Login
Underground Prepper
Underground Prepper



— Privacy Policy —


Last updated: June 1, 2026

This Privacy Policy describes the policies and procedures of 5th Studios, LLC regarding the collection, use, and disclosure of information when you use the Underground Prepper app and website, and explains your privacy rights and how the law protects you.

Underground Prepper is built on a privacy-first, local-first philosophy. Your inventory, household member data, and preparedness information are stored exclusively on your device and never transmitted to our servers. We designed the app this way intentionally — your prepping data is your business.

 


Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

 

Definitions

For the purposes of this Privacy Policy:

  • App means the Underground Prepper mobile and desktop application, available on iOS, Android, Windows, and macOS.

  • Company (referred to as either “the Company,” “We,” “Us,” or “Our” in this Policy) refers to 5th Studios, LLC, 308 Roosevelt Drive, New Boston, PA 17948.

  • Device means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.

  • Personal Data is any information that relates to an identified or identifiable individual.

  • Service refers to the App and the Website collectively.

  • Service Provider means any natural or legal person who processes data on behalf of the Company to facilitate or support the Service.

  • Website refers to the Underground Prepper website, accessible at https://undergroundprepper.com.

  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

 


Collecting and Using Your Personal Data

Types of Data Collected

Data Stored Locally on Your Device (App)

The App stores all of the following data exclusively on your device using an on-device SQLite database. This data never leaves your device unless you explicitly use the optional server backup feature described below.

  • Household member profiles: first name or alias, birth year, gender, height, weight, and calculated daily calorie requirements

  • Inventory items across up to 14 categories, including quantities, expiration dates, storage locations, and calorie values

  • Storage area configurations and bugout bag assignments

  • Prep Hub checklist progress

  • App preferences and settings

We do not collect, access, or transmit any of this data. It remains on your device at all times.

 

Data Collected at Subscription

To create a subscription, you visit our Website and complete payment through Stripe, our third-party payment processor. During this process, your email address is used in two ways:

  • Email verification: When you begin registration, your email address is passed to our server to generate and send a one-time verification code. It is used in memory only to send that email and is never written to our database.

  • Account activation: After payment, Stripe passes your email address to our server so we can send you your account activation code. Again, it is used in memory only to send that email and is never written to our database.

Your email address is stored only on your device as part of your local account record. It is never retained on our servers in any form.

After your subscription is activated, our server retains only the following — none of which identifies you personally:

  • An anonymous account token (a randomly generated GUID) used to verify your subscription

  • Your Stripe Customer ID (an opaque reference used to manage billing)

  • Your subscription status (e.g., active, expired, cancelled) and relevant dates

 

Optional Server Backup

The App includes an optional server backup feature that you must explicitly enable. If you choose to use it, an encrypted copy of your inventory data is uploaded to our server. This backup is encrypted on your device using a 12-word recovery phrase that only you possess. Our server stores only the encrypted blob — we cannot read, access, or decrypt your data. You can permanently delete your server backup at any time from within the App.

 

Usage Data

No usage data is collected when using the Service. We intentionally chose not to include any analytics programs or services to ensure your prepping inventory remains confidential between you and your family.

 

Tracking Technologies and Cookies

The App does not use cookies or tracking technologies of any kind.

The Website uses session cookies solely to maintain your login state during website visits. We do not use advertising cookies, tracking pixels, or third-party analytics services.

 


Use of Your Personal Data

We use the limited information we collect for the following purposes only:

  • To send you a one-time email verification code during registration

  • To send you your one-time account activation code after payment

  • To verify your subscription status when the App connects to the server

  • To manage your subscription through Stripe (renewals, cancellations, grace periods)

  • To store and retrieve your encrypted server backup, if you have enabled that feature

We do not use your information for marketing, advertising, analytics, or any purpose beyond operating the service you subscribed to. We do not send promotional emails.

 

Third-Party Services — Stripe

We use Stripe to process subscription payments. When you subscribe, Stripe collects your name, email address, and payment card information directly. Stripe may also collect device and browser information as part of their fraud prevention systems. We do not receive or store your payment card details.

Stripe’s handling of your payment information is governed by their own Privacy Policy, available at: https://stripe.com/privacy

Stripe is a certified PCI Service Provider Level 1 — the highest level of payment security certification available.

We do not use Google Analytics, Facebook Pixel, or any other third-party analytics or advertising service on the App or Website. We do not sell, rent, or share your information with any third party for advertising purposes.

 

Retention of Your Personal Data

Local data (all inventory, member, and preference data) remains on your device until you delete it or uninstall the App. You can wipe your inventory or delete your entire account from within the App at any time.

Server data (anonymous token, Stripe Customer ID, subscription status) is retained as an expired record on our servers after account deletion for audit and fraud prevention purposes. Because this record contains no personally identifiable information, it cannot be linked back to you.

If you use optional server backup, your encrypted backup blob is deleted immediately when you use the “Delete Server Backup” option in the App, or when you delete your account.

Your email address is never written to our servers and therefore requires no retention or deletion policy on our end.

 

Delete Your Personal Data

You have full control over your data. From within the App, you can:

  • Wipe all inventory data while keeping your account intact

  • Delete your entire account, which removes all local data and deactivates your subscription

  • Delete your server backup at any time if you have enabled that feature

You may also contact us to request assistance with data deletion. Please note that our server record contains no personally identifiable information and cannot be linked back to you.

 


Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, subscription records (anonymous token, Stripe Customer ID, subscription status) may be transferred. We will provide notice before any such transfer becomes subject to a different Privacy Policy. As these records contain no personally identifiable information, no personal data would be transferred.

 

Law Enforcement

Under certain circumstances, the Company may be required to disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). Because we do not store personally identifiable information on our servers, any such disclosure would be limited to anonymous subscription records only.

 

Other Legal Requirements

The Company may disclose information in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

 

Security of Your Personal Data

We take the following measures to protect your information:

  • All inventory data is stored locally on your device and never transmitted to our servers in plain text

  • Server backups are encrypted on your device before upload using AES encryption with a key derived from your 12-word recovery phrase, which only you possess

  • Your email address passes through our server in memory only to send transactional emails and is never written to any database or log

  • All communication between the App and our servers uses HTTPS (TLS encryption)

  • Your subscription token is an anonymous GUID with no connection to your identity

No method of electronic storage or transmission is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security.

 


Children’s Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to address it.

The App is designed for household emergency preparedness. Adding children as household members for inventory and calorie tracking purposes does not constitute collection of their personal data, as all such data is stored exclusively on your device.

 


Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies to you. Our lawful basis for processing your information is the performance of a contract — specifically, delivering the subscription service you have purchased.

Because we do not retain your email address and because your inventory data never leaves your device, much of what GDPR covers is handled structurally by our privacy-first architecture. To the extent we hold any data about you (your anonymous subscription token and Stripe Customer ID), you have the following rights:

  • Right of Access: You may request confirmation of whether we hold any data associated with your account token.

  • Right to Erasure: You may delete your account from within the App at any time. Because our server record contains no personally identifiable information, there is no personal data to erase beyond the subscription record itself.

  • Right to Restriction: You may contact us to restrict processing of your subscription data.

  • Right to Data Portability: Your inventory data can be exported at any time from within the App as a .prep file or CSV. This data is stored on your device and is fully portable.

  • Right to Object: You may contact us to object to processing of your subscription data.

To exercise any of these rights, contact us using the information in the Contact Us section below. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

 


Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting it, and the categories of third parties with whom we share it.

  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

  • Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioral advertising.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact us using the information in the Contact Us section below. We will respond within 45 days.

Disclosure: In the preceding 12 months, we have collected the following categories of personal information: identifiers (email address, used transiently in memory to deliver transactional emails and never stored on our servers). We have not sold any personal information.

 


Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

 


Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

 


Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, you can contact us: