Privacy Policy
Effective Date: March 20, 2026 · Last Updated: March 20, 2026
Operated by: Vindication Inc., 7901 4th St N Ste 300, St. Petersburg, FL 33702
support@getcallro.com · +1 (727) 396-3598 · getcallro.com
1. Introduction
Callro is an Android call screening application operated by Vindication Inc. This Privacy Policy explains precisely what data Callro collects, what it does not collect, how we use your information, and your rights as a user.
This policy complies with the Google Play Developer Program Policy, the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (CDPA), and applicable US federal privacy standards.
By installing or using Callro, you agree to the practices described in this Privacy Policy.
2. Information We Do NOT Collect
Callro is built on a privacy-first architecture. We explicitly do not collect or request access to:
- Your contacts list or address book
- Your call log or call history
- Voicemail content or any audio recordings
- Your name, email address, or physical address
- Precise or approximate location data
- SMS or text message content
- Any data from outbound calls you make
- Financial information (billing is handled entirely by Google Play)
None of these permissions are requested at install time. You can verify this at any time in Android Settings → Apps → Callro → Permissions.
3. Information We Collect
3.1 Incoming Call Metadata (On-Device Only)
When a call arrives, Android's CallScreeningService API provides Callro with the incoming phone number for the duration of the screening decision. This number is analyzed locally on your device by the Gauntlet Engine. It is never transmitted to our servers, never stored permanently, and never shared with any third party. After the screening decision is made, the number is discarded from active memory.
3.2 Local Number Protection Area Code
If you enable Local Number Protection, you provide a 3-digit area code. This is stored locally in encrypted on-device storage only. It is never uploaded to our servers.
3.3 Shield Log (On-Device Only)
Call screening decisions (ALLOW, SILENCE, BLOCK) and associated scores are stored locally in your Shield Log. This data never leaves your device. You can clear your Shield Log at any time in Settings.
3.4 In-App Support Chat
The App includes an optional AI-powered support chat feature named Shield. When you use this feature, messages you send are transmitted to Anthropic, PBC (makers of Claude AI) to generate responses and stored on our secure servers (Supabase Inc.) for up to 12 months to maintain conversation continuity. Use of the support chat is entirely optional. You can request deletion of your chat history at any time by contacting support@getcallro.com.
3.5 Anonymous Device Identifier
A randomly generated anonymous UUID is created on your device at first launch and stored in encrypted storage. This identifier is used solely for support chat session management. It is not linked to your name, phone number, email address, or any other personal information.
3.6 Trial Management Identifier
To provide a 5-day free trial without requiring a payment method and to prevent unlimited trial abuse, Callro uses a one-way cryptographic hash (SHA-256) of your device's Android device identifier. This hash is transmitted to Google's Play Integrity API and to our secure servers solely to record whether this device has previously redeemed a free trial. This hash cannot be reversed to identify you or your device. It is stored on Google's servers for up to 3 years per Google's retention policy and on our servers for 90 days after inactivity. The raw Android device identifier is never transmitted or stored by Callro.
3.7 Community Spam Reports (Optional — Off by Default)
If you choose to enable Community Verdict in Settings, an anonymized cryptographic hash (HMAC-SHA256) of spam caller numbers is transmitted to our secure servers to improve spam detection for all users. Raw phone numbers are never transmitted under any circumstances. Community Verdict is disabled by default and requires your explicit opt-in to activate.
3.8 Crash and Performance Diagnostics
If the app crashes, diagnostic data is automatically transmitted to Firebase Crashlytics (Google LLC). App performance metrics are transmitted to Firebase Performance Monitoring in aggregated, non-identifiable form. Neither service receives call data, contact information, or personal identifiers.
3.9 Subscription Status
All payments are processed by Google Play Billing. We receive only a confirmation of your subscription status (active, expired, or cancelled) from Google Play to determine your access level. We never receive, store, or process your payment card details.
4. How We Use Your Information
| Data | Purpose | Legal Basis |
|---|---|---|
| Call metadata (on-device) | Screen incoming calls | App functionality |
| Anonymous device ID | Support chat session continuity | App functionality |
| Trial management hash | Free trial fraud prevention | App functionality |
| Crash diagnostics | Fix bugs and improve stability | Legitimate interest |
| Performance metrics | Optimize app speed | Legitimate interest |
| Support chat messages | Respond via Claude AI | Consent (you initiate) |
| Community hashes (opt-in) | Improve spam detection for all users | Consent |
We do not use any data for advertising, marketing profiling, or sale to third parties. Ever.
5. Third-Party Services
| Service | Provider | Data Received | Purpose |
|---|---|---|---|
| Firebase Crashlytics | Google LLC | Crash diagnostics | Stability monitoring |
| Firebase Performance | Google LLC | Performance metrics | Speed optimization |
| Firebase Remote Config | Google LLC | No user data | App configuration |
| Claude AI | Anthropic, PBC | Support chat messages | AI support responses |
| OpenCNAM | OpenCNAM LLC | Full 10-digit incoming number (transmitted via TLS, zero-retention terms) | Caller ID lookup |
| Supabase | Supabase Inc. | Anonymous device ID, support messages, trial hash | Support chat, trial management |
| Google Play Integrity | Google LLC | SHA-256 device hash | Trial fraud prevention |
| Google Play Billing | Google LLC | Purchase tokens only | Subscription management |
6. Permissions Requested by Callro
ROLE_CALL_SCREENING: Required to receive incoming call information from Android and make screening decisions. Does not grant access to contacts, call logs, microphone, or location data.
POST_NOTIFICATIONS: Required to display silent alerts about screened or blocked calls.
RECEIVE_BOOT_COMPLETED: Required to automatically restart call screening protection after the device reboots.
INTERNET: Required to download spam database updates in the background and to enable the optional AI support chat feature.
FOREGROUND_SERVICE: Required to maintain continuous call screening when the App is not in the foreground.
7. Data Retention
| Data | Retention |
|---|---|
| On-device call logs | Until you clear them or uninstall |
| Crash diagnostics | 90 days (Firebase default) |
| Performance metrics | 90 days (Firebase default) |
| Support chat messages | 12 months from last message, then deleted |
| Anonymous device ID | Until app uninstall |
| Trial management hash | 90 days after inactivity (our servers) / Up to 3 years (Google Play Integrity) |
| Community spam hashes | 90 days from last report, then purged |
8. Data Security
We implement commercially reasonable security measures including:
- TLS 1.3 encryption for all data transmitted between your device and any server
- Encrypted on-device storage using Android Keystore for all locally stored data
- Row-Level Security (RLS) on all database tables
- Anonymous identifiers — no data is linked to your real identity on our servers
- HMAC-SHA256 hashing for community spam reports — raw numbers never transmitted or stored
- SHA-256 one-way hashing for trial management — raw device identifiers never transmitted
9. Your Privacy Rights
9.1 All Users
- Disable Community Verdict at any time in Settings
- Clear your Shield Log at any time in Settings
- Delete whitelist entries at any time in Settings
- Request deletion of support chat history by emailing support@getcallro.com
- Uninstall the App to immediately remove all on-device data
9.2 Do Not Sell or Share My Personal Information
Callro does not sell, rent, trade, or share your personal information with third parties for their own marketing or advertising purposes.
9.3 California Residents (CCPA/CPRA)
You have the right to know what personal information we collect, request deletion, correct inaccurate data, opt-out of sale (we do not sell), and non-discrimination for exercising your rights. Contact support@getcallro.com with subject "CCPA Privacy Request." We respond within 45 days.
9.4 Virginia Residents (CDPA)
You have the right to access, correct, delete, and obtain a copy of your personal data. Contact support@getcallro.com with subject "CDPA Privacy Request."
10. Children's Privacy
Callro is not directed at children under 13. We do not knowingly collect personal information from minors. If you believe a child under 13 has provided information through the App, contact us at support@getcallro.com and we will delete it promptly.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through a notice within the App and on our website. Material changes will not take effect until 14 days after notification. We review and update this policy at least once every 12 months in compliance with CCPA requirements.
12. Contact Us
Vindication Inc.
7901 4th St N Ste 300, St. Petersburg, FL 33702
support@getcallro.com
+1 (727) 396-3598
getcallro.com
This Privacy Policy is governed by the laws of the State of Florida, United States.