Privacy Policy

Effective April 24, 2026 · Callr, a product of iCubeMedia Inc.

Callr is a product of iCubeMedia Inc. ("iCubeLabs", "we", "us"), a company incorporated in Quebec, Canada. This policy explains how we collect, use, store, share, and protect your personal data when you use the Callr mobile application, our website at callr.icube.so, and related services (collectively, the "Service").

We designed Callr to handle your most sensitive data — your phone calls, your messages, your contacts. We take that responsibility seriously. If anything here is unclear, email privacy@callr.icube.so and a human will respond within 5 business days.

1. The data we collect

1.1 Account data

  • Apple ID or OAuth identifier. When you sign in with Apple (default), we receive an opaque user identifier and — optionally, at your discretion — your name and a relay email. We never receive your Apple ID password.
  • Your Callr phone number. The number you rent through us (a real US or Canadian PSTN number issued by our carrier partner, Telnyx) and its metadata (area code, provisioning date).
  • Profile fields you provide. Display name, business name, greeting text, business hours — only what you type into onboarding or Settings.

1.2 Communications data

  • Call metadata. For every call you make or receive through Callr: timestamp, direction, counterparty number, duration, outcome (answered / missed / voicemail), and which of your numbers was involved. Required for the Service to function.
  • Message contents. SMS and MMS sent or received through Callr, including photo attachments stored in Supabase Storage. Encrypted in transit and at rest.
  • Call recordings. Only if you turn recording on. Recording is off by default on every call. When enabled, the audio file is uploaded to Supabase Storage with row-level security so only you can access it.
  • Transcripts.If you enable transcription, your recorded audio is sent to OpenAI's Whisper service for conversion to text. The text transcript is stored alongside the recording. Audio is processed and discarded; only the text is retained on our side.
  • Contacts. Only if you grant contacts permission. We sync names, phone numbers, and thumbnail photos from your iPhone address book for display inside Callr. We do not upload your contacts to our servers unless you explicitly enable cloud sync.

1.3 Device + diagnostic data

  • Device model and iOS version — to support troubleshooting and to gate features that require specific hardware (e.g., the Dynamic Island).
  • Crash reports via Sentry. Contains stack traces and device state at crash time, never message contents or recordings.
  • Usage analyticsvia Mixpanel. Event taxonomy covers which screens you view and which actions you take (e.g., "started a call"), never the content of those actions.
  • IP address — collected at the API edge for abuse-prevention and rate-limiting. Hashed with a per-deployment salt before storage in our website analytics; never correlated to your account.

1.4 Purchase and entitlement data

Payments are processed entirely by Apple through the App Store. We do not see your credit card, Apple ID password, or billing address. Apple notifies us server-to-server (via App Store Server Notifications V2) when your subscription starts, renews, lapses, or refunds — we store only the resulting entitlement state.

2. How we use your data

We use the data above for the following purposes only:

  1. Provide the Service. Route your calls and SMS, display your inbox, transcribe your recorded calls and voicemails, keep your contact list accurate.
  2. Improve the Service. Aggregate usage trends — e.g., which features get used, which funnels convert. We never train machine-learning models on your call content, message content, or recordings. We never sell your data.
  3. Keep the Service safe. Detect and block spam, prevent abuse, investigate fraud, comply with lawful requests from authorities.
  4. Communicate with you. Operational emails (receipts, security alerts), product updates if you opt in, and beta-program invitations.

3. How we share your data — our processors

Callr relies on a small set of third-party processors to deliver the Service. Each one handles a specific slice of your data under a contract that binds them to our security and confidentiality standards. We do not sell or rent your personal data.

  • Supabase (Supabase Inc., US) — hosts our Postgres database, object storage for recordings, and authentication service. Row-level security enforces that only you can read your own rows.
  • Telnyx (Telnyx LLC, US) — our voice and SMS carrier. Receives your PSTN call and SMS payloads to route them to the public phone network.
  • OpenAI (OpenAI LP, US) — runs the Whisper speech-to-text model used to transcribe your recorded calls and voicemails. Receives the audio file only when transcription is enabled, and does not retain the audio after transcription completes (per their API terms). We use the API setting that disables training on your data.
  • Apple(Apple Inc., US) — processes payments and issues entitlements. Subject to Apple's own privacy policy.
  • Resend (Resend Inc., US) — delivers transactional email. Receives your email address and the message body.
  • Sentry (Functional Software Inc., US) — receives crash reports and error logs (no message content, no recordings).
  • Mixpanel (Mixpanel Inc., US) — receives anonymous product-analytics events keyed by a random identifier.
  • Vercel (Vercel Inc., US) — hosts our marketing website and website-analytics pipeline. Receives request metadata (URL, device type, referrer).

Where data flows to the United States, we rely on the EU–US Data Privacy Framework and Canada's adequacy assessments for cross-border transfer.

4. Call recording and consent — state law

Recording is off by default on every call. You must enable it explicitly per call or persistently in Settings. When you enable it, Callr automatically plays a disclosure to the other party if your jurisdiction requires it.

