Privacy Policy

We collect minimal information necessary to provide the Sampark service and ensure its security. The categories of information we collect include:

• Account Information — We collect your phone number to create your account and send OTPs via Firebase. You may optionally provide a display name and profile picture.
• Messages & Media — All your messages (including text, photos, videos, and voice messages) are End-to-End Encrypted (E2EE) by default. We cannot read or access them. Undelivered messages are kept in encrypted form on our servers for up to 30 days.
• Connections & Contacts — If permitted by your device permissions, we access your device address book on a cryptographic hashed basis to efficiently identify which of your contacts are also using Sampark.
• Log & Connection Data — When you use Sampark via WebRTC for calls, IP addresses are temporarily exchanged between peers to establish direct connections. To maintain quality and diagnose issues, we may collect minimal connection timestamps.
• Device & Telemetry Data — We collect anonymous application analytics, crash reports, hardware models, OS versions, and browser information exclusively to debug application anomalies and combat automated scraping activities.

We use your data in strict conformity with privacy regulations, exclusively for the following purposes:

• Service Provision: Operating, delivering, improving, and customizing our Services (e.g., verifying your phone number via Firebase Authentication, connecting WebRTC video streams).
• Safety & Security: Verifying accounts and activity, combating abusive conduct, investigating suspicious activities, ensuring the safety of our Services, and maintaining the integrity of our API.
• Communications: Responding to your user support inquiries or sending updates related to our Terms and Policies.

We do not sell, rent, or monetize your personal data in any context. We only share information in these constrained scenarios:

• Service Providers: We work with third-party providers (like Google Firebase for auth, WebRTC ICE Servers/STUN/TURN relays) to operate our platform. These providers are bound by strict confidentially and data processing agreements.
• Legal Obligations: We may access, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests; (b) enforce our Terms.

Sampark is architected with a privacy-by-design methodology:

• Signal Protocol: All personal messages and calls are encrypted end-to-end using the open-source Signal encryption protocol. No one, not even Sampark, can read your messages.
• In-Transit & At-Rest: While your payload content is E2EE, connection metadata is simultaneously safeguarded via TLS 1.3 in-transit and 256-bit AES-GCM at-rest within our databases.
• Minimal Persistence: Hashed representation models restrict what identifiable nodes are retained.

Depending on your region, you may be entitled to expanded privacy rights concerning your personal data. We comply with major international privacy frameworks.

• Right to Access: You can request a readable copy of the personal data we hold about you.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your account and related metadata from our systems permanently.
• Right to Restrict Processing: You may opt-out of data usage that falls under anonymous service telemetry and analytics.

We maintain varying retention cycles conditioned on the data necessity:

• Account Data: Retained for the lifetime of your active profile.
• Undelivered Messages: Cryptographically shielded on our servers for up to 30 days pending delivery. Standard messages are instantly wiped from our relays upon successful dual-receipt.
• Deletion Protocols: If you explicitly delete your account, your profile matrix, tokens, associated logs, and hashed identifiers are structurally purged from primary infrastructure within 30 days, subject only to strict legal retention mandates.

We organically evolve our infrastructure to deliver a superior secure experience. When we amend this Privacy Policy significantly, we will provide you prominent notice (e.g., as an in-app persistent banner) detailing the iterations prior to their effective applicability. Continued usage of our Services unconditionally translates to affirmative acceptance of such amended terms.

If you possess lingering queries, concerns, or formalized requests associated with how we harbor and process your personal data, you may reach our Data Protection Officer exclusively at: