Privacy Policy
How Stealward handles your data — no name, email, or password; your recorded video and audio are end-to-end encrypted; and monitoring photos are analyzed only during an active session, then sealed so afterward only your devices can open them.
Stealward (“Stealward”, “we”, “us”) is an anti-theft tool. You activate it on a device you are leaving behind — a Mac, iPad, or iPhone — and that device watches your belongings and sends alerts to your phone if something looks wrong. This policy explains what data we collect, how we use it, who we share it with, and the choices you have.
We built Stealward to hold as little of your data as possible. We do not ask for your name, email address, or a password, and your recordings are end-to-end encrypted so that only your own devices can read them — not us, and not the companies whose infrastructure we run on.
The short version
- We do not collect your name, email, or a password. Your account is a random identifier plus cryptographic keys.
- Your recorded video and audio are end-to-end encrypted — only your devices can decrypt them.
- To detect threats, monitoring photos are analyzed by an AI provider during an active session, then encrypted so that afterward only your devices can open them. See Section 3.
- We do not sell or share your personal data for advertising. Ever.
- Our website counts visits without cookies and without storing your IP address (Section 5).
- You can ask us to delete your data (Section 10).
1. Who we are and how to contact us
Stealward is the provider of the Stealward app and service. For any privacy question or request, contact us at privacy@stealward.app.
2. Information we collect
Account and device information
- A randomly generated user ID and device ID. These are not derived from your name, email, phone number, or hardware serial.
- Cryptographic public keys used to authenticate your devices and to encrypt data to you.
- Your device’s name and model. On a Mac, the device name you have set may include your name (for example, “Robin’s MacBook Pro”). We store this encrypted — we cannot read it.
- Push notification tokens, so we can deliver alerts to your phone.
Approximate region — not your IP or GPS location
- When you register, we read the approximate region (continent/country) that our network provider associates with your connection, so we can store your data in a datacenter close to you. We do not store your IP address, and we do not collect GPS or precise location.
- If available, we collect the name of the Wi-Fi network your monitoring device is on, and basic device status (battery level, charging state, connection type). This is encrypted so that only your devices can read it.
Media captured during a session
- Video and audio. While a session is active, the monitoring device records video and audio of its surroundings. Recordings, and the thumbnails generated from them, are end-to-end encrypted on the device before upload — we only ever store encrypted data and cannot watch or listen to your recordings.
- Monitoring photos. The monitoring device also takes still photos of the scene every couple of seconds so our AI can check on your belongings. See Section 3 for exactly how these are handled.
Detection and alert data
- Labels and descriptions our AI generates about the items it is watching, and the wording of the alerts we send you (for example, “Your backpack may have been moved”).
Subscription information
- If you subscribe, we store your Apple transaction identifier, the product purchased, and whether it was a production or test purchase, to manage your entitlement.
Your settings and consents
- Your privacy choices (see Section 9) and a record of which version of this policy and our Terms you have agreed to, with the date.
Operational logs
- Our servers keep short operational logs to run and secure the service. These may include your user/device IDs, approximate region, and push tokens. They do not contain your recordings, and encrypted fields (such as your device name) remain unreadable to us.
3. How the AI monitoring works, and what it means for encryption
Threat detection requires our AI to actually see the scene, so this is the one place your imagery is briefly handled in unencrypted form:
- During an active session, each monitoring photo is sent to our AI provider — Google Gemini, accessed through OpenRouter via the Cloudflare AI Gateway — to check whether your belongings are safe. These photos are used only to watch your belongings during the session; we do not use them for advertising or profiling, and we do not sell them.
- When the session ends, every monitoring photo is encrypted so that afterward only your own devices can open it. From that point on, we can no longer see them.
- Alerts. The wording of an alert is generated by Stealward from the AI’s analysis, so that text passes through our systems and Apple’s push service in readable form. The alert deliberately identifies your device using an encrypted name that only your devices can decrypt.
