RadAware

RadAware Privacy Policy

Last Updated: March 2026

> *This document was drafted with AI assistance and should be reviewed by a licensed attorney before reliance.*

East2West Design LLC ("we," "us," "our") operates RadAware (radaware.com). This Privacy Policy describes how we collect, use, store, and share your information.

---

1. Information We Collect

| Data Type | When Collected | How Long Stored | Why | |-----------|---------------|-----------------|-----| | Email address | Registration | Account lifetime + 30 days | Authentication, alerts, billing | | Password (bcrypt hash) | Registration | Account lifetime | Authentication | | Name (optional) | Registration | Account lifetime | Display, communications | | Approximate location (grid cell, ~1 km) | Registration / device setup | Account lifetime + 30 days | Alert relevance, nearby sources | | Timezone | Registration | Account lifetime | Alert timing, digest scheduling | | Phone number (optional) | Settings (paid tiers) | Account lifetime | SMS alerts | | Device readings (CPM, µSv/h) | Device API submissions | Per tier retention policy | Core service functionality | | Device metadata (type, name) | Device registration | Account lifetime | Service functionality | | IP address | Every request | 90 days (server logs) | Security, abuse prevention | | Stripe customer ID | Checkout | Account lifetime | Payment processing | | Alert history | Alert generation | Per tier retention policy | Service functionality | | Family contact info (Home+ tiers) | Settings | Account lifetime | Family notifications |

Reading Retention by Tier

| Tier | Reading History | |------|----------------| | Free | 7 days | | Personal | 90 days | | Home | 1 year | | Community | Unlimited |

---

2. Information We Do NOT Collect

  • Precise GPS coordinates — We store only approximate grid cells (~1 km resolution), never raw latitude/longitude
  • Payment card numbers — All payment processing is handled by Stripe; we never see or store your card details
  • Browsing history or cross-site tracking — We do not use Google Analytics or any third-party analytics that tracks your behavior across websites
  • Biometric data
  • Social media profiles

    • ---

    3. How We Use Your Information

    We use your information solely for:

  • Operating the Service: Processing sensor data, generating alerts, displaying readings
  • Sending alerts: Email and SMS notifications based on your preferences and subscription tier
  • Processing payments: Managing your subscription through Stripe
  • Improving the Service: Aggregated, anonymized analysis of sensor data patterns
  • Security: Detecting and preventing abuse, unauthorized access, and fraud
  • Legal compliance: Responding to valid legal process

    • We do not use your information for advertising, profiling, or any purpose unrelated to operating RadAware.

    ---

    4. Information Sharing

    We share your information only with these third-party service providers, and only the minimum data necessary:

    | Provider | Data Shared | Purpose | |----------|-------------|---------| | Stripe | Email, subscription details | Payment processing | | SendGrid | Email address | Email delivery (alerts, digests) | | Twilio | Phone number | SMS delivery (paid tiers) |

    Public map: If your device is set to public, your device's grid cell location and aggregated readings are displayed on the public map. No personally identifying information is shown.

    We do NOT:

  • Sell your personal information to anyone
  • Share your data with advertisers
  • Share your data with data brokers
  • Use your data for targeted advertising

    • Law enforcement: We will disclose information only in response to valid legal process (subpoena, court order, or warrant). We will notify you of such requests unless legally prohibited from doing so.

    ---

    5. Data Security

    We implement reasonable technical and organizational measures to protect your data, including:

  • Passwords hashed with bcrypt (cost factor 12)
  • API keys hashed with SHA-256
  • Encrypted connections (TLS/HTTPS) for all data in transit
  • Database access restricted to application service accounts
  • No storage of raw GPS coordinates (grid cells only)

    • No system is perfectly secure. We cannot guarantee absolute security of your data.

    ---

    6. Your Rights

    You have the right to:

  • Access your data via the dashboard or by contacting us
  • Export your data (Community tier via API; all tiers upon request)
  • Delete your account and all associated data (self-service via Settings > Delete Account, or by contacting us)
  • Correct inaccurate information in your account settings
  • Opt out of marketing communications
  • Opt out of weekly digest emails (via account settings or unsubscribe link)

    • To exercise these rights, contact us at privacy@radaware.com or use the relevant controls in your account settings.

    ---

    7. Account Deletion

    You can delete your account at any time through Settings > Delete Account in the dashboard, or by contacting us at privacy@radaware.com. Account deletion requires password confirmation.

    When you delete your account:

  • Your account data, device registrations, readings, and alert history are permanently deleted immediately
  • Any active Stripe subscription is canceled automatically
  • Stripe transaction records are retained for up to 7 years as required by tax and financial regulations
  • Server logs containing your IP address are retained for up to 90 days, then automatically purged
  • Any data displayed on the public map from your devices is removed immediately

    • ---

    8. Cookies

    RadAware uses only essential cookies required for the Service to function:

  • Authentication cookie: Stores your encrypted session token (httpOnly, secure, sameSite=strict)

    • We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

    ---

    9. Children's Privacy

    RadAware is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly.

    ---

    10. California Residents (CCPA/CPRA)

    Although RadAware may not currently meet the thresholds requiring CCPA/CPRA compliance, we voluntarily provide the following disclosures:

    Categories of personal information collected: Identifiers (email, name, phone number), approximate geolocation (grid cell), internet activity (IP address, device readings), and commercial information (subscription tier).

    Purpose of collection: Operating the Service, as described in Section 3.

    Sale of personal information: We do not sell your personal information. We have not sold personal information in the preceding 12 months.

    Do Not Sell My Personal Information: Because we do not sell personal information, no opt-out mechanism is necessary. If this changes, we will provide one.

    Right to know, delete, and opt out: See Section 6 above.

    ---

    11. Data Breach Notification

    In the event of a data breach affecting your personal information, we will notify you by email within 72 hours of discovery, in accordance with the North Carolina Identity Theft Protection Act (N.C.G.S. § 75-61 et seq.) and any other applicable state laws.

    ---

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The "Last Updated" date at the top of this page indicates when this policy was last revised.

    ---

    13. Contact Us

    If you have questions about this Privacy Policy or your data, contact us at:

    East2West Design LLC North Carolina, United States Email: privacy@radaware.com