Privacy Policy

Last updated: May 2026

PairCast lets a "senior" share their phone screen with a "helper" (typically a family member) over a peer-to-peer WebRTC connection, with an optional voice call. This page describes exactly what we collect, what we send to third parties, and what we deliberately don't see.

The short version

• Your screen content and your voice never reach our servers. Both flow directly between the senior's device and the helper's device over WebRTC, encrypted end-to-end.
• We do collect your phone number, your name, a per-device identifier, and family-link records — the minimum we need to route invites and connect paired devices.
• You can delete your account in-app from Settings → Delete Account, which permanently removes everything we hold about you from our servers.
• Diagnostic logs are off by default. If you want to help us debug, you can opt in at Settings → Share Diagnostics.

Data we collect

When you create an account and use PairCast, we collect:

• Phone number — used as your account identifier and so paired family members can see your name correctly in their contacts. Stored on our server, plus a copy on your own device for local display.
• Name — the display name you choose, shown to your family members when they receive an invite or call from you.
• Per-device identifier (UUID) — generated on first launch; identifies your install, not you. Replaced on a full reinstall.
• Push notification token — issued by Apple or Google when you grant notification permission, used to wake the app when a family member calls.
• Family links — the senior ↔ helper pairings you approve, and the relationship label you choose ("daughter", "caregiver", etc.).
• Session metadata — when a help session starts and ends, the random six-character room code, which two accounts were paired for it, total duration, and whether you tagged the session "good" or "bad" after. No audio or video.
• Subscription receipt — the receipt token from Apple or Google when you subscribe, so we can confirm the subscription is active. We never see your payment card.
• Diagnostic logs (off by default) — only collected if you turn on Settings → Share Diagnostics. When on, we send error messages and operational events alongside a small device fingerprint: OS version, device model, app version, locale, timezone, free memory, battery percentage, and network type. We do not collect screen content, screenshots of the app, or any text you've typed.
• Server operational logs — our signaling server keeps short-term logs of HTTP errors, authentication failures, and rate-limit events so we can diagnose problems. Each log line includes only: the first 8 characters of your device UUID, the API endpoint that was called, and a salted SHA-256 hash of your IP address (used to group repeated requests from the same source without storing the address itself). They never contain session tokens, full IP addresses, phone numbers, contacts, push tokens, or any screen or voice content. Logs live only on our infrastructure and are not shared with any third party.

What we deliberately don't collect

• Your screen content. Video frames flow directly between the senior's phone and the helper's device over WebRTC. They are encrypted end-to-end and our signaling server only sees the handshake (SDP / ICE), not the media.
• Your voice. Voice chat uses the same WebRTC peer-to-peer path; the audio stream never reaches our servers.
• Your contacts list. When you tap "Add Family Helper", the app reads your phone's contact list locally so you can pick someone — the list itself is never uploaded. Only the single phone number you tap is sent to our server, and only so we can check whether that person has PairCast installed.
• Your photos or media library. The app has no read access to your gallery.
• Your location. We never request the location permission.
• Your browsing history, calendar, health data, or any other on-device data outside the items listed above.

Phone-number verification — Google Firebase

To create or restore a PairCast account we verify the phone number you enter using Google Firebase Authentication, a service provided by Google LLC. When you tap Verify Phone, your phone number is sent to Google so that Google can deliver a one-time verification code (by SMS, or by silent push on iOS where possible) and confirm that you control the number. Google acts as a sub-processor for this single purpose; we do not share any other information about you with Google. Google's handling of the data is governed by Google's Privacy Policy and Firebase Privacy and Security.

Local Mirror (sharing your screen to a nearby device without an account) does not use Firebase — no phone verification step is involved.

Permissions the app asks for

• Notifications — so a helper's invite or a family member's call can wake the app.
• Microphone — only used during an active help session, for voice chat. Audio never leaves the WebRTC connection.
• Contacts — only when you tap Add Family Helper, used locally to pick someone. The contact list is never uploaded.
• Camera — for scanning a pairing QR code in the Local Mirror flow. Not used for online help sessions.
• Local network (iOS) — for WebRTC peer discovery on the same Wi-Fi when both devices are nearby.
• Screen recording / broadcast extension — the senior explicitly starts this from the system broadcast picker; the helper's app never has it.
• Accessibility Service (Android, optional) — when the senior turns on "Remote Touch" the helper can tap on their behalf. Off by default; revocable in system Settings.
• Photo Library / Media Store — only used when you tap the screenshot or stop-recording buttons during a session. Recordings are written to your own gallery, not ours.

Diagnostics — opt-in

Share Diagnostics is off by default; nothing is uploaded unless you turn it on in Settings → Diagnostics → Share Diagnostics. When you turn it on we send:

• Error messages (e.g. "ICE failed", "could not reach server"), the category of the error, and a coarse session id so we can group multiple events.
• Device fingerprint: OS version, model, app version, locale, timezone, free memory, battery percentage, network type (wifi / cellular).
• Anonymous post-session audio statistics: room code, role, round-trip time, packet counts — no actual audio.

We do not capture screenshots of the app or send anything you've typed.

Data retention

• Room codes live only as long as the session does (typically minutes) and are then discarded.
• Connection-layer logs on the signaling server are kept for no more than 14 days for operational debugging.
• Account data and family links are kept until you delete your account (or 24 months of total inactivity, whichever comes first).
• Diagnostic logs are deleted after 30 days.

Your rights

You can, from inside the app:

• See the name and phone number on your account in Settings → Account.
• Remove a helper from your family in Settings → My Helpers; they immediately lose access.
• Log out — clears local credentials; server-side data remains until you delete the account.
• Delete your account permanently in Settings → Delete Account. We purge your phone number, name, device record, family links, pairing requests, session history, subscription record, and any diagnostic logs from our database. Deletion cannot be undone.

For requests we can't service through the app (data portability, access to specific historical records, or rights specific to your jurisdiction such as GDPR / CCPA), email hello@paircast.app.

Children

PairCast is not directed at children under 13 and we do not knowingly create accounts for, or collect personal information from, anyone we know to be under 13. If you believe a child has an account, contact us and we'll delete it.

Changes

If this policy meaningfully changes, we'll update the date at the top of the page and notify active users in-app the next time they open it.

Contact

Questions or a privacy request? Email hello@paircast.app.

← Back to paircast.app