If you turn on “help improve detection” (off by default — see Section 9), an additional encrypted copy of your monitoring photos is made available to Stealward for the sole purpose of reviewing and improving our detection. You can turn this off at any time.
4. How we use your information
We use the information above to:
- provide the service — watch your belongings, record while a session is active, and detect possible threats;
- deliver real-time alerts to your chosen devices;
- store your data in a region close to you and let you play back your own recordings;
- manage subscriptions and entitlements;
- keep the service secure, prevent abuse, debug problems, and comply with law;
- with your consent, improve our detection and diagnose crashes (Section 9).
5. Website analytics
Our website counts page views at the edge to understand traffic. It uses no cookies and no client-side tracking script. To estimate unique visitors, we derive a short-lived, daily-salted hash from your connection and never store or log your raw IP address. The salt rotates every day, so these tokens cannot be linked across days or reversed. The result is an aggregate trend only — we do not build a profile of you and we do not track you across other sites or apps.
6. Recording others is your responsibility
Because Stealward records video and audio of the area around your device, it may capture other people. Laws on recording people — especially audio recording — vary by location and can require the consent of those recorded. You are solely responsible for using Stealward lawfully, including obtaining any consent required where you are. Do not use Stealward where recording is prohibited.
7. Who we share data with
We do not sell your personal data, and we do not share it for advertising. We rely on a small set of service providers (“sub-processors”) that process data on our behalf to run the service:
| Provider | What it handles |
|---|---|
| Cloudflare | Core infrastructure — application servers, databases, and encrypted storage; and the gateway through which monitoring photos are analyzed. Most stored media is encrypted and unreadable to Cloudflare. |
| OpenRouter and Google (Gemini) | AI analysis of monitoring photos during an active session (Section 3). |
| Fly.io | Servers that relay your live recording. They handle only encrypted data and hold no keys, so they cannot see your video or audio. |
| Apple | Delivery of push notifications. Apple receives your device push token and the alert text; your device name in the alert is encrypted. |
We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, or property of our users or others.
8. How we protect your data
- End-to-end encryption. Your recorded video, audio, and thumbnails are encrypted on your device before they leave it, using keys that only your own devices hold. We store only encrypted data and cannot decrypt it. Your keys never touch our servers and are never synced to iCloud.
- Monitoring photos are handled as described in Section 3 — analyzed during a session, then encrypted so only your devices can open them.
- Data is transmitted over encrypted connections, and access to our systems is restricted.
- Some technical metadata about a session — such as timing, duration, and video resolution, and the belonging labels the AI produces — is not encrypted, so that we can operate and secure the service.
- No system is perfectly secure, and we cannot guarantee absolute security, but minimizing what we can see is central to how Stealward is built.
9. Your choices and consents
- Improve detection (off by default). Controls whether an encrypted copy of your monitoring photos may be made available to Stealward to review and improve detection (Section 3).
- Diagnostics (off by default). Controls whether we may collect crash reports and app logs to fix problems.
Both are off unless you turn them on, and you can change them at any time. Turning them off stops the associated use going forward.
10. Retention and deletion
We keep your data for as long as your account is active, or as needed to provide your subscription. You can ask us to delete your account and associated data by emailing privacy@stealward.app, and we will do so within 7 business days of verifying your request. Note that because your recordings are end-to-end encrypted, we cannot recover them for you if you lose access to your devices. Some limited records may be retained where required by law.
11. International processing
Stealward runs on Cloudflare’s global infrastructure. We store your data in the region closest to you, but data may be processed in other locations as part of operating the service. Service availability may vary by region.
12. Children
Stealward is not directed to, and is not intended for, anyone under 18, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact privacy@stealward.app.
13. Changes to this policy
We may update this policy. When we make a material change, we will update the version and effective date above and, where appropriate, ask you to review the new version in the app. Your continued use after an update means you accept the revised policy.
14. Contact
Questions or requests: privacy@stealward.app.