Wary, by Reply200 Inc. · Last updated 17 June 2026
When you check a message, link, or phone number, that content is sent to our server so we can analyze it. We keep only a hashed and redacted record of the check (with personal details stripped out) to prevent abuse, measure quality, and improve protection for everyone. It is not tied to your name or identity.
When you check an email for leaks, that email is sent to our server only to query public breach databases and return the result. We do not store the email on our servers. The list of emails you choose to watch, and which breaches you have reviewed, are stored only on your device.
We use Apple's per-install identifier (identifierForVendor) as an anonymous key to apply your free monthly allowance, link family devices, and send protection updates. It is not your Apple ID and not an advertising identifier, and it resets if you delete the app.
If you report a scam, the scam indicators (such as a phone number, link, or domain) are stored anonymously so Wary can warn other people. We do not store who reported it in any way tied to your identity.
You link a family member's device with a short code, and you each choose what to share. Only Wary's own signals flow (for example, that a check came back risky, that an email turned up in a breach, or whether protection is on) and only with your consent. Your actual message contents, call logs, and location never leave your device. iOS does not allow that, and neither do we.
If you turn on protection, we store an Apple push token so we can send silent background updates, such as refreshing the list of known scam numbers. These are not marketing messages.
To answer a check, our server uses trusted third parties: Google (for AI analysis and Safe Browsing), Twilio and IPQualityScore (for phone and link reputation), and XposedOrNot (for email breach data). They receive only what is needed to answer that specific check, under their own terms, and we do not share your identity with them. All of these run on our server — the app never holds any keys.
Hashed, redacted check records are kept to operate and improve the service, and may be aggregated into anonymous statistics. You can ask us to delete data associated with your device, or exercise other rights you may have under laws like GDPR and CCPA, by emailing privacy@bewary.app.
Wary is not directed at children under 13, and we do not knowingly collect their data.
If we change this policy we will update this page and the date above.
Questions about privacy: privacy@bewary.app.
© 2026 Reply200 Inc. · Terms of Use · Wary is a scam-protection tool and provides guidance, not a guarantee.