The terms,
in plain sight.
What you agree to when you use WifiThreatWatch — including exactly what the app reports to the shared threat database, and what it never touches.
Six things worth knowing
This summary is for orientation; the full text below is what binds. The heart of this version: the shared threat database now documents the attacker’s hardware in full, while your own network still only ever leaves your device as a hash.
When the app confirms an attack, it reports the attacker’s rogue access point in full — its real network name, hardware address, radio details, and the approximate area where it was seen. Your own network is different: only one-way hashes of its name and router address ever leave your device.
A report stays linked to the reporting account internally for at most 90 days, used solely to prevent abuse of the database. After that it is permanently anonymized — only anonymous aggregate statistics remain. Warnings shown to other users never say who reported what.
Reporting confirmed attacks to the shared database is a required part of the free app. It cannot be turned off. Every copy contributes when it catches an attack — that is what makes the next person’s warning exist.
WifiThreatWatch warns about network threats. It does not — and cannot — guarantee protection against every attack. Use it as one layer of your security, not the only one.
Your browsing activity, your files or device contents, your exact GPS position, and the real name or hardware address of your own WiFi network are never collected. Locations in reports are approximate zones, never an exact position.
Terms are versioned and published by our servers. When a new version takes effect, continued use of the app requires accepting it in the app.
Terms of Service
VERSION 2026-07-08.2 · EFFECTIVE JULY 8, 2026
1.The service
WifiThreatWatch is a Windows application that monitors the WiFi network you are on for attacks — evil twins, ARP spoofing, DNS tampering, rogue devices, and related threats — and warns you when it confirms one. Real-time detection is free. An optional paid subscription adds Active Defense and a self-hosted encrypted VPN tunnel.
The free app includes, and depends on, the shared threat database: a community pool of confirmed attacks that lets one user’s detection become every other user’s early warning. These Terms describe exactly what that sharing involves.
2.Required contribution to the shared threat database
When the app detects and confirms an attack, it reports that attack to the shared threat database. Contribution is a required, non-optional part of the free app and cannot be turned off. The database only works because every copy of the app reports what it confirms — a warning exists for the next person only because the previous person’s device contributed it.
Reports are sent only when the app detects an attack. The app does not stream your network activity to us, and no report is made during normal, attack-free operation apart from the hashed nearby-network observations described in section 3.
3.What a report contains — the guarded collection model
A report’s contents depend on whose hardware it describes. The attacker’s equipment is documented in full; your own network is protected by one-way hashing. Specifically:
(a) The attacker’s access point. When the attack involves a rogue or fake hotspot — hardware that is not your network, such as an evil twin impersonating a legitimate one — the report includes that access point’s real network name (SSID), its hardware address (BSSID/MAC), technical radio details (channel, band, security mode, hardware vendor, and signal data), and the approximate area where it was seen: a zone of roughly 150 m to 1 km, never an exact position.
(b) Attacks on your own network. When the attack targets your own network, the report includes only one-way cryptographic hashes of the network’s name and hardware address — the real WiFi name and router address never leave your device — together with the same technical radio details and an approximate area of about 1 km.
(c) Nearby networks observed during scans. One-way hashes only, never real names.
4.Retention and identity
Individual reports are linked to the reporting account internally for a maximum of 90 days, used solely for abuse prevention — keeping false or malicious reports out of the database — and are then permanently anonymized. After anonymization, only anonymous aggregate statistics (counts, severity, threat type, area) are kept.
Threat warnings shown to other users never include the reporter’s identity. Nothing anyone can look up in the database says who reported what.
5.What is never collected
WifiThreatWatch never collects your browsing activity, your files or anything else on your device, your exact GPS position, or the real name or hardware address of your own WiFi network. Where a report includes an area, it is an approximate zone as described in section 3 — never an exact position. The full data practice is described in our Privacy Policy.
6.No guarantee of protection
WifiThreatWatch warns about network threats but does not guarantee protection against every attack. Detection depends on radio conditions, attacker behavior, your hardware, and information available at the time; some attacks may not be detected, and a warning may occasionally be wrong. Flags from the shared database describe what the community has seen — they are advisory, and they never block your connection.
Use WifiThreatWatch as one layer of a sensible security posture, alongside the basics: up-to-date software, HTTPS, and caution on networks you don’t control.
7.Acceptable use
You may not use WifiThreatWatch to attack networks, feed false reports into the shared threat database, probe or disrupt the service, or violate any law. We may remove reports, rate-limit, or suspend accounts to protect the integrity of the database — that abuse prevention is the sole use of the 90-day account link described in section 4.
8.Subscriptions
Real-time detection, alerts, and the shared threat database are free. Active Defense and the encrypted VPN tunnel require a paid subscription ($6.99/month or $69.99/year), billed until cancelled. Cancelling stops future billing; paid features remain available through the period already paid for. See Pricing for current details.
9.Changes to these Terms
These Terms are versioned and published by our servers; the version above is the one currently in force. When we publish a new version, the app presents it to you. Continued use of the app after a Terms update requires accepting the new version in the app. If you do not accept, stop using the app; nothing already anonymized in the shared database can be traced back to you.
When a change is material — like the guarded collection model introduced in this version — we say so plainly rather than burying it.
10.Contact
Questions about these Terms: [email protected].
See also the Privacy Policy, which describes the same collection model from the data side, and the Shared Threat Intelligence page, which explains how the database works.