Privacy Policy

Last Updated: January 25, 2026

MissionCredible ("Company," "we," "us," or "our") operates the SHTF (Sudden Hazard Triage Framework) mobile application (the "App"). This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information.

By accessing or using the App, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, and password.
  • Profile Information: Profile photo (optional), display name, and preferences.
  • Household & Sensitive Data: (Optional) To provide accurate preparedness recommendations, you may choose to provide details about your household. This includes Sensitive Personal Information:
    • Precise Location: For hazard mapping and local resource identification.
    • Health Information: Specific medical needs, medication requirements, or mobility limitations for household members.
    • Preparedness Status: Inventory of supplies and security readiness.
  • Documents: Files you choose to upload.
  • Payment Information: Transaction history processed securely through Stripe. We do not store full credit card details.

1.2 Information Collected Automatically

  • Necessary Data: Device type, OS version, crash reports (critical errors only), and authentication tokens.
  • Optional Data (With Your Consent): Usage patterns and interaction metrics. You may opt out of this collection in App Settings.
  • Biometric Notice: If you use biometric authentication (e.g., FaceID, TouchID, Android Biometrics) to unlock the App, this data is processed locally on your device. MissionCredible never collects, stores, or has access to your raw biometric data.

1.3 Information from Third Parties

Authentication: When you sign in via Azure AD B2C or Apple, we receive your email and name to verify your identity.

1.4 Representation Regarding Household Members

Crucial Notice: The App allows you to input data regarding other members of your household.

  • By providing personal or sensitive data about another adult: You represent and warrant that you have obtained their explicit consent to share their information with us for the purposes of generating a household preparedness plan.
  • By providing data about a minor: You represent that you are the parent or legal guardian with authority to consent to the processing of the minor’s data.

2. How We Use Your Information

We use your information to:

  • Provide Services: Generate custom disaster preparedness plans based on your survey and location.
  • Process Payments: Facilitate tips via Stripe.
  • Communicate: Send security alerts and account updates.
  • Ensure Security: Detect fraud and abuse.
  • Improve the App: Analyze usage patterns (only if you have opted in).

2.1 Automated Recommendations (Logistical Only)

The App uses algorithms to analyze your data and suggest preparedness steps (e.g., "Stock 2 weeks of water").

  • Human in the Loop: These are recommendations only. You retain full discretion on whether to follow them. We do not make legal or life-altering decisions on your behalf solely based on automated processing.
  • No Medical Advice: The term "Triage" in our name refers strictly to logistical prioritization of supplies. The processing of health data (e.g., "User has MS") is used solely for inventory planning (e.g., "Ensure backup power"). The App does not provide medical advice, diagnosis, clinical triage, or treatment. Always consult a qualified healthcare provider for medical decisions.

3. Legal Basis for Processing

3.1 GDPR (EEA/UK) & LGPD (Brazil)

  • Contractual Necessity: To provide the services you requested.
  • Explicit Consent: For Sensitive Data (Health, Location) and optional analytics.
  • Legitimate Interests: Fraud prevention and network security.
  • Legal Obligation: Tax reporting and lawful compliance.

3.2 India (DPDP Act 2023)

  • Consent: We rely on your verifiable consent for the processing of your personal data.
  • Legitimate Uses: For specific situations defined by law (e.g., medical emergencies, disaster management) where prior consent is not feasible.

4. Data Sharing

We do not sell your personal information.

4.1 Service Providers

We share data strictly with secure infrastructure providers:

  • Microsoft Azure: Cloud hosting and authentication.
  • Stripe: Payment processing.
  • Microsoft Application Insights: Analytics (only if you opt-in).

4.2 Legal Requirements

We may disclose information if required by a subpoena, court order, or government request. We commit to challenging overbroad or unlawful requests where possible.

5. Data Retention

  • Active Accounts: Data is retained while your account is active.
  • Inactive Accounts (Zombie Policy): To protect your privacy and minimize security risks, we reserve the right to delete accounts (and all associated data) that have been inactive for a period of 24 months.
  • Deletion Request: If you request deletion, data is removed from our servers within 30 days.
  • Payment Records: Retained for 7 years as required by tax laws.

