Privacy Directive
Zero-Collection Philosophy
SecureCall is built on the fundamental principle that privacy is not a feature — it is a right. Our architecture is designed from the ground up to collect the absolute minimum data necessary to provide our service. In most cases, we collect no data at all.
Unlike conventional communication apps that harvest your contacts, track your usage patterns, and monetize your metadata, SecureCall operates on a zero-knowledge model. We cannot see who you call, when you call, how long you talk, or what you say. This is not a policy decision — it is a technical impossibility built into our architecture.
All voice calls are encrypted end-to-end using XChaCha20-Poly1305 with keys generated exclusively on your device via X25519 key exchange. The encryption keys never touch our servers. Even under legal compulsion, we cannot provide call content because we simply do not have it.
What Each Tier Collects
Data collection varies by subscription tier. The higher your tier, the less data touches any external system. The table below provides a comprehensive breakdown:
Free Tier
| Data Type | Collected? | Details |
|---|---|---|
| Voice content | No | End-to-end encrypted with XChaCha20-Poly1305. We cannot access or decrypt it. |
| Call metadata | No | No call logs are stored on servers. We do not record who called whom or when. |
| Contact lists | No | Contact data is stored locally on your device only and is never uploaded. |
| Crash reports | Opt-out | Anonymous crash data via Firebase Crashlytics. Contains no personal data. Can be disabled in Settings > Privacy > Crash Reports. |
| Analytics | No | No usage analytics, behavioral tracking, or telemetry of any kind. |
| IP address | Transient | Visible to the signaling server during call setup only. Not logged, not stored, not associated with identity. |
| Device info | Minimal | OS version and device model are included in crash reports only (when crash reports are enabled). |
Pro Tier
| Data Type | Collected? | Details |
|---|---|---|
| Voice content | No | End-to-end encrypted. Cannot be accessed or decrypted by anyone except call participants. |
| Call metadata | No | No server-side call logs. Call history exists only on your device. |
| Contact lists | No | Never leaves your device. |
| Crash reports | No | Firebase Crashlytics is completely disabled at the build level. No crash data is collected. |
| Analytics | No | Zero telemetry. No data collection whatsoever. |
| IP address | Transient | Visible during signaling only. Not logged or stored. |
Premium Tier
| Data Type | Collected? | Details |
|---|---|---|
| Voice content | No | End-to-end encrypted. Technically impossible for anyone to intercept. |
| Call metadata | No | No server-side logs of any kind. |
| Contact lists | No | Stored locally only. Never transmitted. |
| Crash reports | No | Completely disabled. No external reporting services active. |
| Analytics | No | Absolute zero telemetry. |
| IP address | No | Masked via GhostNet multi-hop relay network. Your real IP address is never exposed to our servers or the other call participant. |
Absolute Exclusions
Regardless of your subscription tier, SecureCall never collects, processes, stores, or transmits the following data:
- Voice call content — All calls are encrypted end-to-end. The signaling server handles only opaque encrypted payloads. We have zero ability to decrypt or listen to any call.
- Call metadata — We do not log who called whom, when calls occurred, or how long they lasted. No call detail records exist on our infrastructure.
- Contact lists — Your contacts are stored exclusively on your device. They are never uploaded, synced, or backed up to any server.
- Location data — We do not request, collect, or infer your geographic location. No GPS, no cell tower triangulation, no IP-based geolocation.
- IP addresses (persistent) — IP addresses may be transiently visible to our signaling server during call setup (Free and Pro tiers), but they are never logged, stored, or associated with identities. Premium users have IPs masked via GhostNet.
- Identity information — No real names, phone numbers, email addresses, or government IDs. SecureCall uses anonymous device-generated identifiers only.
- Device identifiers — No IMEI, IMSI, Android ID, advertising ID, or hardware serial numbers are collected.
- Browsing or usage patterns — No behavioral analytics, feature usage tracking, session duration logging, or interaction patterns.
