Privacy Policy

Last updated: 22 April 2026

This Privacy Policy describes how TraceCallerID ("we", "our", "us") collects, uses and protects your information when you use our app and services. By using TraceCallerID, you agree to the practices described here.

1. Information we collect

Information you provide

• Your mobile number, used for OTP-based sign-in.
• Optional profile details: display name, email and avatar.
• Content you create in the app: blocklist entries, spam reports, name suggestions and personal preferences.
• Phone numbers from your address book — see Section 3 below for exactly how they are processed.
• Messages you send us through support channels.

Information collected automatically

• Basic device information: model, OS version, language and timezone.
• A persistent device_id for anonymous-mode contributions and abuse prevention.
• Anonymised usage signals to improve spam detection, latency and overall quality.
• Crash reports (with your permission).

2. How we use your information

• To run the caller ID overlay, the call log, the blocklist and reverse lookup.
• To identify unknown callers via our backend lookup endpoint and a 6-hour Redis cache.
• To compute a real-time spam score by aggregating community reports.
• To rank and recompute canonical names using a weighted formula (recency × frequency × trust × weight).
• To synchronise your blocklist and preferences across devices you sign in on.
• To communicate important updates and respond to support queries.
• To measure feature usage in aggregate so we can improve the product.

3. Privacy guarantees

These six guarantees govern how data flows through TraceCallerID. They are non-negotiable; they apply by default to every user.

• SHA-256 hashing before upload. Every phone number is SHA-256 hashed on your device before it is transmitted to our servers. The hash, not the raw number, is what powers anonymous lookup and contribution.
• Raw numbers are opt-in. Storage of raw, un-hashed numbers and contact names only happens when you have explicitly enabled the consent_share_names=true flag from Settings → Privacy.
• Names are never sent without consent. Contact names from your address book are never transmitted to our servers without an explicit, recorded user opt-in.
• One-call wipe. The /contacts/all endpoint, exposed in Profile → Privacy, deletes every contribution you have ever made to the spam network. The deletion is irreversible.
• "Unlisted" is always respected. If a number is marked unlisted in our database, that flag is honoured in every API response — no override, no edge case.
• Anonymous uploads carry the lowest trust. Pre-login contributions get a trust weight of 0.25, the lowest tier. They cannot dominate the network or override authenticated users.

4. How we protect your data

• All data in transit is encrypted using TLS 1.3.
• Our APIs are secured with JWT-based authentication.
• Access to production systems is role-based and audited.
• Background-service HTTP calls reuse the same authenticated session via a native bridge — no plaintext tokens leave the secure store.
• We follow OWASP Top 10 guidance and run security testing before every release.

5. Sharing

We do not sell your personal information. We share data only with vetted service providers who help us operate the app — for example cloud hosting (Redis cache, Laravel API), SMS delivery for OTPs, and crash reporting — under strict contractual obligations.

6. Your rights

• Access a copy of your data.
• Correct or update your information.
• Delete your account and all associated data from Profile → Privacy → Delete Account.
• Wipe every spam-network contribution via the /contacts/all endpoint, also surfaced in Profile → Privacy.
• Withdraw any spam report you have submitted.
• Opt out of optional analytics at any time from Settings.
• Manage every device signed into your account, and unregister any of them remotely.

7. Children's privacy

TraceCallerID is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

8. Changes to this policy

We may update this policy from time to time. Significant changes will be announced in the app and on this page. The "Last updated" date above will always reflect the most recent revision.

9. Contact

Questions about privacy? Write to us at privacy@tracecallerid.app or through our contact page.