// LEGAL DOCUMENTATION

PRIVACY POLICY

Last Updated: January 2025

1. MISSION STATEMENT

CallSign ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our secure messaging application. Our core principle is simple: we cannot read your messages, and we collect minimal data.

2. INFORMATION WE COLLECT

2.1 Account Information

  • Username (chosen by you)
  • Password (stored as a secure hash - we cannot see your actual password)
  • Phone number hash (for contact discovery - we never store your actual phone number)

2.2 Information We DO NOT Collect

  • Message contents (end-to-end encrypted)
  • Your contacts list
  • Location data
  • Device identifiers for tracking
  • Metadata about who you communicate with

3. END-TO-END ENCRYPTION

All messages sent through CallSign are protected with end-to-end encryption. This means:

  • Messages are encrypted on your device before transmission
  • Only the intended recipient can decrypt and read messages
  • We cannot access the content of your messages
  • We cannot provide message content to any third party
  • Encryption keys are generated and stored only on your device

4. CONTACT DISCOVERY

When you use our Find Friends feature, we use a privacy-preserving method to discover which of your contacts use CallSign. Your contacts' phone numbers are hashed (one-way encrypted) on your device before being sent to our servers. We compare these hashes to find matches but never store or access actual phone numbers.

5. DATA RETENTION

  • Messages with expiration timers are automatically deleted from all devices
  • Account data is retained until you delete your account
  • We do not maintain message logs or backups of your communications

6. DATA SECURITY

We implement industry-standard security measures including:

  • AES-256 encryption for all data in transit
  • Secure, hashed password storage using Argon2
  • Regular security audits and updates
  • Hardware-backed keychain storage on devices

7. THIRD-PARTY SERVICES

CallSign does not share your data with third parties for advertising or marketing purposes. We do not use analytics services that track user behavior.

8. YOUR RIGHTS

You have the right to:

  • Access your account information
  • Delete your account and all associated data
  • Opt out of contact discovery
  • Request information about data we hold

9. CHILDREN'S PRIVACY

CallSign is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. CONTACT US

If you have questions about this Privacy Policy, please contact us at:

privacy@call-sign.app