Privacy Policy

1. Overview

Fortify is built with a privacy-first architecture. The app is designed to minimize data collection and avoid unnecessary access to personal information.

Fortify does NOT access:

• Your contacts
• Your call logs
• Your SMS messages
• Your photos
• Your location

Fortify primarily processes information required to provide account services, security alerts, and optional breach monitoring.

2. Information We Collect

Account Information

When you create a Fortify account we collect:

• Email address
• Account identifier (user ID)
• Subscription status

This information is required to authenticate your account and provide premium features.

Breach Monitoring Information

If you use the data breach monitoring feature, Fortify may process:

• Email address submitted for breach scans
• Normalized email representation
• Hashed email identifiers
• Breach scan results

Email addresses may be sent to breach-checking services in order to determine if they appear in public data breaches.

Analytics and Diagnostic Data

Fortify uses analytics and crash reporting tools to improve the reliability and performance of the app.

These tools may collect:

• App interaction events (for example: screen views or feature usage)
• Device type and operating system version
• Crash reports and error diagnostics
• Anonymous application identifiers

Analytics parameters are sanitized to prevent transmission of sensitive personal data.

3. Third-Party Services

Fortify uses several third-party services to operate the application. These services may process limited information required for functionality.

Supabase

Used for authentication, account management, and database storage.

RevenueCat

Used for subscription management and purchase validation.

Firebase

Used for analytics and crash reporting.

Breach Data Providers

Email addresses submitted for breach scans may be checked against public breach databases. These providers only receive information necessary to perform the scan.

4. Device Information

Fortify may access limited device metadata including:

• Device manufacturer
• Device model
• Operating system version
• Device type (physical device or simulator)

This information is used locally for compatibility and security checks.

Fortify does not collect advertising identifiers such as IDFA.

5. Caller Identification Data

Fortify may download scam phone number datasets used by the iOS Call Directory Extension.

These datasets contain:

• Phone numbers
• Caller labels (for example "Scam Risk")

These datasets are used by the operating system to label or block suspicious calls.

Fortify does not receive call history or incoming phone numbers from your device.

6. Notifications

Fortify may request permission to send security alerts and awareness notifications.

The app records whether notification permission has been granted but does not currently collect push notification tokens.

7. Data Retention

Account data is stored only as long as necessary to operate the service.

Breach monitoring records and diagnostic logs may be retained for operational and security purposes.

8. Account Deletion

Users can delete their Fortify account at any time from within the application settings.

When an account is deleted:

• Account authentication records are removed
• Associated entitlement records are deleted
• User-specific application data is removed

Some minimal operational logs may remain for security and fraud prevention purposes.

9. Security

Fortify uses industry standard security practices including:

• Encrypted network communication
• Secure authentication systems
• Hashed identifiers where appropriate

While no system can guarantee absolute security, Fortify is designed to minimize the risk of unauthorized access.

10. Children's Privacy

Fortify is not intended for children under the age of 13.

We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically.

Material changes will be reflected by updating the "Last Updated" date above.

12. Contact

If you have questions about this Privacy Policy you may contact: