Do you sell or use my data for anything other than the bare essential phone service functionality?
No we do not.
Who else is processing my data?
What data do you actually store?
Only the absolute bare essentials - we don't even keep your name/email on our servers, we leave it on PayPal and fetch it temporarily "as needed".
Here's what SichboPhone is storing on its servers:
- Your PayPal OpenID. This is a bunch of random useless text that looks something like "lu07TY1naXb65muAOZ3L9GrLseI2xcujXbezIeT9fUk" with a PayPal url in front of it.
- Your sessions so that we can log you in.
- Your PayPal top-up payments so we can let you rent numbers and make calls.
- Your call and SMS records (Date, From, To, Status, Charge) so that we can keep a balance and you can read your history.
- The text contents of your SMS messages so that you can read them, until you delete them.
- Your voice mail recordings, until you delete them.
On SichboPhone servers all text messages and voice mail recordings are AES encrypted at rest using a key that is unique to your account, and your account key is itself also encrypted with a master key which is never disk-persisted on our infrastructure.
Here's what our telco provider Nexmo is storing:
- Call Definition Records (CDRs) which have a Date, From, To, Status, Charge, and SMS contents.
- CDRs are kept around on their side for 13 months and cannot be deleted.
How do I delete my SichboPhone data?
Although transaction records can't be deleted for billing reasons, you can permanently delete your sensitive call/sms information off SichboPhone's servers at any time. Here's what happens when you delete something:
- An 'undo' record is created for 48hrs to protect you from accidental or malicious deletions in case someone else was fiddling with your device.
- The text message contents and the other party's From/To number is deleted off of SichboPhone's servers.
- Voice mail recordings are marked for deletion.
What remains from a deleted record is:
- Your phone number that incurred the charge.
- The charge amount.
- The charge date and time.
- A random unique ID which correlates with Nexmo, our telco provider.
- Meaningless, non-identifying status flags.
- The 'undo' record and voice mail recording are permanently deleted after 48hrs, making the voice mail completely irrecoverable, whilst the meta data only recoverable through Nexmo.
You can delete things in a couple of ways. If there are just a few things you want to delete, simply right-click or tap+hold on the item within the app and select "Delete".
If you want to trash 100% of everything on your account, head into History, open the menu and select "Delete all personal data".
When your account is cancelled, the same "Delete all personal data" command is run automatically 30 days later.
What about my stuff sitting in backups?
For everything except for voice mail recordings, consistent daily backups are kept in geographically redundant locations for 14 days. This means even after your 48hr undo window ends, we still really have a copy for little while longer before it's gone forever.
Voice mail recordings have no off-site backup. They're gone 48hrs after deletion when the undo time period has elapsed.
What happens when I cancel my account?
- The account is marked "deleted" and we immediately cancel all numbers associated with the account.
- Any remaining PayPal balance is refunded.
- 30 days after cancellation we run the "Delete all personal data" command as outlined above.
- We never kept a record of your name, email or billing details in the first place, so at this point all of your data is anonymised and we're left with dates, amounts and random IDs only for accounting purposes.
I have a question.
Cool! I probably have an answer!
Last updated 2018-11-20