Privacy Policy
StealthX ("we", "us", "our") operates the SecureCall mobile application (the "App"). This Privacy Policy describes how we collect, use, and protect your information.
Our Commitment
SecureCall is built on the principle that privacy is a fundamental right. We collect the absolute minimum data necessary to provide our service, and in most cases, we collect no data at all.
Data Collection by Tier
FREE Version
| Data Type | Collected | Details |
|---|---|---|
| Call content | No | End-to-end encrypted; we cannot access it |
| Call metadata | No | No call logs stored on servers |
| Contacts | No | Contact data never leaves your device |
| Crash reports | Yes (opt-out) | Anonymous crash data via Firebase Crashlytics |
| Analytics | No | No usage analytics or behavioral tracking |
| IP address | Transient | Visible to signaling server during call setup only; not logged |
PRO Version
| Data Type | Collected | Details |
|---|---|---|
| Call content | No | End-to-end encrypted |
| Call metadata | No | No call logs stored |
| Crash reports | No | Crashlytics disabled |
| Analytics | No | Zero telemetry |
| IP address | Transient | Visible during signaling only; not logged |
PREMIUM Version
| Data Type | Collected | Details |
|---|---|---|
| Call content | No | End-to-end encrypted |
| All metadata | No | Zero data collection |
| IP address | No | Masked via GhostNet relay network |
How Encryption Works
- All voice calls are encrypted end-to-end using XChaCha20-Poly1305 (AEAD encryption)
- Key exchange uses X25519 (Elliptic Curve Diffie-Hellman)
- Perfect Forward Secrecy ensures past communications remain secure even if keys are compromised
- Encryption keys are generated on your device and never transmitted to our servers
- We have zero ability to decrypt your calls
Data That Reaches Our Servers
The only data that passes through our infrastructure:
- Signaling data — Encrypted call setup messages (routed via temporary identifiers)
- Encrypted audio packets — Opaque encrypted data; we cannot read or listen to it
We do not store signaling data or audio packets after the call ends.
Third-Party Services
FREE Version Only: Firebase Crashlytics (Google) collects anonymous crash reports. You can opt out in Settings.
PRO and PREMIUM Versions: No third-party services. Zero external data sharing.
All Versions: Google Play Billing handles payment processing. We never see your payment details.
Data Sharing
We do not sell, trade, rent, or share your personal data with anyone. Period.
Your Rights (GDPR)
Under the EU General Data Protection Regulation, you have the right to access, rectify, erase, port, object to, and restrict processing of your data. Since we collect virtually no personal data, most of these rights are satisfied by default.
To exercise your rights, contact: GitHub Issues
Data Deletion
To delete all data: open SecureCall Settings, select "Delete All Data", and uninstall the app. Since we don't store data on our servers, uninstalling removes all traces.
Children's Privacy
SecureCall is not intended for children under 18. We do not knowingly collect data from children.
Open Source Transparency
Our source code is publicly available for inspection at github.com/NeaBouli/stealth. You don't have to trust our claims — you can verify them yourself.
Changes to This Policy
We will notify users of any material changes to this Privacy Policy through in-app notifications and by updating the "Last Updated" date above. Continued use of the App after changes constitutes acceptance of the updated policy.
Contact
For privacy-related inquiries: GitHub Issues
StealthX · Germany
This privacy policy complies with the EU General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG).