Privacy Policy

Effective: April 7, 2026

Detriment is a WiFi security scanner that runs on your device. We built it with privacy as a core principle.

What stays on your device

All of the following data is stored locally on your device and is not included in Detriment API requests:

IP addresses of devices on your network
Full MAC addresses and device identifiers
Device hostnames and custom names you assign
Your WiFi network name (SSID)
Scan history, scores, and trusted device preferences

Optional detection improvement data

If you enable "Improve Detection" in Settings, Detriment sends the following limited scan data to our API (api.detriment.ai) after each scan:

Data	Example	Purpose
MAC prefix (first 3 bytes)	`C0:06:C3`	Identifies manufacturer (e.g., "TP-Link"), not your specific device
Open port numbers	`[80, 443, 554]`	Improves device type detection

This feature is off by default. You must explicitly enable it. No request includes your local device IP address, full MAC address, device name, network name, precise location, or any account identifier. Like any internet service, our API may receive technical request metadata such as your public IP address while handling the request.

We also query the same API to enrich scan results with manufacturer names and known vulnerability information. These lookup requests contain only MAC prefixes and port numbers, identical to the table above.

Location data

Detriment requests location permission because Apple requires it for apps that read your WiFi network name (SSID) and security type via the NEHotspotNetwork API. This is an iOS platform requirement, not our choice.

We do not access, store, or transmit your geographic location. The permission is used solely to unlock the WiFi information API.

Local network access

Detriment accesses your local network to discover devices via TCP connection attempts and reads the system ARP cache for MAC addresses. All discovered device data remains on your device.

Third-party services

Detriment contains zero third-party analytics, advertising, crash reporting, or tracking SDKs. App lookup and optional reporting requests go only to our own API at api.detriment.ai.

Data retention

Current optional scan reports are acknowledged by our API but are not stored. If we later retain aggregated reports to improve detection, we will update this policy before doing so.

Children

Detriment does not knowingly collect data from children under 13.

Changes

We may update this policy. Changes will be posted on this page with an updated effective date.

Contact

Questions? Email privacy@detriment.ai or visit Support.