SecureChat
# Privacy Policy for SecureChat
**Effective Date:** April 28, 2026
**Last Updated:** April 28, 2026
---
## 1. Introduction
Welcome to **SecureChat** ("we," "our," or "the App"). We are committed to protecting your privacy and ensuring transparency about how we handle your data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.
By using SecureChat, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
---
## 2. Information We Collect
### 2.1 Personal Information
**Contact Information:**
- **What We Collect:** When you grant permission, we access your device's contact list to help you find and connect with other users.
- **How We Use It:** Contact information is used solely to display your contacts within the app for initiating video calls. We do NOT upload, store, or share your contacts with our servers or third parties.
- **Legal Basis:** Explicit user consent via Android Contact Picker or permission dialog.
**Authentication Data:**
- **What We Collect:** Anonymous authentication tokens generated by Firebase Authentication.
- **How We Use It:** To create a temporary, anonymous user session for signaling purposes during video calls.
- **Storage:** Authentication tokens are managed by Firebase and are not permanently stored by us.
### 2.2 Communication Data
**Video and Audio Calls:**
- **What We Collect:** Real-time video and audio streams during calls.
- **How We Use It:** All video and audio data is transmitted directly between users using peer-to-peer (P2P) WebRTC technology. We do NOT record, store, or access the content of your calls.
- **Encryption:** All calls are end-to-end encrypted using WebRTC's built-in security protocols.
**Signaling Data:**
- **What We Collect:** Technical data required to establish P2P connections (e.g., ICE candidates, SDP offers/answers, user IDs).
- **How We Use It:** Signaling data is temporarily stored in Firebase Realtime Database to facilitate call setup and is automatically deleted after the call ends or expires.
### 2.3 Device Information
**Permissions:**
- **Camera:** Required for video calling functionality.
- **Microphone:** Required for audio during calls.
- **Internet Access:** Required to establish connections and transmit data.
- **Network State:** Used to detect connectivity status.
- **Audio Settings:** Used to manage audio routing during calls.
**Technical Data:**
- **What We Collect:** Device type, operating system version, app version, and network connectivity status.
- **How We Use It:** To ensure compatibility, optimize performance, and troubleshoot technical issues.
### 2.4 Data We Do NOT Collect
- We do NOT collect your name, email address, phone number, or any other personally identifiable information.
- We do NOT track your location.
- We do NOT access your photos, videos, or other media files.
- We do NOT collect browsing history or activity outside the app.
- We do NOT use analytics or tracking services.
- We do NOT serve advertisements.
---
## 3. How We Use Your Information
We use the collected information solely for the following purposes:
1. **To Provide Core Functionality:** Enable peer-to-peer video and audio calling between users.
2. **To Facilitate Connections:** Use contacts (with your permission) to help you find and call other users.
3. **To Establish Calls:** Use signaling data to set up WebRTC connections.
4. **To Ensure Security:** Maintain end-to-end encryption for all communications.
5. **To Improve Performance:** Diagnose and fix technical issues.
We do NOT use your data for:
- Advertising or marketing
- Profiling or behavioral analysis
- Selling or sharing with third parties
- Any purpose other than those explicitly stated above
---
## 4. Data Storage and Retention
### 4.1 Local Storage
- Contact information is accessed locally on your device and is NOT uploaded to our servers.
- User preferences and session data are stored locally on your device.
### 4.2 Firebase Storage
- **Authentication Tokens:** Stored temporarily by Firebase Authentication for session management.
- **Signaling Data:** Stored temporarily in Firebase Realtime Database during call setup and automatically deleted within minutes after the call ends or expires.
- **No Permanent Storage:** We do NOT permanently store any personal data, call recordings, or communication content.
### 4.3 Data Retention
- Signaling data is automatically deleted after call completion or timeout (typically within 5-10 minutes).
- Anonymous authentication sessions expire after inactivity.
- You can clear all local data by uninstalling the app.
---
## 5. Data Sharing and Third Parties
### 5.1 We Do NOT Share Your Data
- We do NOT sell, rent, or share your personal information with third parties for marketing or advertising purposes.
- We do NOT provide your data to data brokers or analytics companies.
### 5.2 Third-Party Services
We use the following third-party services, which may process limited data:
**Firebase (Google LLC):**
- **Purpose:** Anonymous authentication and temporary signaling data storage.
- **Data Processed:** Anonymous user IDs, signaling data (ICE candidates, SDP).
- **Privacy Policy:** [https://firebase.google.com/support/privacy](https://firebase.google.com/support/privacy)
- **Compliance:** Firebase is GDPR, CCPA, and SOC 2 compliant.
**WebRTC:**
- **Purpose:** Peer-to-peer video and audio communication.
- **Data Processed:** Video/audio streams transmitted directly between users (not through our servers).
- **Encryption:** All WebRTC connections are end-to-end encrypted.
### 5.3 Legal Requirements
We may disclose information if required by law, court order, or government regulation, or to protect the rights, property, or safety of our users or the public.
---
## 6. User Consent and Permissions
### 6.1 Explicit Consent
Before accessing any sensitive data or permissions, we will:
- Display a clear, unambiguous consent dialog explaining what data we need and why.
- Require an affirmative action (e.g., tapping "Allow" or checking a checkbox).
- NOT assume that navigating away or dismissing a dialog constitutes consent.
### 6.2 Contacts Permission (NEW GOOGLE PLAY POLICY COMPLIANCE)
- **Contact Picker:** We use the Android Contact Picker API where possible to minimize data access and improve user privacy.
- **Broad Access:** If you grant broad contacts access (READ_CONTACTS), we only use it to display your contacts within the app. We do NOT upload or share this data.
- **Revocable:** You can revoke contacts permission at any time in your device settings.
### 6.3 Camera and Microphone Permissions
- Required only when you initiate or receive a video call.
- You can deny these permissions, but video calling functionality will not be available.
- Permissions can be revoked at any time in your device settings.
### 6.4 Managing Permissions
To manage permissions:
1. Go to your device **Settings**
2. Navigate to **Apps** > **SecureChat**
3. Tap **Permissions**
4. Enable or disable permissions as desired
---
## 7. Data Security
We take data security seriously and implement the following measures:
- **End-to-End Encryption:** All video and audio calls are encrypted using WebRTC's built-in DTLS-SRTP encryption.
- **Secure Transmission:** All data transmitted to Firebase uses HTTPS/TLS encryption.
- **No Plaintext Storage:** We do NOT store call content, messages, or media files.
- **Minimal Data Collection:** We collect only the minimum data necessary to provide core functionality.
- **Anonymous Authentication:** User sessions are anonymous and do not require personal identifiers.
- **Automatic Deletion:** Signaling data is automatically deleted after calls end.
While we implement industry-standard security measures, no system is 100% secure. You use the app at your own risk.
---
## 8. Children's Privacy
SecureChat is NOT intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do NOT knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.
**Age-Restricted Content Compliance:** This app does NOT contain dating, matchmaking, or age-restricted content. No age-gating mechanisms are required.
---
## 9. Your Privacy Rights
Depending on your location, you may have the following rights:
### 9.1 General Rights
- **Access:** Request a copy of the data we hold about you.
- **Deletion:** Request deletion of your data (note: we do not permanently store personal data).
- **Correction:** Request correction of inaccurate data.
- **Portability:** Request your data in a portable format.
- **Objection:** Object to certain data processing activities.
- **Withdraw Consent:** Revoke permissions at any time via device settings.
### 9.2 Regional Rights
**European Union (GDPR):**
- Right to access, rectification, erasure, restriction, portability, and objection.
- Right to lodge a complaint with your local data protection authority.
**California (CCPA/CPRA):**
- Right to know what personal information is collected.
- Right to delete personal information.
- Right to opt-out of sale (note: we do NOT sell your data).
- Right to non-discrimination for exercising your rights.
**Other Jurisdictions:**
- We comply with applicable data protection laws in your region.