6. Your Rights

6.1 All Users

  • Access & Correction: View or update your data in Settings.
  • Deletion: Request deletion of your account and all associated data.
  • Opt-Out: Disable optional analytics in Settings.

6.2 EEA (GDPR) & Brazil (LGPD) Residents

  • Withdraw Consent: You may withdraw consent for analytics or sensitive health data at any time.
  • Portability: Receive your data in a machine-readable format.
  • Restriction: Request we limit the processing of your data.
  • Complaint: You have the right to lodge a complaint with your local Data Protection Authority (e.g., ANPD in Brazil, ICO in UK).

6.3 United States Residents (CCPA, VCDPA, CPA, etc.)

  • Right to Know & Delete: Request details on data collected or request deletion.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of your Sensitive Personal Information (Health, Location) strictly to what is necessary to perform the services. We will not use this data for inferring characteristics or internal analytics if you exercise this right.
  • To exercise this right, go to Settings > Privacy > Limit Sensitive Data Use.
  • Right to Appeal: If we deny a privacy request, you may appeal our decision by contacting us at the email below.
  • Non-Discrimination: We will not discriminate against you for exercising these rights.

7. How to Exercise Your Rights

  • To Delete Your Account: Go to Settings → Account → Delete Account.
  • To Manage Consent: Go to Settings → Privacy.

For other requests, contact our Privacy Team at [email protected].

8. Data Security & Breach Notification

We prioritize the security of your sensitive preparedness data:

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest.
  • Access Control: Strict role-based access limits employee access.
  • Breach Notification: In the event of a data breach that compromises your personal information, we will notify you and relevant regulatory authorities within the timelines required by applicable law (e.g., 72 hours under GDPR/LGPD, or immediately as required by local statutes).

Disclaimer: While we use commercially acceptable means to protect your personal information, no method of transmission over the Internet is 100% secure. You acknowledge that you provide personal information at your own risk.

9. International Data Transfers & Remote Operations

Your data is primarily processed in the United States.

  • Operational Access: You acknowledge that Company personnel (e.g., administrators, support staff) may access encrypted or limited data from other jurisdictions (including Brazil) for the purposes of system maintenance, debugging, and customer support. We ensure that such access adheres to strict security protocols equivalent to those in the US.
  • Compliance Frameworks: When transferring data, we rely on Standard Contractual Clauses (SCCs) and comply with the international transfer requirements of GDPR, LGPD, and DPDP Act where applicable.

10. Children's Privacy

The App is intended for adults (18+). We do not market to children.

Data About Children: If you input data regarding minors (e.g., "Child aged 6"), you confirm you are the parent/legal guardian and consent to the processing of this data solely for family preparedness. We do not collect personal information directly from children.

11. Contact & Grievance Officer

If you have questions or wish to file a grievance regarding your data:

MissionCredible Privacy Team
Attn: Data Protection Officer / Grievance Officer
Email: [email protected]

We aim to acknowledge all queries within 24 hours and resolve valid grievances within 30 days.

12. Governing Law & Territorial Restrictions

12.1 Governing Law

This Privacy Policy shall be governed by the laws of the State of Georgia, USA, without regard to its conflict of law provisions. Notwithstanding the above, if you are a resident of the EEA, UK, Brazil, or India, nothing in this policy deprives you of the protection afforded to you by mandatory consumer protection laws of your country of residence.

12.2 Territorial Restrictions & US-Only Availability

Geographic Scope: The App is currently intended for access and use only by residents of the United States. We make no representation that the App is appropriate or available for use in other locations.

International Access: If you choose to access the App from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. We expressly disclaim any liability for data processing that occurs as a result of unauthorized access from jurisdictions with strict data localization or sovereignty laws (including, but not limited to, China, Russia, and Vietnam).

Get In Touch

Have questions about the SHTF app? We're here to help! Reach out to our team using any of the methods below.

[email protected]