policy applies to
This policy describes our practices for:
- People who install and use the Just Chicken In mobile app ("users")
- People listed as emergency contacts by a user ("contacts")
- Organizations that use the organization portal ("orgs") and individuals added to an org's account ("members")
- Visitors to our website
For organization members, the org is the data controller for any additional member-profile information the org chooses to store. Just Chicken In acts as a processor for that data. See the Data Processing Addendum for details.
2. What data is stored on your device
The following data is stored locally on your device:
- Daily check-in schedule and reminder settings
- Local check-in history
- Emergency packet drafts you choose to create
- Guardian lock PIN (hashed locally, if enabled)
- Language and accessibility preferences
- A locally stored authentication key used to sign requests to our server
This data remains on your device unless you choose to sync specific information for alert delivery. If someone has physical access to your unlocked device, they may be able to access locally stored information.
3. What data is stored on our servers
The following data may be stored on Just Chicken In servers (hosted on Cloudflare in the United States):
- A randomly generated Member ID
- Your check-in schedule, grace-period preference, and timezone offset
- Last successful check-in timestamp
- Current escalation state (whether your most recent deadline was missed, escalation count, and the timestamp of the most recent escalation)
- Emergency contact phone numbers and/or email addresses, plus an optional label (e.g. "Mom")
- SMS consent state for each phone contact (opt-in status, consent timestamp)
- An optional user-provided alias or nickname
- Encrypted emergency packet data (if you choose to create one)
- Privacy mode, auto-delete preference, and related settings
- Account credentials for the organization and admin portals (hashed passwords using PBKDF2-SHA256 with per-user random salt; two-factor-authentication secrets if you enable 2FA; backup-code hashes)
- Active session tokens (hashed, not stored in plaintext)
We do not store names, street addresses, demographic identifiers, location history, behavioral tracking data, or reasons you did not check in. We do not use artificial intelligence to analyze user behavior, assess risk, or build profiles.
4. Operational logs we keep
To operate the service reliably and prevent abuse, we also keep the following short-lived operational records:
- Alert delivery log. For each SMS or email sent by the service, we record the Member ID it relates to, the contact's phone number or email, the message kind (e.g. missed check-in, reassurance confirmation, organization billing notice), the delivery status, the provider's message ID, any error returned by the provider, and the timestamp. This log is retained for up to 365 days for debugging, audit, and grant reporting purposes, and is purged by an automated process.
- Rate-limit buckets. We keep short-lived counters of authentication attempts and sensitive-endpoint requests keyed by IP address or account identifier. Buckets expire on their own (typically within minutes) and are cleared by an automated process.
- Cloudflare edge logs. Our hosting provider retains standard access logs (IP address, request path, HTTP status, user-agent) according to its own policies.
- Update-page email list (optional, opt-in). If you choose to subscribe to product-update emails on our Updates page, we store your email address, a confirmation timestamp, and a random unsubscribe token. This address is used only to email you when we post a new update, and is never shared, sold, or used for any other purpose. Every email we send includes a one-click unsubscribe link. You can remove yourself at any time by clicking that link, which immediately deletes the record. We do not require you to subscribe to use the app or portal.
5. What data we do not collect
We do not collect or store:
- Location data
- Continuous monitoring or motion data
- Behavioral or risk scoring
- Health diagnoses or medical records (see Section 6 for organization-portal nuance)
- Advertising identifiers
- Data for resale or marketing
- AI-generated profiles or predictions
For the sake of full transparency: like most modern software teams, we occasionally use AI-assisted coding tools during development to help write and review code. Those tools operate on our source code and engineering notes, not on user data. User data never leaves our own systems and our declared sub-processors (Section 10), and no user data is ever sent to an AI model or service as part of operating Just Chicken In.
6. Organization-portal data
Organizations that onboard members to Just Chicken In may optionally use the organization portal to store additional information about their members, including:
- Full name, phone number, email, address, and place of work
- Medical conditions and emergency notes
- Pet and dependent information
- Pet-sitter, babysitter, and house-access information
- Custom free-text notes chosen by the organization
This information is controlled by the organization, not by Just Chicken In. The organization decides what to collect, why, and whether to share it with anyone. Members with questions about organization-portal data should contact their organization directly. We act as a processor for the organization under our Data Processing Addendum.
Just Chicken In is not a HIPAA-covered entity or business associate. Organizations should not store information subject to HIPAA in the organization portal unless they have specifically arranged alternative terms with us in writing.
7. How alerts are delivered
If you miss a scheduled check-in and your grace period expires:
- Your designated contacts are notified by SMS (sent via our toll-free carrier-registered Twilio number) or email (via SendGrid)
- Alert messages include your Member ID and, if provided, an optional alias to help recipients identify the alert
- A time-limited link to your emergency packet may be included
Delivery providers process the message and therefore receive the recipient's phone number or email address and the message content. These providers operate under their own privacy policies. See Section 10 for the list of sub-processors.
8. Emergency packet handling
- Stored encrypted at rest using AES-GCM with a server-side key
- Shared only when an alert is triggered
- Accessed via time-limited links that expire automatically
Recipients may still screenshot or copy information once received. Just Chicken In cannot control recipient behavior. We do not maintain administrative access to browse user packet contents.
9. Retention schedule
| Data | Retention | How it's removed |
|---|---|---|
| User Member ID and account settings (normal privacy mode) | Until the user deletes the account or requests deletion | On user request or via the in-app "Delete my data" feature |
| User Member ID and account settings (High Privacy Mode, auto-delete enabled) | Automatically deleted within 48 hours after an alert fires and no check-in follows | Automated cron job, typically within minutes of the 48-hour mark |
| Emergency contacts | Until the user removes the contact or deletes the account | In-app management screen, or account deletion |
| Encrypted emergency packet | Until the user deletes it | In-app packet editor, or account deletion |
| Alert delivery log | Up to 365 days | Automated daily cleanup |
| Rate-limit buckets | Typically minutes; maximum 1 hour | Automated cleanup after window expiry |
| Session tokens | 24 hours of idle or 7 days absolute, whichever is shorter | Automated on expiry or user logout |
| Invite tokens (org members) | Days chosen by org admin (default 3 days) | Automatic on use or expiry |
| Organization-portal member-profile data | Per the organization's own retention practices | The organization controls deletion |
| Billing records (paid org subscriptions) | 7 years, for tax and audit compliance | Automated after retention period |
| Update-page email subscribers (opt-in mailing list) | Until the subscriber clicks the unsubscribe link in any email we send | One-click unsubscribe in every broadcast (immediate deletion) |
| Cloudflare edge access logs | Per Cloudflare's standard retention (typically 7 days) | Cloudflare-managed |
10. Sub-processors (who else sees the data)
We use the following third-party providers to deliver the service. Each operates under its own privacy policy and terms; we share only the minimum data needed for each provider's role.
| Provider | Purpose | Data shared | Policy |
|---|---|---|---|
| Cloudflare | Web hosting, edge compute, D1 database, CDN | All data listed in Section 3 and Section 4 (they host it) | cloudflare.com/privacypolicy |
| Twilio | Toll-free SMS delivery | Recipient phone number, message body | twilio.com/legal/privacy |
| SendGrid (Twilio) | Email delivery | Recipient email address, message body | twilio.com/en-us/legal/privacy |
| Stripe | Payment processing for organization subscriptions and donations | Email address, payment instrument (we never see card data) | stripe.com/privacy |
| Apple and Google | App distribution and individual-user subscription billing | App Store / Play Store account (we do not receive payment info) | apple.com/legal/privacy · google.com policies |
11. Security practices
We use technical safeguards appropriate to the sensitivity of the data we handle, including:
- TLS in transit for all requests between app, portal, and server
- HMAC-signed requests between the mobile app and our server
- Session tokens are stored only as SHA-256 hashes
- Passwords are stored using PBKDF2-SHA256 with a unique per-user random salt
- Optional two-factor authentication (TOTP) on admin and organization portal accounts
- AES-GCM encryption at rest for emergency packets
- Time-limited access links for packet retrieval
- Rate limiting on authentication endpoints to mitigate brute-force attacks
- No administrative dashboard for browsing user packet contents
12. Data breach notification
If we discover a breach of security affecting personal information we hold, we will investigate, take reasonable steps to contain and remediate the breach, and notify affected users as required by applicable law. Notification will describe, to the extent known, the data involved, the steps we have taken, and recommended precautions.
13. California residents (CCPA / CPRA)
This section applies to individuals who are California residents and provides the disclosures required by the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), as well as other California privacy laws.
Categories of personal information we collect
In the preceding 12 months we have collected the following categories:
- Identifiers: Member ID, device-generated client key, email addresses (for contacts and org administrators), phone numbers (for contacts), optional alias.
- Internet or network activity: IP address, request logs (via Cloudflare), session-token activity.
- Commercial information: Subscription tier, billing status (for paid organizations or individual subscribers).
- Inferences: None. We do not draw inferences to create user profiles.
- Sensitive personal information: Account credentials (hashed passwords, 2FA secrets, backup codes). Organizations may additionally choose to store member information that could be sensitive (for example, medical conditions in the org portal); see Section 6.
Sources of personal information
Directly from users, from users on behalf of their contacts, from organizations about their members, and generated by our own systems (e.g. Member IDs, session tokens, logs).
Purposes for collecting personal information
To operate the service (check-ins, alerts, organization management, billing), to secure the service (authentication, rate limiting, abuse prevention), to debug and audit (delivery logs), and to comply with law.
Recipients of personal information
Our sub-processors (Section 10), emergency contacts designated by users, organization administrators with respect to their own members, and law-enforcement or legal requesters in the limited cases described in our Law Enforcement and Legal Requests policy.
Sale or sharing of personal information
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under California law. We have not done so in the preceding 12 months.
Your California rights
California residents have the right to:
- Know what personal information we have collected about you and how we use and share it.
- Access a copy of your personal information in a portable format.
- Delete personal information we hold about you, subject to legal retention requirements.
- Correct inaccurate personal information.
- Limit the use of sensitive personal information to what is necessary for the service.
- Opt out of sale or sharing of personal information (not applicable — we do not sell or share).
- Non-discrimination for exercising any of these rights.
How to exercise your rights
Email hello@justchickenin.org with the subject line "CCPA Request" and describe the request. We will verify your identity using information associated with your account (Member ID, email address, or similar). We will respond within 45 days. You may designate an authorized agent to make a request on your behalf; in that case we require written proof of authorization and will verify your identity directly.
We do not use cookies or other tracking technology for advertising, so there is no "Do Not Sell or Share My Personal Information" toggle. You may still submit an opt-out request if you wish it on record.
14. European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)
This section applies to individuals in the European Economic Area, the United Kingdom, and Switzerland. For purposes of the General Data Protection Regulation ("GDPR") and equivalent legislation in the UK and Switzerland, the data controller is Just Chicken In.
Legal bases for processing
- Performance of a contract with you (providing the check-in service you have asked us to provide), for your account data and alert processing.
- Legitimate interests for security, abuse prevention, and operational logging, balanced against your interests.
- Consent for contacts receiving SMS safety alerts; each contact may withdraw consent at any time by replying
STOP. - Legal obligations for retention required by tax, accounting, or applicable law.
Your GDPR rights
You have the right to access, rectify, erase, restrict, object to processing, and port your personal data, and to withdraw consent at any time where processing is based on consent. You have the right to lodge a complaint with a supervisory authority.
International transfers
Our servers are located in the United States (via Cloudflare). When we transfer personal data outside the EEA/UK/Switzerland, we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.
Exercising your rights
Email hello@justchickenin.org with the subject line "GDPR Request." We respond within 30 days.
15. Your controls (in addition to the rights above)
At any time, within the app you may:
- View or update emergency contacts
- Set, change, or remove an optional alias
- Edit or delete your emergency packet
- Toggle High Privacy Mode and auto-delete-after-alert
- Delete all server-stored data
- Wipe local data from your device
Deleting data does not cancel App Store or Play Store subscriptions. See the Terms for cancellation guidance.
16. Children's privacy
Just Chicken In is not directed to children under 13 and we do not knowingly collect personal data from children under 13. Individuals 13 or older but under the age of majority in their jurisdiction must use the service only with the consent and supervision of a parent or legal guardian. If we discover that we have collected data from a child under 13 without verifiable parental consent, we will delete it.
17. Law enforcement and legal requests
Our posture on subpoenas, warrants, and other legal requests — including how we respond to requests in contexts where users may be at elevated risk, such as domestic-violence and stalking cases — is published separately at Law Enforcement and Legal Requests.
18. Changes to this policy
If our data practices change, this page will be updated and the "Last updated" date will reflect the revision. For material changes we will make reasonable efforts to provide advance notice in the app or by email before the change takes effect.
19. Contact
Questions about privacy or data handling may be sent to: hello@justchickenin.org