Privacy Policy

How we collect, use, and protect your information when you use Radar Pack.

Privacy Policy

Last updated: April 7, 2026

This Privacy Policy describes how Sunbeam Software ("we", "us", or "our") collects, uses, and protects your information when you use the Radar Pack service.

1. Information We Collect

Account Information:

  • Email address and contact information
  • Phone number (if you choose to provide it for SMS text message delivery)
  • Billing information (processed by third-party payment providers)
  • Account preferences and settings

WordPress Site Data:

  • WordPress core version and update status
  • Installed plugin and theme versions
  • Security vulnerability status
  • SSL certificate information and expiration dates
  • Database health metrics (size, optimization status)
  • SEO configuration (robots.txt, sitemap availability)
  • Server response times and availability status

Technical Information:

  • IP addresses for rate limiting and security
  • Browser and device information for service optimization
  • Usage patterns and feature interaction data

Mobile App Data:

  • Device identifiers (a unique device ID, device platform, and device description)
  • Push notification identifiers (Expo Push tokens used to deliver alerts to your device)
  • TOTP authentication secrets (stored locally on your device only and never transmitted to our servers after initial pairing)
  • Alert notification content (stored on our servers and fetched by the app for notification history)
  • Login context information (IP address, browser, operating system, and approximate location) displayed in push-based login approval notifications

2. How We Collect Information

WordPress Plugin: Our WordPress plugin securely transmits site health data using RS256 cryptographic authentication. The plugin operates with read-only permissions and does not store or transmit:

  • WordPress admin passwords or login credentials
  • Post content, page content, or media files
  • User personal information from your WordPress database
  • Customer or visitor data from your websites

Dashboard Usage: We collect information about how you interact with our dashboard to improve the service and provide better user experience.

Mobile App: The Radar Pack mobile app is a companion to the dashboard. It is paired to your account by scanning a QR code. During pairing, the app receives a TOTP secret for two-factor authentication and registers a push notification token with our servers. Camera access is used solely for scanning the pairing QR code — no images or video are captured or stored. If you enable app lock, biometric authentication (such as Face ID, Touch ID, or fingerprint) is used to protect access to the app. Biometric data is processed entirely on your device by the operating system and is never accessed, collected, or transmitted by Radar Pack. The app does not use or request location data.

SMS Opt-In: If you choose to enable SMS alerts, we collect your phone number and record your explicit consent at the time of opt-in. Consent is captured through a checkbox and disclosure presented within the Radar Pack dashboard (during account creation or in Account Settings → Notifications). We do not collect phone numbers through any other channel and do not enroll users in SMS messaging without their affirmative consent. For full details on our SMS consent flow, see Section 3.1 below and our SMS Consent & Messaging Disclosure page.

3. How We Use Your Information

We use collected information to:

  • Provide WordPress monitoring and security scanning services
  • Send alerts (including via email, SMS text message, and mobile push notification, if enabled) about vulnerabilities, SSL expiration, and updates
  • Generate reports and analytics dashboards
  • Improve our service and develop new features
  • Communicate with you about your account and service updates
  • Ensure platform security and prevent abuse

3.1 SMS and Phone Number Usage

Consent and Opt-In: SMS messaging is entirely optional. Users opt in by providing their phone number during account creation or within Account Settings → Notifications in their Radar Pack dashboard. At the point of opt-in, users are presented with a clear consent disclosure and must check a consent checkbox before SMS alerts are enabled. The consent disclosure reads:

"By entering your phone number and selecting SMS alerts, you agree to receive transactional SMS text messages from Radar Pack related to account authentication (such as one-time passcodes) and critical service alerts (such as website monitoring, downtime, security issues, and SSL expiration). Message frequency varies. Message and data rates may apply. Reply STOP to opt out. Reply HELP for help. Customer care: [email protected]."

Upon opting in, users receive a confirmation SMS message verifying their enrollment.

