© 2026 Dignity Labs Ltd · Company 16954194 · Registered in England and Wales
167–169 Great Portland Street, 5th Floor, London, W1W 5PF
Dignity Labs
Dignity Labs
Suracode — Privacy Addendum
This addendum supplements the Dignity Labs Base Privacy Policy. It details what data Suracode specifically collects and how it is handled.
We collect the minimum data necessary to provide the service. Your family's code word and vault entries are encrypted on your device before they ever leave — we cannot read them. Messages you scan are processed on your device and never uploaded. On-device AI analysis, where available, runs entirely on your device. We do not store your name, email address, or any personally identifying information in our application database.
Our application database contains no personally identifying information. All user references are anonymous unique identifiers (UUIDs) that cannot be linked to your real identity without access to the authentication system (see Section SP3).
| Data Type | Purpose | Storage | Personal Data? |
|---|---|---|---|
| Anonymous User ID | Identify you within the App | Our servers (a random UUID) | No |
| Family Name | Label for your family group | Our servers | Only if you choose to include personal information |
| Family Code Word | Core functionality — sync across family devices | Our servers (end-to-end encrypted — we cannot read this) | No (encrypted) |
| Family Region | Provide region-appropriate alerts and contacts | Our servers (UK, US, or AU) | No |
| Membership Record | Record that you are a member of a family group | Our servers | No |
| Timestamp Data | Track when code words are changed, check-ins recorded | Our servers | No |
| Vault Entries | Encrypted emergency information (medications, contacts, etc.) | Our servers (end-to-end encrypted — we cannot read this) | No (encrypted) |
| Vault File Attachments | Encrypted document attachments | Our servers (end-to-end encrypted — we cannot read this) | No (encrypted) |
| Check-In Records | Daily SIGNAL check-ins with optional feeling and context | Our servers (anonymous UUID + timestamp + feeling) | No |
| Check-In Schedules | Per-member check-in windows and timezone | Our servers | No |
| Waves | Quick reactions between family members (heart, hug, wave, etc.) | Our servers (anonymous UUID + type) | No |
The App uses Google Sign-In or Apple Sign-In to verify your identity. Authentication is handled entirely by Supabase Auth. When you sign in:
Supabase acts as our data processor for authentication data. Their handling of this data is governed by their privacy policy and our data processing agreement.
| Data Type | Stored By | Dignity Labs Access | Purpose |
|---|---|---|---|
| Email address | Supabase Auth (not our tables) | We do not query or display this | Authentication |
| Display name | Supabase Auth (not our tables) | We do not query or display this | Authentication |
| Google/Apple unique ID | Supabase Auth (not our tables) | We do not query or display this | Authentication |
| Data Type | Purpose | Storage | Tier | Personal Data? |
|---|---|---|---|---|
| Check-in Records | SIGNAL daily check-ins | Our servers (anonymous UUID + timestamp + feeling + context) | Pro | No |
| Check-in Schedules | Per-member check-in windows | Our servers (IANA timezone + day-of-week + times) | Pro | No |
| Vault Entries | Encrypted family emergency information | Our servers (end-to-end encrypted — we cannot read this) | Pro | No (encrypted) |
| Vault File Attachments | Encrypted document attachments to vault entries | Our servers (end-to-end encrypted — we cannot read this) | Pro | No (encrypted) |
| Waves | Quick family reactions | Our servers (anonymous UUID + type + timestamp) | Pro | No |
| Battery Level | Last-known battery percentage for family awareness | Our servers (percentage only) | Pro | No |
| Feature | What We Do NOT Collect |
|---|---|
| CHECK — Pattern Matching | Message text, screenshots, images — all analysis is on-device. Nothing leaves your device. |
| CHECK — On-Device AI | Message text, screenshots, images — AI analysis runs entirely on your device using Apple Foundation Models or Gemini Nano. No data is sent to our servers, Apple, or Google. |
| CHECK — Pro Threat Intel | Message content or extracted text. Pro sends only extracted URLs, phone numbers, and email domains to external threat databases. |
| VERIFY — Deepfake Check | Video call content, recordings, or images |
| SIGNAL — Check-Ins | GPS location. Check-ins record a timestamp, optional feeling, and optional context label — not your location. |
| VAULT | Vault content. Entries are end-to-end encrypted before leaving your device. We cannot read vault entries or file attachments. |
The following data never leaves your device and is never transmitted to our servers:
Pro feature data that does leave your device: URLs, phone numbers, and email domains extracted from scanned text are sent to external threat databases via our server for checking. No message content, screenshots, or extracted text is shared. See the base Privacy Policy Section 6 for full details.
Suracode stores error logs on your device to help diagnose issues. This data is stored only on your device, is never transmitted automatically, and can only be sent if you choose to tap "Send feedback to Suracode" in Settings, which opens your email client with the log attached — you see everything before sending. It can be cleared at any time in Settings and contains no personal information.
No data leaves your device unless you explicitly choose to send it.
We explicitly do not collect: your name, your email address, your phone number, your location or GPS coordinates, your contacts list, your photos or media, your browsing history, advertising identifiers, any biometric data, screenshots you scan, content of video calls, vault entry content (encrypted, we cannot read it), on-device AI analysis outputs, or your Google or Apple password.
Your code word and vault entries are encrypted on your device using AES-256-GCM before being transmitted. Our servers store only encrypted data. Even if our servers were compromised, your code word and vault entries would remain protected. Dignity Labs staff cannot read your code word or vault contents. Law enforcement requests cannot reveal your code word or vault contents (we don't have the key). You control who receives the invite code and how it's shared.
On-device pattern matching (free tier) and on-device AI analysis (where device hardware supports it) process your message entirely on your device. Images and extracted text never leave your device. For Pro subscribers, URLs, phone numbers, and email domains extracted from scanned text are checked against external threat databases via our server — no message content is shared. When you close the screen, images and extracted text are discarded from your device.
Where your device supports it, Suracode uses on-device AI models (Apple Foundation Models on iOS, Gemini Nano on Android) for supplementary scam analysis. This analysis runs entirely on your device. No message content, analysis prompts, or AI outputs are sent to our servers, to Apple, or to Google. On-device AI model availability is controlled by your operating system, not by Dignity Labs.
We store: vote choice, voter's anonymous UUID, vote timestamp, and session description. We do NOT store screenshots, images, or the content being voted on. Votes are visible to family members only. Vote data is deleted when the session is closed or after 7 days.
We fetch alerts from our servers based on your family's region. We do not track which alerts you view. Alerts are cached locally for offline access and refresh automatically. When you tap through to a source website, that site has its own privacy policy.
Your data is stored on servers provided by Supabase, Inc., located in the United Kingdom (London, eu-west-2). Supabase complies with GDPR and maintains SOC 2 Type II certification. Supabase encrypts all stored data using AES-256 at rest. All connections use HTTPS/TLS. Row-level security ensures you can only access your family's data.
Note: Your code word is encrypted by the App before being sent to our servers. Even though Supabase also encrypts data at rest, we add our own encryption layer so that only your family can read the code word.
Our zero-PII architecture means your exposure in the event of a server breach is limited. Our application database contains only anonymous UUIDs and encrypted data. The only personal data held on our infrastructure is your email address and display name, stored by Supabase Auth for authentication purposes.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Cloud database, real-time sync, authentication | supabase.com/privacy |
| RevenueCat | Subscription management and entitlements | revenuecat.com/privacy |
| Google Sign-In | Authentication | policies.google.com/privacy |
| Apple Sign-In | Authentication | apple.com/legal/privacy |
| Google Web Risk | URL threat checking (Pro feature, via our server) | policies.google.com/privacy |
| IPQS | URL, email, and phone threat intelligence (Pro feature, via our server) | ipqualityscore.com/privacy-policy |
| EmailRep | Email reputation checking (Pro feature, via our server) | emailrep.io/privacy |
| Apple Foundation Models | On-device AI analysis (iOS, no data transmitted) | apple.com/legal/privacy |
| Google ML Kit / Gemini Nano | On-device AI analysis (Android, no data transmitted) | developers.google.com/ml-kit |
| Data Type | Retention Period |
|---|---|
| Active family data | Retained while family group exists |
| Deleted family data | Permanently deleted within 30 days |
| Authentication data | Deleted within 30 days of account deletion request |
| Local device data | Deleted immediately when you leave a family |
| Check-in records | Retained while family group exists |
| Check-in schedules | Retained while family group exists; deleted on member departure |
| Vault entries and files | Retained while family group exists; deleted on member departure or account deletion |
| Waves | Retained while family group exists |
| Audit log entries | Retained for legal protection (orphaned UUID after account deletion) |
| Deleted account records | 30-day reactivation window, then 6-year retention under UK Limitation Act 1980 |
| Support correspondence | 2 years from last contact |
To delete all your data from our servers: Open the App → Settings → Delete Account → Confirm. This removes your UUID, memberships, check-ins, vault entries, waves, and all associated data. If you are the last member of a family, the entire family group is deleted. Alternatively, Settings → Leave Family removes your data from a specific family group.
To delete authentication data: Contact admin@dignitylabs.co.uk to request deletion of your Supabase Auth record.
We will process deletion requests within 30 days.
| Question | Answer |
|---|---|
| Do you sell my data? | No, never |
| Do you store my name or email? | Not in our application database. Authentication data is held by Supabase Auth. |
| Can you read my code word? | No, it's end-to-end encrypted |
| Can you read my vault entries? | No, they're end-to-end encrypted |
| Can you see messages I scan? | No, scanning happens on your device only. On-device AI also runs locally. |
| Where is my data stored? | UK (London, eu-west-2) |
| Can I delete my data? | Yes, via Settings → Delete Account, or contact us |
| Do you track me? | No. No analytics, no location tracking, no profiling. |
This addendum was last updated on 9 May 2026.
© 2026 Dignity Labs Ltd · Company 16954194 · Registered in England and Wales · All rights reserved