### 9.3 Exercising Your Rights
To exercise your rights, contact us at: **[your-email@example.com]** (replace with your actual contact email)
---
## 10. International Data Transfers
Firebase services are operated by Google LLC and may involve data transfers to the United States and other countries. Google complies with applicable data protection frameworks, including:
- EU-U.S. Data Privacy Framework
- Standard Contractual Clauses (SCCs)
- GDPR requirements for international transfers
For more information, see Google's privacy policy: [https://policies.google.com/privacy](https://policies.google.com/privacy)
---
## 11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our practices
- Legal or regulatory requirements
- New features or functionality
**Notification of Changes:**
- We will notify you of material changes via in-app notification or by updating the "Last Updated" date.
- Continued use of the app after changes constitutes acceptance of the updated policy.
- For significant changes, we may require explicit consent.
**Version History:**
- Version 1.0 (April 28, 2026): Initial privacy policy compliant with Google Play Store policies.
---
## 12. Google Play Data Safety Compliance
In accordance with Google Play Store requirements, we declare the following:
### 12.1 Data Collection Summary
| Data Type | Collected? | Purpose | Shared? |
|-----------|-----------|---------|---------|
| Contacts | Yes (with permission) | Display contacts for calling | No |
| Camera/Microphone | Yes (during calls) | Video/audio calling | No (P2P only) |
| Device ID | Yes (anonymous) | Session management | No |
| Location | No | N/A | N/A |
| Photos/Videos | No | N/A | N/A |
| Personal Info | No | N/A | N/A |
### 12.2 Data Safety Features
- ✅ Data is encrypted in transit (HTTPS, WebRTC encryption)
- ✅ Users can request data deletion (minimal data stored)
- ✅ Data is NOT sold to third parties
- ✅ Data is NOT used for advertising
- ✅ Complies with Google Play Families Policy (if applicable)
---
## 13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
**Email:** rektech.uk@gmail.com
**App Name:** SecureChat
**Response Time:** We will respond to privacy inquiries within 30 days.
---
## 14. Compliance with Google Play Policies
This Privacy Policy complies with the following Google Play Store policies (as of April 15, 2026):
✅ **Contacts Permissions Policy:** We use the Android Contact Picker where possible and only access contacts with explicit user consent.
✅ **User Data Policy:** We collect only the minimum data necessary and provide transparent disclosures.
✅ **Data Safety Section:** Our Play Store listing accurately reflects our data practices.
✅ **Consent Requirements:** We obtain explicit, affirmative consent before accessing sensitive data.
✅ **Encryption:** All communications are encrypted in transit.
✅ **No Silent Data Collection:** We do NOT collect data without user knowledge or consent.
---
## 15. Additional Information
### 15.1 Open Source
SecureChat is built using open-source technologies:
- Flutter (Google)
- WebRTC (open standard)
- Firebase (Google)
### 15.2 No Ads or Tracking
- We do NOT display advertisements.
- We do NOT use third-party analytics or tracking SDKs.
- We do NOT collect data for profiling or behavioral analysis.
### 15.3 Data Minimization
We follow the principle of data minimization and collect only what is absolutely necessary to provide our core video calling functionality.
---
## 16. Definitions
- **Personal Data:** Information that can identify you directly or indirectly.
- **Processing:** Any operation performed on data (collection, storage, use, deletion, etc.).
- **Third Party:** Any entity other than you and SecureChat.
- **P2P (Peer-to-Peer):** Direct communication between users without data passing through our servers.
- **End-to-End Encryption:** Encryption where only the communicating users can read the messages/calls.
---
## 17. Governing Law
This Privacy Policy is governed by the laws of rajkot,gujrat, without regard to conflict of law principles.
---
## 18. Acknowledgment
By using SecureChat, you acknowledge that you have read, understood, and agree to this Privacy Policy.
---
**Thank you for trusting SecureChat with your privacy.**
---
*This privacy policy was created in compliance with Google Play Store policies effective April 15, 2026, including the new Contacts Permissions Policy, User Data Policy, and Data Safety requirements.*
Comments
Post a Comment