Kalum Privacy Policy
NeuEra Apps ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Kalum mobile application and related services (collectively, the "Service").
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
1. Information We Collect
1.1 Personal Information You Provide
When you register for and use Kalum, we collect:
- Phone Number: Required for account creation and verification via Firebase Authentication
- Email Address: Optional, provided at your discretion for account recovery
1.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Call Metadata: Destination phone numbers you call, call duration, call status (completed, failed, busy, etc.), and timestamps
- Transaction Data: Credit purchases, amounts, and transaction timestamps
- Device Information: Device type, operating system version, and unique device identifiers for authentication purposes
1.3 Information Stored on Your Device
The Kalum app stores the following locally on your device:
- Authentication Tokens: Encrypted and stored in your device's secure storage (iOS Keychain or Android EncryptedSharedPreferences)
- Saved Contacts: Contacts you manually add or import for calling convenience
- Recent Numbers: The last 5 phone numbers you called for quick access
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Account creation and authentication | Phone number, Firebase UID |
| Processing voice calls | Destination phone numbers |
| Billing and payment processing | Transaction amounts, credit balance |
| Call history and records | Call metadata, timestamps |
| Customer support | Account information, call history |
| Service improvement | Aggregated, anonymized usage data |
| Fraud prevention | Usage patterns, rate limiting data |
| Legal compliance | All collected data as required by law |
We do not use your information for:
- Advertising or marketing to third parties
- Selling or renting your personal information
- Profiling or behavioral tracking beyond fraud prevention
3. Information Sharing and Disclosure
We share your information only in the following circumstances:
3.1 Service Providers
We use the following third-party services to operate Kalum:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Phone number verification | Phone number for SMS verification |
| Twilio | Voice call routing | User identifier, destination phone numbers |
| Stripe | Payment processing | User identifier (in metadata), payment amount |
Important:
- Voice call audio flows directly between your device and Twilio's servers. Our servers never process or store call audio content.
- Credit card information is handled entirely by Stripe. We never receive, process, or store your payment card details.
3.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
3.3 Business Transfers
If NeuEra Apps is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
3.4 With Your Consent
We may share your information for other purposes with your explicit consent.
4. Third-Party Services
Our Service integrates with third-party services that have their own privacy policies:
- Firebase: https://firebase.google.com/support/privacy
- Twilio: https://www.twilio.com/legal/privacy
- Stripe: https://stripe.com/privacy
We encourage you to review these policies to understand how these providers handle your information.
5. Data Security
We implement appropriate technical and organizational measures to protect your information:
5.1 In Transit
- All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Certificate pinning in production prevents man-in-the-middle attacks
- Webhook communications are verified using cryptographic signatures (HMAC-SHA256)
5.2 At Rest
- Authentication tokens are stored using platform-specific encryption (iOS Keychain, Android EncryptedSharedPreferences)
- Backend databases use industry-standard encryption
- No plaintext passwords are stored (authentication is handled by Firebase)
5.3 Access Controls
- JWT-based authentication with RS256 signature verification
- Per-user rate limiting prevents abuse
- Optimistic locking protects financial transactions from race conditions
While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or electronic storage is 100% secure.
6. Your Privacy Rights (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
6.1 Right to Know
You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
6.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions (such as legal compliance requirements).
6.3 Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights.
6.4 No Sale of Personal Information
We do not sell your personal information to third parties. Therefore, we do not offer an opt-out of sale mechanism.
6.5 Exercising Your Rights
To exercise your privacy rights, please contact us at the email address provided in the Contact Information section below. We will respond to your request within 45 days.
To verify your identity, we may ask you to provide:
- The phone number associated with your account
- Recent transaction or call history details
7. Data Retention
We retain your information for as long as your account is active or as needed to provide you the Service. Specifically:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Call history | Indefinitely (for billing records) |
| Transaction history | Indefinitely (for financial records) |
| Authentication tokens | Until sign out or expiration |
Upon account deletion request:
- Personal information will be deleted within 30 days
- Anonymized aggregate data may be retained for analytics
- Data required for legal compliance may be retained as required by law
8. Children's Privacy
Kalum is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible.
If you believe we have collected information from a child under 18, please contact us immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy within the app
- Updating the "Last Updated" date at the top of this policy
You are advised to review this Privacy Policy periodically for any changes. Changes are effective when they are posted.
11. Contact Information
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Email: hello@neuera.appService Operator: NeuEra Apps
Operated by: Parham Modirniya
Country of Operation: United States of America
We will respond to all privacy-related inquiries within 45 days.
12. Summary of Data Practices
| What We Collect | Why | Who Has Access | How Long |
|---|---|---|---|
| Phone number | Account verification | NeuEra Apps, Firebase | Account lifetime |
| Email (optional) | Account recovery | NeuEra Apps only | Account lifetime |
| Call destination numbers | Billing, call routing | NeuEra Apps, Twilio | Indefinitely |
| Call duration | Billing | NeuEra Apps only | Indefinitely |
| Payment amounts | Transaction records | NeuEra Apps, Stripe | Indefinitely |
| Device contacts | User convenience | Local device only | Until cleared |
We never collect or have access to:
- Call audio content (handled by Twilio)
- Credit card numbers (handled by Stripe)
- Location data
- Browsing history
- Advertising identifiers
Last Updated:
Version: 2026-02-07
Effective Date: