How your information is handled when you use Panic SOS.
This Privacy Policy explains what information the Panic SOS Android application ("the app") processes, why, and what choices you have. The app is published by Zoran Gojković ("we", "us").
Panic SOS helps people during and after panic attacks through breathing exercises, grounding techniques, an optional heart-rate check, an optional guided voice, a calming-sounds library, interoceptive and in-vivo exposure tools, and a private journal. It is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. If you are in crisis, contact emergency services or a mental-health professional.
The following data is stored on your phone in Android's private app-sandbox storage and is never transmitted to us or anyone else unless you opt in to Cloud Sync (see §5):
You can erase all of this at any time through Android Settings → Apps → Panic SOS → Storage → Clear data, or by uninstalling the app.
android.permission.CAMERA)Used only for the optional heart-rate check. The rear camera and flash read tiny colour changes in your fingertip (photoplethysmography) to estimate your pulse. No video or image is recorded, saved, or transmitted. Only a single average-brightness number per frame is processed in memory and discarded.
android.permission.RECORD_AUDIO)Used only for the optional Safe Voice feature (Pro), which lets you record a short reassuring message from yourself or a loved one. The recording stays on your device and is never uploaded.
android.permission.SEND_SMS)Used only for the optional Emergency SOS Contact feature (Pro). When you explicitly tap the SOS button, the app sends one text message with your pre-approved text and (optionally) your location to the contacts you have chosen. The app never sends SMS automatically or in the background.
ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, FOREGROUND_SERVICE_LOCATION)Used only when you explicitly opt in:
Location is never collected in the background, never shared with third parties, and never used for advertising. Coordinates from exposure sessions are stored only on your device (or, if you opt in to Cloud Sync, end-to-end encrypted — see §5).
POST_NOTIFICATIONS)Used for: optional reminders you set yourself (e.g. breathing practice reminders), the persistent notification while In-Vivo Exposure tracking is running, and the post-session debrief prompt. No marketing or third-party notifications are ever shown.
INTERNET, ACCESS_NETWORK_STATE)Used to verify your Pro entitlement with our server (see §4) and, if you opt in, to transmit your encrypted journal and exposure data via Cloud Sync (see §5). All other features of Panic SOS work offline.
When you buy Panic SOS Pro, Google Play gives the app a purchase token. The token is an anonymous string issued by Google and contains no personal information.
The token is sent to our server at
zorangojkovic.com so we can:
Our server stores only: the purchase token, the Google order ID (if Google sends us one), the product ID, the package name, the entitlement state, and timestamps. We do not store your name, email, IP address in relation to the purchase, device identifiers, or health data.
If Google issues a refund, or if we revoke a purchase (for example, in the case of confirmed fraud or chargeback), our server is notified through Google's Real-Time Developer Notifications (RTDN) and the Voided Purchases API. The app picks up that change on the next launch or refresh and turns Pro features off automatically. Revocation does not delete your journal or other on-device content.
Cloud Sync is an opt-in Pro feature. When enabled, it transmits your panic journal entries and exposure session logs to our server so they can be restored when you reinstall the app or switch devices. It is off by default.
Before any data leaves your phone, it is encrypted with AES-256-GCM using an encryption key that is derived from your Google Play purchase token and never sent to us in plaintext. We see only ciphertext blobs, the entry's anonymous client UUID, and a server-side timestamp. We cannot read the contents of your journal, view your notes, see your trigger tags, or reconstruct your exposure-session coordinates.
What is encrypted before upload:
What is not uploaded, even with Cloud Sync on:
You can turn Cloud Sync off at any time. To delete server-side encrypted records, use the in-app option or contact us (§10).
The Calming Sounds Library and the optional Guided Voice (short pre-recorded prompts during breathing and grounding exercises) are delivered as static audio files bundled inside the app. They are played locally only; the app never streams audio from any server, and using these features does not generate any network traffic. The Guided Voice is on by default and can be turned off in the More tab.
The PDF export option (Pro) generates a journal report on your device. The PDF is created entirely locally — it is never uploaded — and is handed to the Android system share sheet so you choose where it goes (email, messaging app, cloud storage, printer). What happens after you choose a destination is governed by that other app's privacy policy, not ours. The temporary PDF file is automatically replaced each time you generate a new one.
In-app purchases are handled by Google Play. Google's own Privacy Policy governs the payment process: policies.google.com/privacy. We never see your payment card or Google account credentials.
The information you record in Panic SOS — panic episodes, intensity, triggers, notes, exposure sessions, heart-rate readings — is "data concerning health" under Article 9(1) of the GDPR. We process this data only on the basis of your explicit consent, which you give by installing the app and (for Cloud Sync) by turning that feature on. You can withdraw consent at any time by turning Cloud Sync off, by clearing the app's data in Android Settings, or by uninstalling the app.
We do not sell or share health data with anyone. We do not use it for profiling, advertising, or training machine-learning models.
Panic SOS is rated Teen (13+). The app is not intended for children under 13, and we do not knowingly process data from children under 13. If you believe a child has used the app, please contact us (§13) and we will remove any associated purchase record on request.
Because the app stores your personal and health-related content locally, you control it directly: clearing the app data wipes everything. You may additionally exercise the following rights with respect to data we hold on our server (purchase records and, if you opted in, encrypted Cloud Sync blobs):
Send requests to fenixjzdev@gmail.com. We reply within 30 days. Because the data we hold is tied to a Google purchase token rather than your name or email, please include the token (visible in your Google Play purchase history) so we can locate your record.
If we change how the app processes data, we will update this page and bump the date below. Material changes will also be announced in the app's release notes on Google Play.
Zoran Gojković
Email: fenixjzdev@gmail.com
Website: zorangojkovic.com