Types of Messages Sent: Radar Pack sends only transactional SMS messages, including:

  • One-time passcodes (OTP) for login or account verification
  • Critical website monitoring alerts (downtime, security issues, SSL expiration)
  • Account-related security notifications

Radar Pack does not send promotional or marketing SMS messages.

Message Frequency: Message frequency varies based on your account activity and the monitoring alerts configured for your sites.

Message and Data Rates: Standard message and data rates from your wireless carrier may apply.

Opt-Out: You may opt out of SMS messages at any time by replying STOP to any message received from Radar Pack. You may also disable SMS alerts within your Account Settings. Upon opting out, you will receive a final confirmation message and no further SMS messages will be sent.

Help: Reply HELP to any message for assistance. Customer care: [email protected].

Privacy of Mobile Information: Mobile information, including phone numbers, will not be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Carrier Liability: Carriers are not liable for any delayed or undelivered messages.

For complete details on our SMS messaging program, including sample messages and a visual representation of the opt-in flow, see our SMS Consent & Messaging Disclosure page.

4. Information Sharing

We do not sell, trade, or rent your personal information. Mobile information (including phone numbers) will not be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We may share information only in these limited circumstances:

Service Providers: We work with trusted third-party providers for:

  • Payment processing (payment information is handled directly by payment processors)
  • Email delivery for alerts and communications
  • SMS delivery for transactional alerts and authentication (via Twilio)
  • Infrastructure and hosting services
  • Security vulnerability data (via Wordfence database integration)
  • Push notification delivery for the mobile app (via Expo Push Service)

Legal Requirements: We may disclose information if required by law, legal process, or to protect our rights and users' safety.

5. Data Security

We implement industry-standard security measures:

  • All data transmission uses HTTPS encryption
  • RS256 cryptographic authentication for WordPress plugin communication
  • Timestamp-based request validation to prevent replay attacks
  • IP-based rate limiting and abuse detection
  • Regular security audits and monitoring
  • Secure data storage with encryption at rest
  • TOTP secrets and device credentials stored in platform-secure storage (iOS Keychain and Android Keystore)

6. Data Retention

We retain your information as follows:

  • Account Information: Until you delete your account. When you delete your account, your data is retained for a 30-day grace period during which you may cancel the deletion by logging back in. After the grace period, all account data is permanently deleted.
  • Monitoring Data: Historical data is retained for reporting purposes, typically up to 2 years
  • Security Logs: Retained for security and compliance purposes, typically 1 year
  • Billing Information: Retained as required for accounting and legal purposes
  • SMS Consent Records: Retained for the duration of your account and for a reasonable period after account deletion for compliance purposes
  • Mobile App Data: Server-side device data (device ID, push token, device description) is deleted when the device is unpaired. Local app data (TOTP secret, alert history) is deleted when the user unpairs or resets the app. No analytics or tracking data is collected by the mobile app.

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal information through the data export page in your dashboard or by contacting us
  • Correction: Update or correct your account information
  • Deletion: Delete your account directly from the dashboard at any time. Deletion begins a 30-day grace period, after which your account and all associated data are permanently removed. You may cancel the deletion during this period by logging back in. You can also request deletion by contacting us.
  • Portability: Request an export of your data through the data export page in your dashboard
  • Opt-out of SMS: Reply STOP to any SMS message or disable SMS alerts in Account Settings
  • Opt-out of emails: Use unsubscribe links in non-essential emails when provided

To exercise these rights, contact us by email at [email protected].

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Maintaining your login session
  • Remembering your preferences
  • Analyzing service usage patterns
  • Improving security and preventing fraud

You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

9. International Data Transfers

Your information may be processed and stored in countries other than your residence. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable privacy laws.

10. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such information has been collected, we will delete it promptly.

11. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice in our dashboard. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related questions or requests, please contact us by email at [email protected].

We will respond to privacy requests within 30 days of receipt.