Privacy Policy for fibairPhone

1Who We Are

Citiwave Systems Ltd ("we," "us," "our") operates the fibairPhone mobile application (the "App").

2What This Policy Covers

This policy explains how we collect, use, disclose, and protect information when you use fibairPhone, a WebRTC-based VoIP app enabling audio/video calls, messaging, and related features on Android.

3Information We Collect

We collect only what is necessary to provide and improve the App. Depending on the features you use, we may process:

A) Account & Profile Information

• Identifiers (e.g., username, display name, avatar)
• Contact details (e.g., email or phone number)
• Authentication data (e.g., salted/hashed credentials, tokens)

B) Communications & Content

• Call audio/video streams: transmitted via WebRTC and not stored on our servers. Streams may be end-to-end encrypted (E2EE) if you enable that feature.
• Messages/attachments: [State whether stored, for how long, and if encrypted at rest/in transit].

C) Call & Network Metadata

• Technical signaling data (e.g., caller/callee IDs, call timestamps, duration, ICE candidates).
• IP addresses and approximate network location processed by our STUN/TURN and signaling servers to establish connectivity.
• Device info (device model, OS version, language, app version).

D) Contacts (optional)

• Address book matching (optional): With your explicit consent, we may hash and upload phone numbers/emails to help you find contacts. We do not store your address book in plain text. You can disable this at any time.

E) Diagnostics & Logs

• Crash logs and performance metrics to maintain reliability.
• Analytics (optional) to understand feature usage. You can opt out where required by law.

> Sensitive permissions: Camera, Microphone, Bluetooth, Notifications, Foreground Services, and Network access are required for calling features. See Section 10 for Android disclosures.

4Why We Use Your Information (Purposes & Legal Bases)

We process your information to:

• Provide core services: set up calls, deliver messages, maintain connectivity (Contract / Legitimate Interests).
• Authenticate and secure accounts: prevent fraud/abuse, protect users (Legitimate Interests / Legal Obligation).
• Improve performance: troubleshoot, fix bugs, optimize quality (Legitimate Interests).
• Communicate with you: support, updates, service announcements (Legitimate Interests / Consent where required).
• Comply with law: respond to lawful requests and enforce terms (Legal Obligation).

5How We Share Information

We do not sell your personal information. We may share:

• Service providers / processors that host, route, or support the App (e.g., cloud hosting, push notifications, crash reporting, analytics, STUN/TURN). They are bound by contracts to process data only on our instructions.
• Other users when it’s needed to complete a call/message delivery.
• Legal and safety: to comply with law, prevent harm, or protect our rights.
• Business transfers: if we are involved in a merger, acquisition, or asset sale, we will notify you as required by law.

Subprocessors we may use (examples—replace with your actual vendors):

• Hosting: AWS and pre
• Crash & diagnostics: Firebase Crashlytics
• Push notifications: Firebase Cloud Messaging

6International Data Transfers

We may transfer your information to countries outside your own. Where required, we implement safeguards (e.g., Standard Contractual Clauses under GDPR) and assess vendor practices.

7Data Retention

We keep data only for as long as necessary for the purposes described:

• Account data: retained while your account is active. Deleted 1 day after account closure.
• Call metadata/signaling logs: retained 6 months for reliability and fraud prevention.
• Messages/attachments: retained until you delete them (if supported).
• Crash logs/analytics: retained 1 month.
• Recordings (if enabled): retained until you delete.

8Security

We apply technical and organizational measures to protect your data, including encryption in transit (TLS), restricted access, and monitoring. No system is perfectly secure; we maintain incident response procedures and will notify you and regulators when required by law.

9Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, port, or object to certain processing, and to withdraw consent at any time.

• GDPR (EEA/UK): You may also lodge a complaint with your local supervisory authority.
• California (CCPA/CPRA): You have rights to know, delete, correct, and opt out of certain sharing. We do not sell your data as defined by CCPA.
• Do Not Track: We currently do not respond to DNT signals.

Requests: Contact us at support@theansr.com. We will verify your identity before fulfilling requests.

10Android & Device Permission Disclosures

• Microphone & Camera: used for audio/video calls. Content is transmitted in real time and not stored, unless you enable recording.
• Bluetooth: used for routing audio to connected devices.
• Notifications: to alert you to incoming calls/messages.
• Foreground Service & Wake Lock: to keep call sessions active and reliable.
• Network access & Wi-Fi state: to establish WebRTC connections.
• Contacts (optional): for “Find friends” features; processed as described in Section 3D.
• Exact alarm / Schedule exact alarms (if used): to ensure timely call notifications.
• Post Notifications (Android 13+): permission requested at runtime.

> We request permissions at runtime and only when a feature requires them.

11Children’s Privacy

The App is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact support@theansr.com to request deletion.

13Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you in the App and update the “Last updated” date above. Continued use after changes indicates acceptance.

14Contact Us

If you have questions about this policy or our data practices, contact:

Citiwave Systems Ltd
Email: support@theansr.com

AppendixGoogle Play Data Safety Summary (Fill for Submission)

Use this as a helper to complete the Play Console “Data safety” form. Keep the App and policy consistent.

Data collected (toggle ON only if applicable; state purpose and whether data is processed ephemerally):

• Personal info: name, email, phone → Account creation, app functionality, customer support
• Audio/Video: live streams (ephemeral) → App functionality (calls)
• App activity: in-app interactions, call events → Analytics / app functionality
• Device or other IDs: installation ID, push token → App functionality / notifications
• Crash logs/Diagnostics: → App stability
• Contacts: hashed identifiers → Find friends

Data sharing: No data shared with third parties for their own use.

Data is encrypted in transit: Yes

Data deletion: Yes (in-app and/or by request)