Privacy Policy

1. Who We Are

oomfcheck ("we", "us", "our") is a notification service that allows registered users ("subscribers") to receive messages from their Twitter/X followers and, if they do not respond within a configured period, to have their nominated emergency contact notified.

By using oomfcheck you agree to this Privacy Policy. If you do not agree, please do not use the service.

2. Data We Collect

Subscribers

• Full name
• Mobile phone number (E.164 format)
• Twitter / X handle and numeric user ID
• Emergency contact name and mobile phone number
• Account settings (response window, panic alert thresholds)
• Twitter OAuth 2.0 access and refresh tokens (used to verify follower relationships and follow the oomfcheck bot)

Requesters (people sending messages)

• Name and email address (provided on the message form)
• Twitter / X handle and numeric user ID (verified via OAuth sign-in)
• Message content
• Payment confirmation data (PayPal order ID and capture ID — we do not store card details)

Automatically collected

• IP address (used for rate limiting; not stored long-term)
• SMS delivery records (Twilio SID, status, recipient phone number)
• Twitter account status check results (account active/inactive, last tweet date)

3. How We Use Your Data

• To operate the service: verify identities, send SMS notifications, process payments, and dispatch emergency contact alerts
• To verify that a message sender follows the relevant subscriber on Twitter/X
• To detect inactivity on your Twitter/X account as a potential welfare signal
• To prevent abuse via rate limiting

We do not sell your data. We do not use your data for advertising. We do not share your data with any party other than the third-party service providers listed in Section 5, to the extent necessary to operate the service.

4. Data Visibility and Privacy Protections

• A subscriber's full name, phone number, and Twitter handle are never disclosed to requesters or to their emergency contact via this service.
• Emergency contact SMS alerts contain only the subscriber's first/display name — no handle or phone number.
• Public search on oomfcheck returns only a subscriber's Twitter handle and active status.
• Subscriber login requires both the registered Twitter handle and the registered phone number.

5. Third-Party Service Providers

oomfcheck relies on the following third-party providers to deliver its functionality. By using oomfcheck, you acknowledge that your data is also processed by these providers under their respective terms and privacy policies:

Twitter / X (privacy policy)

We use the Twitter/X API v2 to look up account information, retrieve follower lists, and verify user identity via OAuth 2.0 sign-in. Your Twitter/X OAuth access token is stored on our servers to enable follower verification. Your use of Sign in with X is subject to X's Terms of Service.

Twilio (privacy policy)

We use Twilio to send SMS messages to subscribers (verification codes, message notifications, login codes) and to emergency contacts (escalation alerts). Phone numbers are transmitted to Twilio for this purpose. Twilio's delivery and logging policies apply.

PayPal (privacy policy)

We use PayPal to process the $1 payment required to send a message. Payment is handled entirely by PayPal's hosted checkout. We store only the PayPal order ID and capture ID for record-keeping — we do not receive or store card numbers or bank details. Your payment data is subject to PayPal's privacy policy and terms.

6. Data Retention

• Subscriber accounts and associated data are retained for as long as the account is active.
• Reach-out records, messages, and SMS logs are retained indefinitely for audit purposes unless deletion is requested.
• Login OTP codes are invalidated after 10 minutes and cannot be reused.
• OAuth tokens are updated or removed when a user signs out or re-authenticates.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you. To make a request, contact us at the address below. We will respond within 30 days.

8. Security

We use HTTPS, encrypted sessions, bcrypt password hashing, and parameterised database queries throughout the service. OAuth tokens are stored server-side and never exposed to the browser. However, no system is perfectly secure and we cannot guarantee absolute security of your data.

9. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy enquiries or data deletion requests, please contact us via the oomfcheck website.