The following US states require all-party consent — meaning every participant must agree before a call may be recorded. In these states, Callr plays the disclosure and pauses the recording until it is confirmed:

  • California (Cal. Penal Code § 632)
  • Connecticut (Conn. Gen. Stat. § 52-570d)
  • Florida (Fla. Stat. § 934.03)
  • Illinois (720 Ill. Comp. Stat. § 5/14-2)
  • Maryland (Md. Code, Cts. & Jud. Proc. § 10-402)
  • Massachusetts (Mass. Gen. Laws ch. 272, § 99)
  • Montana (Mont. Code § 45-8-213)
  • Nevada (Nev. Rev. Stat. § 200.620)
  • New Hampshire (N.H. Rev. Stat. § 570-A:2)
  • Pennsylvania (18 Pa. Cons. Stat. § 5704)
  • Washington (Wash. Rev. Code § 9.73.030)

Every other US state operates under one-party consent (including the federal standard).

Outside the US — many jurisdictions (the European Union, the United Kingdom, most of Canada including Quebec) require all-party consent as a default. Callr defaults to the conservative all-party disclosure flow for international calls.

You are responsible for knowing the law that applies to your call. Callr provides the disclosure tooling, but you are the party recording and therefore the party accountable. See our Terms of Service for the full allocation of responsibility.

5. How long we keep your data

  • Account data — retained until you delete your account, then purged within 30 days.
  • Call recordings and transcripts — default retention is 90 days. You can configure this in Settings → Privacy → Retention: 7, 30, 90, 365 days, or forever (Pro+ tiers only). Auto-purge runs nightly.
  • Call metadata (timestamps, durations) — retained for the lifetime of your account plus 12 months for tax and compliance purposes.
  • Crash reports — 90 days.
  • Usage analytics — 24 months.
  • Audit log of your data-deletion request — retained (metadata only, no content) for 90 days after the deletion completes, to demonstrate compliance with regulatory requests.

6. Your rights

Depending on where you live, you have some or all of the rights below. These apply to residents of the European Economic Area (GDPR), the United Kingdom (UK GDPR), California (CCPA/CPRA), Canada (PIPEDA), Quebec (Law 25), and any other jurisdiction whose laws grant equivalent protections.

  • Right to access. You can request a copy of every piece of personal data we hold about you. In-app: Settings → Privacy → Export my data produces a ZIP within 60 seconds.
  • Right to rectification. You can correct any inaccurate data directly in Settings, or by contacting us.
  • Right to erasure ("right to be forgotten"). You can delete your account from Settings → Privacy → Delete my account. We cascade-delete across all 22 tables and Storage within 30 days.
  • Right to portability. The export ZIP above is in a structured, commonly-used format (JSON + MP3/WAV for audio).
  • Right to restrict or object. You can pause processing of your data by turning off individual features (recording, transcription, AI summaries) or by deleting your account entirely.
  • Right to withdraw consent. Consent-based processing (recording, contacts, calendar, microphone) can be withdrawn at any time by revoking the relevant iOS permission and toggling the corresponding setting inside Callr.
  • Right not to be subject to automated decision-making. Callr does not make automated decisions with legal or similarly significant effects on you. Transcription is a deterministic process that produces a text record of your calls; you remain the final decision-maker about everything.

To exercise any right, use the in-app controls or email privacy@callr.icube.so. We respond within 30 days (EU/UK) or 45 days (California), extendable by 30 more days with notice for unusually complex requests.

7. Children

Callr is not intended for and is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created a Callr account, contact privacy@callr.icube.so and we will delete the account and its data immediately.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest (AES-256 via Supabase's managed Postgres + Storage). Row-level security isolates every user's rows from every other user's rows. Access to production systems is limited to a small set of iCubeLabs engineers, logged, and reviewed quarterly. We will notify affected users within 72 hours of confirming any personal data breach.

9. Regulatory compliance

  • TCPA & 10DLC. Callr is a registered A2P 10DLC brand with The Campaign Registry. You must comply with the TCPA when using Callr for business SMS — see our Terms of Service.
  • GDPR & UK GDPR. For EU/UK users, our legal bases for processing are (a) performance of contract (core Service), (b) legitimate interest (abuse prevention, analytics in aggregate), and (c) consent (recording, contacts, calendar, marketing emails).
  • CCPA / CPRA. California residents may request the specific categories of data collected, the commercial purpose of each, and the third parties with whom we share. The sections above contain that disclosure.
  • PIPEDA & Quebec Law 25.Canadian users have the rights outlined above, including access, correction, and the right to file a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.

10. Changes to this policy

We will post material changes at least 30 days before they take effect and will notify beta/active users in-app. The effective date at the top of this page reflects the most recent version.

11. Contacting us

iCubeMedia Inc.
Attn: Privacy Office
Montréal, Québec, Canada
Email: privacy@callr.icube.so

For EU/UK residents, our designated representative may be reached at the same address. For accessibility or format accommodations, contact us and we will respond in the format you prefer.

This policy was drafted by iCubeLabs' engineering team for review by outside counsel before general availability. If you are our paralegal reviewer, redlines go to legal@callr.icube.so.