Privacy Policy
Last updated June 7, 2026
This Privacy Policy describes how Telephone (“Telephone,” “we,” or “us”), operated by Matt Cheok and Damjan Stankovic, collects, uses, and shares information when you use our mobile application and related services (the “Service”). Telephone is a voice-calling app that lets you share your availability with friends and start spontaneous calls.
Information we collect
When you use the Service, we collect the following:
- Account information from Apple Sign In. When you sign in with your Apple ID, Apple provides us with your name and email address (which may be a private relay address if you choose Hide My Email). Apple also provides a stable user identifier we use to recognize your account.
- Profile information. Your display name and optional profile picture. You can change either at any time in the app.
- Availability and activity. When you mark yourself available, we store the activity type you chose (e.g. commuting, relaxing, or a custom label), the duration, and the time the window ends.
- Friend graph. Your list of friends, and pending invites you’ve sent or received.
- Reports. If you report another user, we collect the report: your user ID, the reported user’s account details at that time (their ID, display name, and profile picture), the time of the report, and any optional reason you provide.
- Call signaling records. Records of which call rooms you participated in and when you joined or left, used to place and end calls. Call audio itself is described in the next section.
- Device push tokens. The push notification tokens that Apple assigns to each of your devices (a standard APNs token and a PushKit VoIP token), so we can wake your device for incoming calls and other notifications.
- External-call status. A simple boolean indicating whether your device is currently on any phone, FaceTime, or third-party VoIP call, so we don’t interrupt you with a new call invitation. We do not learn which app the call is on.
- Product analytics. Through PostHog (described under sub-processors below), the iOS app records aggregated, bucketed product-usage events such as “availability created” or “call joined.” We use this data solely for product improvement, reliability monitoring, and understanding feature usage. PostHog also receives your device’s IP address and uses it to estimate an approximate, city-level location (such as country and city) for analytics — this is not precise location, is not taken from your device’s location services, and is not used to track your movements. We do not capture call audio, contact lists, or message content. We do not use analytics for advertising, and we do not sell analytics data to third parties.
Real-time call audio
Voice calls are transmitted through LiveKit’s globally-distributed media infrastructure and relayed in real time between participants. Your microphone audio is captured by your device, sent to LiveKit, and forwarded to the other participant. Call audio is encrypted in transit between your device, LiveKit’s infrastructure, and the other participant using WebRTC’s standard DTLS-SRTP encryption.
We do not record your calls. We do not transcribe your calls. We do not store your call audio anywhere on our servers or sub-processors. Once a call ends, no audio data remains.
What we do not collect
- We do not record or transcribe calls.
- We do not access your contacts or address book.
- We do not use your device’s location services or collect precise location (our analytics provider estimates only an approximate region from your IP address, as described above).
- We do not access your calendar.
- We do not access health or fitness data.
- We do not collect payment information.
- We do not use third-party advertising SDKs or tracking pixels.
How we use information
- To authenticate you and keep your account secure.
- To display your name and profile picture to friends you’re connected to.
- To deliver push notifications, including incoming-call wake-ups.
- To place voice calls and notify the other party.
- To improve the Service through aggregated product analytics.
- To review reports of abuse and enforce our Terms.
- To comply with applicable laws and respond to lawful requests.
How we share information with other users
Other users on Telephone see only the information you choose to share with them:
- Your friends see your name and profile picture.
- Your friends see when you mark yourself available and the activity you chose.
- Your friends see when you are currently on a call, so they know not to interrupt you. If the call is with another mutual friend, that person also appears in their view of the active call.
That’s it. We do not sell your personal information. We do not share it with advertisers.
Service providers we use
We rely on the following sub-processors to operate the Service. Each handles a specific piece of infrastructure and is bound by their own privacy and security commitments:
- Vercel (United States) — application hosting. Runtime request logs are retained for up to 24 hours.
- Neon (AWS US West 2, Oregon) — managed Postgres database. Stores your account, profile, availability, friend graph, and call signaling records.
- Cloudflare R2 (Western North America region) — stores profile pictures. Image URLs are randomly generated and not publicly enumerable.
- LiveKit Cloud (United States company, global edge network) — routes real-time call audio. Call media passes through LiveKit but is never recorded or stored.
- PostHog (United States, us.i.posthog.com) — product analytics events generated by the iOS app.
- Slack (United States) — when you report another user, the report is delivered to our team’s private Slack workspace so we can review and act on it.
- Apple — Sign in with Apple, the Apple Push Notification service (APNs), and the PushKit VoIP push service.
Data retention
- Account and profile. Retained while your account is active.
- Device push tokens. Retained until invalidated by Apple or until your device unregisters. Failed tokens are removed automatically.
- Refresh tokens. Stored hashed and rotated when used. Old tokens are revoked.
- Call signaling records. Retained while your account is active and deleted when your account is deleted, except where retention is required for security, fraud prevention, or legal compliance.
- Reports. Retained in our team workspace for as long as needed to review and act on them, and as required for security, abuse prevention, or legal compliance.
- Server logs. Up to 24 hours by default on Vercel.
- Analytics events. Retained by PostHog according to their default retention.
Account deletion
You can delete your account from within the app at any time in Settings › Delete Account. If you’d rather we handle it, contact us through our Support page and we’ll do it for you. Either way, we will confirm and complete the deletion within 30 days.
When we delete your account, we delete or anonymize the personal information associated with it, except where retention is required for security, fraud prevention, legal compliance, or legitimate operational purposes. Deleted accounts cannot be restored.
Your choices and rights
You can change your name or profile picture at any time in the iOS app’s settings. You can revoke notification permissions in iOS Settings › Notifications. You can revoke microphone permission in iOS Settings › Privacy › Microphone (the Service will not be able to place calls without it).
If you are located in the European Economic Area, United Kingdom, or another jurisdiction with similar laws, you may have additional rights including the right to access, correct, or restrict processing of your personal data. To exercise any of these rights, contact us through our Support page.
California privacy rights
If you are a California resident, the California Consumer Privacy Act (“CCPA”) gives you certain rights regarding your personal information, including the right to know what categories of personal information we collect, the right to request access to that information, and the right to request deletion, subject to applicable legal exceptions. To exercise these rights, contact us through our Support page. We do not sell your personal information.
International users
Telephone is operated from the United States. The information we collect is processed and stored on infrastructure located primarily in the United States, and routed through globally-distributed edge servers (in the case of real-time call audio). By using the Service from outside the United States, you consent to this transfer.
Children's privacy
Telephone is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.
Security
We use HTTPS for all data in transit. Account data is stored in an encrypted-at-rest managed Postgres database. Authentication uses short-lived JSON Web Tokens with refresh-token rotation. We follow standard practices to protect your data, though no system is perfectly secure.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we’ll update the “Last updated” date at the top of this page. Material changes will be communicated through the app.
Contact
Questions about this policy or your data? Reach us through our Support page.