External Services Used
SecureCall uses a minimal set of third-party services to provide core functionality. Each service has strictly limited access to your data:
| Service | Purpose | Data Access | Tiers |
|---|---|---|---|
| Google Play Billing | Payment processing for Pro and Premium subscriptions and Lifetime licenses | Google handles all payment details. We never see credit card numbers, billing addresses, or financial information. We receive only a purchase verification token. | All (if purchasing) |
| Railway | Hosts the WebSocket signaling server for call setup and key exchange | Handles encrypted signaling messages only. Cannot decrypt call content. Sees transient IP addresses during connection (not logged). No user accounts or data storage. | All |
| Metered.ca | TURN relay server for NAT traversal when peer-to-peer connections cannot be established | Relays encrypted audio packets only. Cannot decrypt content (XChaCha20-Poly1305 encrypted). Sees transient connection metadata during relay sessions. | All |
| Google STUN | STUN server for connection establishment and NAT type detection | Receives standard STUN binding requests to determine the device's public IP and NAT type. No persistent data storage. Standard WebRTC infrastructure. | All |
| Firebase Crashlytics | Anonymous crash reporting for bug identification and stability improvement | Receives anonymous crash stack traces, OS version, and device model. Contains no personal data, no call content, no identifiers. Can be fully disabled in Settings. | Free only (opt-out) |
EU General Data Protection Regulation
Under the EU GDPR and the German BDSG, you have the following rights regarding your personal data. Since SecureCall collects virtually no personal data, most of these rights are satisfied by default:
| Right | Description | SecureCall Status |
|---|---|---|
| Right to Access | Request what personal data we hold about you | Satisfied by default. We hold effectively no personal data. Free tier: optional crash reports (anonymous). Pro/Premium: nothing. |
| Right to Rectification | Correct inaccurate personal data | Not applicable. We do not store personal data that could be inaccurate. |
| Right to Erasure | Request deletion of your personal data | Satisfied by default. All data is stored locally on your device. Use Settings > Delete All Data, then uninstall. |
| Right to Portability | Receive your data in a portable format | All data resides on your device in standard formats. No server-side data to export. |
| Right to Object | Object to processing of your personal data | Free tier: disable crash reports in Settings to stop all data processing. Pro/Premium: no data is processed. |
| Right to Restrict | Restrict how your personal data is processed | Free tier: toggle crash reports off. Pro/Premium: no data processing occurs. |
| Right to Withdraw Consent | Withdraw consent for data processing at any time | Free tier: disable crash reports at any time in Settings. No other consent-based processing exists. |
If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with a data protection supervisory authority in the EU member state of your residence.
How to Delete All Data
SecureCall stores all user data locally on your device. No personal data exists on our servers. To completely erase all traces of SecureCall:
- Open Settings — Navigate to SecureCall Settings from the main menu.
- Select "Delete All Data" — This permanently erases all locally stored data, including:
- Encryption key pairs (X25519 private and public keys)
- Contact registry and display names
- Call history and duration logs
- App preferences and configuration
- Cached session data and Double Ratchet state
- Uninstall the app — After deleting data through the app, uninstall SecureCall from your device to remove all remaining application files.
Since we do not maintain user accounts or databases of personal information on our servers, there is no server-side data to request deletion of. The "Delete All Data" function in the app, combined with uninstallation, constitutes a complete and total erasure of all SecureCall-related data.
Privacy Inquiries
For questions, concerns, or requests regarding this privacy policy or your personal data:
| Channel | Details |
|---|---|
| Organization | StealthX |
| Location | Germany (EU) |
| GitHub Issues | github.com/NeaBouli/stealth/issues |
| Website | neabouli.github.io/stealth |
| Source Code | github.com/NeaBouli/stealth |
We respond to privacy-related inquiries within 30 days, as required by GDPR. For urgent security matters, please refer to our Security Policy.
This privacy policy is provided in compliance with the EU General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG). Effective date: February 18, 2026. Last updated: February 2026.