Introduction
WorldCall ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information when you use our website, mobile applications, and services (collectively, the "Services").
Information We Collect
1. Information You Provide
- Account information (email, name, phone number, city, country)
- Payment information (processed securely through PayPal)
- Communication preferences
- Support inquiries and feedback
2. Information We Automatically Collect
- Device information (IP address, browser type, operating system)
- Usage data (pages visited, features used, time spent)
- Call logs (for billing and quality purposes)
- Cookies and similar tracking technologies
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Services
- Process payments and send billing information
- Respond to your inquiries and support requests
- Send transactional and promotional communications
- Detect, prevent, and address fraud and security issues
- Comply with legal obligations
- Analyze usage patterns to improve user experience
Information Sharing and Disclosure
We do not sell your personal information. We may share information with:
- Service Providers: Companies that help us operate (payment processors, cloud providers, analytics)
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In case of merger, acquisition, or bankruptcy
Data Security
We implement comprehensive technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:
Encryption in Transit
- TLS/SSL 1.2+: All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocol with minimum 256-bit encryption
- HTTPS Only: The entire application runs over HTTPS. No sensitive data is transmitted over unencrypted HTTP connections
- Certificate Pinning: Mobile applications implement certificate pinning to prevent man-in-the-middle attacks
- Perfect Forward Secrecy: Encryption keys are ephemeral and not reused, ensuring past communications remain secure even if encryption keys are compromised
Encryption at Rest
- Database Encryption: All sensitive data stored in our Supabase PostgreSQL database is encrypted at rest using AES-256 encryption
- Call Metadata: Phone numbers, call duration, timestamps, and related call data are encrypted both in transit and at rest
- Payment Information: Payment details are never stored on our servers. PayPal handles all payment processing and encryption
- User Credentials: Passwords are hashed using bcrypt with salt and never stored in plaintext
- Storage Encryption: All backup and archival data is encrypted with 256-bit AES encryption
Application Security
- SQL Injection Prevention: All database queries use parameterized statements to prevent SQL injection attacks
- XSS Protection: Cross-site scripting protection is implemented through context-aware output encoding
- CSRF Protection: Cross-site request forgery protection using secure token validation
- Content Security Policy: CSP headers limit the sources from which content can be loaded
- Secure Cookies: Authentication cookies use HttpOnly and Secure flags, preventing JavaScript access and transmission over unsecured connections
Authentication & Access Control
- Two-Factor Authentication (2FA): Users can enable TOTP-based 2FA for additional account protection
- Password Requirements: Minimum 8 characters with uppercase, lowercase, number, and special character requirements
- Session Management: Secure session tokens expire after 24 hours of inactivity
- Role-Based Access Control: Administrative functions are restricted to authorized users only
- API Key Security: Third-party integrations use secure API keys with restricted permissions
Security Monitoring & Incident Response
- Intrusion Detection: We monitor for suspicious activity and potential security breaches
- Audit Logging: All critical operations are logged with timestamps and user information
- Incident Response: In the event of a security breach, affected users will be notified within 72 hours
- Regular Security Audits: We conduct regular security assessments and penetration testing
- Vulnerability Management: We maintain an active vulnerability disclosure program
However, no method of transmission over the Internet is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. Users are responsible for maintaining the confidentiality of their passwords and account information.
Cookies and Tracking
We use cookies to enhance your experience. Most web browsers allow you to control cookies through their settings. You can choose to decline cookies, but this may affect your ability to use some features of our Services.
Your Rights
You have the right to:
- Access your personal information
- Correct inaccurate information
- Request deletion of your information (subject to legal requirements)
- Opt-out of marketing communications
- Request a copy of your data
To exercise these rights, please contact us at info@worldcall.app
Third-Party Links
Our Services may contain links to third-party websites. This Privacy Policy does not apply to those sites, and we are not responsible for their privacy practices. We encourage you to review their privacy policies.
Children's Privacy
Our Services are not intended for children under 13. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information and terminate the child's account.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date or by sending you an email notification.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at: