Privacy Policy | MRGCALL Emergency Response App

MRGCALL™ is built on a simple principle: your personal data stays on your device. We do not access, store, or control your personal data. This policy explains exactly what little we do handle — and why.

Built with privacy by design — minimal data, no tracking, no compromise.

1. Who We Are

MRGCALL is a product of Automyxor Ltd, a company registered in England and Wales (Company No. 16513734). If you have any questions about this policy, please contact us at [email protected].

Automyxor Ltd is the data controller responsible for any personal data processed in connection with MRGCALL.

We are registered with the Information Commissioner's Office (ICO) under registration reference ZC086015. We are not required to appoint a Data Protection Officer under UK GDPR Art. 37; Wiktor Pacocha, Director, is the contact for all data protection matters.

2. What Data Is Involved and Where It Lives

MRGCALL is built so that almost no personal data ever reaches us. Most of what the app uses stays on your device. A small amount passes through our systems only at the moment of an emergency, and we hold almost nothing about you long-term.

Stored only on your device — we never see it

Name — entered in the app, spoken aloud in the emergency voice call.
Date of birth — optional, spoken in the emergency call.
Home address — fallback location if GPS is unavailable.
Your own phone number — the reachback number you provide during setup. Used as the callback line in the automated voice call to your emergency contacts and included in the SMS body so contacts can call you back. Stored on your device via Keystore-encrypted SecureStore; never written to our server logs in plaintext (only as a one-way SHA-256 hash for rate-limiting purposes when dispatching to your contacts).
Temporary travel address and travel phone number (optional) — used during holidays or short trips when you're away from your usual address. The travel address overrides your home address as the fallback location if GPS fails during a trip. The travel phone is used as the reachback number while the holiday mode is active. Both auto-expire on the date you set in the app. Stored on your device only.
Care home address — optional. Used only when Care Home Mode is active. Included in SMS and voice alerts to your emergency contacts so they know where the resident is based.
Medical information (special category data) — optional. Allergies, conditions, blood type, medications. Stored in encrypted device storage. Special category data under Art. 9 UK GDPR.
Emergency contacts — names and phone numbers.

This data is held in Android encrypted secure storage (Expo SecureStore) on your phone. It is never transmitted to Automyxor Ltd's servers and we have no copy of it.

Processed transiently when you trigger an emergency

GPS location — captured at the moment you press the SOS button AND again at the 5-minute follow-up alert, so contacts receive your current location even if you have moved. Used to reverse-geocode your address and include a map link in alerts.
Recipient phone numbers and alert message content — sent through our encrypted proxy server to Twilio for immediate transmission.
Automated voice messages — MRGCALL uses text-to-speech to convert your stored details into an automated voice call. This is not a recording of your voice and is not artificial intelligence; it is a synthesised announcement of the information you have entered.

This data passes through Automyxor Ltd's proxy server in real time. It is not stored, logged, or retained in personally identifiable form once the alert has been dispatched. Lawful basis: vital interests (Art. 6(1)(d) UK GDPR) and, for medical information, Art. 9(2)(c) UK GDPR.

Anonymous error reports (crash diagnostics)

MRGCALL may send anonymous error reports to help diagnose crashes. These reports contain only the error class name, app version, device model, Android version, a 64-bit one-way hash that groups similar crashes, and a flag indicating whether an emergency dispatch was active. No personal data — name, address, phone numbers, contacts, medical information, location — is included. You can disable this in Settings → Send anonymous error reports.

Two crash-report paths exist, with different retention periods:

Automatic anonymous reports — sent to our proxy server (operated by Automyxor Ltd on Railway infrastructure) at the moment a crash occurs, rate-limited to one report per device per hour. Retained for up to 12 months for diagnostic clustering, then deleted.
Manual email reports — if you tap "Send crash report" on the app's recovery screen, your phone's default mail app composes a redacted email to [email protected]. Email content is automatically redacted to remove email addresses, postcodes, Eircodes, and phone-number patterns before reaching the composer, and you can review and edit the body before sending. Received emails are retained for up to 24 months for individual case investigation.

Lawful basis: legitimate interests (Art. 6(1)(f) UK GDPR) — diagnosing crashes to maintain a reliable life-safety service. We have assessed that this processing is necessary, proportionate, and does not override your rights, and you can object at any time via the Settings toggle.

Invite SMS to your emergency contacts

When you tap Send invite (or Send invite to care home) in MRGCALL, the recipient's phone number is sent through our proxy server to Twilio (or Telnyx on fallback) so a one-off introduction SMS can be delivered. The SMS tells the recipient that you have listed them as an emergency contact and explains that replying STOP opts them out of SMS alerts only — voice calls may still reach them in a genuine emergency. The recipient's phone number is not retained in personally identifiable form once the SMS has been dispatched; an irreversible hash is held for the rate-limiting and audit purposes described below.

Lawful basis: vital interests (Art. 6(1)(d) UK GDPR) — ensuring the people you have nominated to receive an emergency alert know they have been nominated and can respond appropriately when an alert actually fires. You can remove a contact at any time within the app; doing so prevents any future invite, alert, or follow-up to that number.

Held by us or our processors

Email address — only if you join our waitlist via the website. Stored with Kit.com.
Operational logs — for every request that reaches our proxy server (emergency dispatch, follow-up, invite SMS, crash report), we retain a timestamp, the request type, an HTTP response code, the source IP, and a one-way SHA-256 hash of the recipient phone number. These logs are kept for the duration our hosting provider Railway retains logs under their standard plan (currently approximately 7–30 days depending on plan tier) for the following purposes: rate-limit enforcement (preventing abuse against you or your contacts), carrier-compliance evidence (UK telecoms providers can require us to demonstrate that any number we dialled or messaged was acting on a legitimate trigger), and security troubleshooting. This audit log state is non-persistent — it resets when our server redeploys and is not exportable to long-term storage in v1.0. Durable audit log with explicit retention is on our roadmap for a future release. Raw phone numbers, names, addresses, medical details, alert content, and GPS coordinates are never written to the log. Lawful basis: vital interests (Art. 6(1)(d) UK GDPR) for invite-SMS and emergency-dispatch logs (a tamper-evident audit trail is essential to keep the service available to you when you need it); legitimate interests (Art. 6(1)(f)) for crash-report and operational logs.
Subscription and billing data — handled entirely by Google Play Billing. Subscription state is mediated by RevenueCat acting as our subscription processor (see Third-Party Services below). We do not receive or store payment card details.

3. Third-Party Services

We use a small number of trusted third-party services to deliver MRGCALL's core functionality:

Twilio — makes emergency phone calls and sends SMS alerts to your nominated contacts. Twilio receives the recipient phone numbers and message content at the moment of an emergency. See Twilio's Privacy Policy.
Telnyx — fallback voice and SMS provider used if Twilio is unavailable. Same data flow as Twilio: receives recipient phone numbers and message content only at the moment of an emergency. See Telnyx's Privacy Policy.
Nominatim / OpenStreetMap — converts your GPS coordinates into a readable street address (reverse geocoding). No account or personal data is required. See OSM's Privacy Policy.
Kit.com — manages our waitlist. If you sign up, your email is stored with Kit.com and governed by their privacy policy. See Kit.com's Privacy Policy.
RevenueCat — manages subscription state for paid features. RevenueCat receives an anonymous device identifier, your country and language settings, and Google Play Billing receipt tokens at the moment of purchase or renewal. RevenueCat does not receive your name, contacts, location, or medical information. See RevenueCat's Privacy Policy.

We do not use any advertising networks, analytics trackers, or data brokers. We do not sell, rent, or share your data with any other third party.

Some third-party providers (notably Twilio and RevenueCat) process data outside the UK and European Economic Area, including in the United States. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum, as approved by the ICO under Art. 46 UK GDPR.

4. No Ads. No Tracking. No Data Selling.

MRGCALL contains no advertising, no behavioural tracking, and no analytics SDKs that profile you. We do not sell or monetise your personal data in any way. The app is funded entirely by subscription fees.

5. Your Rights Under UK GDPR

We process limited personal data on the following lawful bases under Art. 6 UK GDPR:

Vital interests (Art. 6(1)(d)) — to transmit emergency alerts and location data when you trigger the SOS button, in order to protect your life or the life of another person.
Contract (Art. 6(1)(b)) — to provide the app and subscription service you have signed up for.
Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the service.
Consent (Art. 6(1)(a)) — for waitlist signup and any optional communications.

