Effective: April 7, 2026
Detriment is a WiFi security scanner that runs on your device. We built it with privacy as a core principle.
All of the following data is stored locally on your device and is not included in Detriment API requests:
To enrich scan results with manufacturer names, device-type hints, port explanations, and known security notes, Detriment sends the following limited scan data to our API (api.detriment.ai) after scans:
| Data | Example | Purpose |
|---|---|---|
| MAC prefix (first 3 bytes) | C0:06:C3 | Identifies manufacturer (e.g., "TP-Link"), not your specific device |
| Open port numbers | [80, 443, 554] | Improves device type detection |
No lookup request includes your local device IP address, full MAC address, device name, network name, precise location, or any account identifier. Like any internet service, our API may receive technical request metadata such as your public IP address while handling the request.
If you enable "Share Scan Reports" in Settings, Detriment may send an additional report containing the same limited MAC-prefix and open-port data shown above to improve future detection. This feature is off by default.
Detriment requests location permission because Apple requires it for apps that read your WiFi network name (SSID) and security type via the NEHotspotNetwork API. This is an iOS platform requirement, not our choice.
We do not access, store, or transmit your geographic location. The permission is used solely to access the WiFi information API.
Detriment accesses your local network to discover devices via TCP connection attempts, Bonjour/mDNS service browsing, and reads the system ARP cache for MAC addresses. Full discovered device data remains on your device except for the limited lookup and optional report data described above.
Detriment contains zero third-party analytics, advertising, crash reporting, or tracking SDKs. App lookup and optional reporting requests go only to our own API at api.detriment.ai.
Current optional scan reports are acknowledged by our API but are not stored. If we later retain aggregated reports to improve detection, we will update this policy before doing so.
Detriment does not knowingly collect data from children under 13.
We may update this policy. Changes will be posted on this page with an updated effective date.
Questions? Email privacy@detriment.ai or visit Support.