foralerts Privacy Policy

Last updated : May 19, 2026

foralerts is provided by Science & Engineering Applications Ltd (Scienap). In this Privacy Policy, “foralerts”, “we”, “us”, and “our” refer to Scienap.

We believe that harm reduction should not come at the cost of your privacy. Our platform is built on the principle of Privacy by Design.

1. No Personal Data Collection

foralerts does not collect your "Personal Data" that can identify you.

  • No Accounts: You do not need to register, provide an email, or link a social media profile to use the app.
  • No Identifiers stored by foralerts: We do not store your phone’s details (called IMEI) or any advertising ID, or push notification tokens on our own servers. We only know your IP (internet) address for as long as it takes us to send you information, we do not store it.
  • No Tracking: We do not use third-party tracking cookies or marketing analytics.
  • No Personal Message Content in Push Notifications: If you enable push notifications (these are messages sent by us to you), foralerts only sends a generic notification, such as: “You have a new foralerts message.” The notification does not include the message itself, sender details, report details, location details, substance information, or other private content.

2. Information We Process

We process drug safety information to provide public safety alerts. This includes:

  • User provided information: Descriptions of substances, side effects, or localized risks that you can optionally choose to provide us.
  • Photos: Images submitted of packaging or substances. Note: Please do not include faces or identifiable landmarks in photos.
  • Location: We ask for a general area (e.g., a postcode or local authority district) so we can send alerts to the right people.
  • Push notifications: If you choose to enable push notifications (recommended), foralerts may send a generic notification to your device telling you that a new foralerts message is available. After receiving the notification, the app retrieves the message from foralerts’s servers.

    We use Firebase Cloud Messaging, provided by Google, to deliver push notifications. On Apple devices, notifications are also delivered through Apple Push Notification service. These services use app/device notification tokens and related technical delivery information to route notifications to the correct device.

    foralerts does not store push notification tokens on our own servers and does not use them to identify you. Apple, Google, and Firebase may process technical information necessary to provide their app store, operating system, and push notification services. This may allow them to know that your device has installed foralerts and/or received a foralerts notification. The notification text is generic and does not reveal the contents of your foralerts message.

    You can turn push notifications off at any time in your device settings.

3. How Information is Shared

Anonymous information is shared with our Partners, which may include:

  • Local Authorities, NHS services, Public Health teams.
  • Harm reduction charities or universities.
  • Emergency services.
  • Any organisation that has a legitimate reason for seeing the information you provide for local, national or international harm reduction and safety purposes.

We or our partners may publish the information to the general public for harm reduction and safety purposes. It may be published using the foralerts app.

Push Notification Service Providers: Where push notifications are enabled, technical push notification information is processed by Google/Firebase and, on Apple devices, Apple, to support delivery of generic push notifications. foralerts does not share message content, report content, sender details, location details, or substance information through the push notification.

4. Lawful Basis for Processing

We cannot identify who sends information to us. If we see information that creates identifiable information then we or our partners will delete it. Therefore, we do not need a lawful basis for processing personal information in the anonymised reports we receive.

Any accidental personal information is processed as legitimate interest to support harm reduction as part of public health monitoring.

Where any technical processing connected to push notifications is treated as personal data, it is processed only to provide the notification feature chosen by the user. The legal basis for this processing is explicit consent.

5. Data Retention

Anonymised risk information provided by you is kept for as long as it is relevant to public health trends. Since this data is not "personal data," it may be stored indefinitely to help track drug market changes over time.

foralerts does not store push notification tokens on our own servers. Push notification tokens are generated and managed by Firebase Cloud Messaging and, on Apple devices, Apple Push Notification service. These services may refresh, expire, or invalidate tokens when they are no longer valid, and they handle related technical data in accordance with their own policies.

6. Your Rights

Under UK privacy laws, you have rights regarding your data. However, because foralerts does not store identifiers (like an email or ID), we generally cannot fulfill a "Subject Access Request" or "Request to Delete or Change" because we have no way of knowing which report belongs to you.

7. Contact & Complaints

If you have concerns about how we handle your information or personal data, please contact support@scienap.com. If you believe we have mishandled data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.