For special category data (health and medical information), our lawful basis depends on the moment of processing:

Storage and setup — when you enter medical information into the app, we rely on Art. 9(2)(a) UK GDPR — explicit consent. By entering each medical field and saving it, you give explicit consent to its storage in the app and its inclusion in any future emergency alert you trigger. You may withdraw consent at any time by deleting the data within the app or uninstalling the app.
Emergency dispatch — when you trigger an alert, we rely on Art. 9(2)(c) UK GDPR — vital interests, on the basis that you may be physically or legally incapable of giving consent at that moment.

We do not carry out profiling, behavioural advertising, or solely automated decision-making with legal effect.

If you are based in the UK or EU, you have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — ask us to delete your data (the "right to be forgotten").
Restriction — ask us to limit how we use your data.
Portability — request your data in a structured, machine-readable format.
Objection — object to how we process your data.
Withdraw consent — where processing is based on consent, you can withdraw it at any time.
Complain to the ICO — you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.

Because app data is stored only on your device, you can exercise most of these rights instantly by deleting the app. For waitlist data or any other request, email [email protected] and we will respond within 30 days.

6. Data Retention

App data on your device — retained until you delete it within the app or uninstall the app. We never hold a copy.
Waitlist email — retained by Kit.com until you unsubscribe or email us to request deletion. Deleted within 30 days of request.
Emergency alert content (names, numbers, locations, message body) — not retained. Cleared from our proxy memory immediately after dispatch.
Operational logs — see Section 2 → "Held by us or our processors" for the full field list, content scope, and lawful basis. Retained for the duration our hosting provider Railway retains logs under their standard plan (currently approximately 7–30 days depending on plan tier), then deleted. This audit log state is non-persistent — it resets when our server redeploys and is not exportable to long-term storage in v1.0. Durable audit log with explicit retention is on our roadmap for a future release.
Subscription records — held by Google Play under their retention policy. We retain transaction identifiers for accounting and tax purposes for 6 years (UK Companies Act / HMRC requirement).

7. Data Breach Notification

In the unlikely event of a personal data breach affecting your data, we will notify the Information Commissioner's Office within 72 hours of becoming aware where required under Art. 33 UK GDPR. Where the breach poses a high risk to your rights and freedoms, we will notify you directly without undue delay under Art. 34 UK GDPR.

8. Children

MRGCALL accounts must be held by a person aged 18 or over. The app may be used to support a person of any age (including children, or adults lacking mental capacity) provided the account holder is an adult with legal authority to act on their behalf — for example a parent, guardian, person holding a Lasting Power of Attorney, court-appointed deputy, or registered care provider acting under the Mental Capacity Act 2005. We do not knowingly process personal data submitted directly by a child under 13 (the minimum age for valid consent under Art. 8 UK GDPR). Where a child's data is processed via an adult account holder, processing is on the lawful basis of the account holder's vital-interests duty toward the supported person. If you believe a child has set up an account independently, please contact us at [email protected] and we will investigate.

9. Changes to This Policy

We may update this policy from time to time. We will indicate the effective date at the top of this page. For material changes, we will notify waitlist subscribers by email. Continued use of MRGCALL after any changes constitutes acceptance of the updated policy.

10. Contact

For any questions, requests, or concerns about your privacy:

Automyxor Ltd
Registered in England and Wales · No. 16513734
[email protected]

This Privacy Policy is governed by the laws of England and Wales.

11. Emergency Use Disclaimer

MRGCALL is designed to support users during urgent situations by helping them notify contacts and share critical information quickly.

MRGCALL is not an emergency service. It does not contact police, ambulance, or fire services automatically and must not be relied upon as a substitute for professional emergency response.

In any life-threatening situation, users should immediately contact local emergency services (e.g. 999 in the UK or 112 in the EU).

We do not guarantee delivery speed, network availability, or successful contact with emergency contacts, as this depends on device status, signal, and third-party providers.

MRGCALL is currently available only to users with UK Google Play accounts. EU and EEA availability is planned for a future release. At that point this Privacy Policy will be updated to identify an EU Article 27 representative.

12. Service Limitations

MRGCALL relies on device functionality, mobile network availability, and third-party providers.

In certain situations — including but not limited to lack of signal, low battery, device restrictions, or third-party service disruption — alerts may be delayed, incomplete, or not delivered.

Users are responsible for ensuring their device is functional and should not rely solely on MRGCALL in critical situations.