1 Introduction
This Privacy Policy explains how Chyra LLC ("ChyraConnect," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the ChyraConnect mobile application and our related services (together, the "Service"). The Service provides Voice over Internet Protocol (VoIP) calling to mobile and landline phone numbers in supported destinations.
By using the Service, you agree to the practices described in this policy. If you have questions, contact us at privacy@chyraconnect.com.
2 Information We Collect
Information You Provide
- Account information: phone number (required for verification), email address, name, and password (stored hashed, never in plain text)
- Profile picture: an optional photo you choose to upload
- Payment information: card details and billing information are collected and processed directly by Stripe. We do not store full card numbers on our servers — we only receive the last four digits, card brand, and transaction confirmations
- Support communications: messages you send us through the contact form or by email
Information Generated by Your Use of the Service
- Call detail records: phone numbers you dial, call timestamps, duration, destination country, and cost
- Transaction history: top-ups, recharges, balance changes, and credit usage
- Device and technical information: device model, operating system version, app version, language, time zone, and IP address
- Push notification tokens: provided by Firebase Cloud Messaging so we can send balance alerts and call notifications
- Diagnostic data: crash reports, performance metrics, and aggregate usage analytics
We do not record or store the audio content of your calls. Voice is transmitted in real time between you and the person you call, and is not retained by us.
Information From Third Parties
- Payment confirmations from Stripe
- Call delivery status and quality metrics from our telecommunications partners
3 App Permissions
The ChyraConnect app may request the following permissions on your device. Each is used only for the purpose described, and most are optional.
- Microphone — used during voice calls. Audio is transmitted in real time and is never recorded by us.
- Notifications — used to deliver alerts about your balance, calls, and account.
- Contacts (optional) — if you grant access, we read contact names and numbers from your device locally so we can show contact names in the dialer and call history. Your contact list is not uploaded to our servers.
- Photos / Camera (optional) — used only when you choose to upload or change your profile picture.
You can revoke any of these permissions at any time in your device settings. Revoking microphone access will prevent you from making calls.
4 How We Use Your Information
We use the information we collect to:
- Operate, deliver, and bill the calling Service
- Authenticate you and secure your account
- Process payments and maintain accurate balances
- Route, connect, and price calls through our telecommunications partners
- Send receipts, balance alerts, and service notifications
- Provide customer support
- Detect and prevent fraud, abuse, and unauthorized use
- Comply with legal, regulatory, and tax obligations
- Improve the Service through aggregate analytics and crash diagnostics
Marketing Communications
We may occasionally send promotional communications about new features, rate changes, or special offers. You can opt out at any time by clicking the unsubscribe link in any marketing email or by contacting us.
5 Legal Bases for Processing (EEA / UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:
- Contract — to provide the Service you've signed up for
- Legitimate interests — fraud prevention, security, and improving the Service
- Legal obligation — tax, telecommunications recordkeeping, and anti-fraud laws
- Consent — for optional features such as marketing communications, where we ask for it
6 How We Share Your Information
We do not sell your personal information. We share information only where it's needed to operate the Service or where we're legally required to do so.
Service Providers
- Stripe — processes payments and stores billing details securely
- SignalWire and IDT Express — route and terminate your calls on the public phone network
- Amazon Web Services (AWS) — hosts our backend and stores account data
- Google Firebase — delivers push notifications and aggregate analytics
These providers are contractually obligated to protect your data and to use it only for the services they provide to us.
Telecommunications Routing Data
When you place a call, we share the destination phone number, your verified phone number, the time and duration of the call, and call-routing metadata with our telecommunications partners (SignalWire and IDT Express). This information is required to connect the call across the public phone network and to bill you accurately. The audio of your conversation is transmitted in real time and is not stored by us.
Legal Requirements
We may disclose your information if required by law, such as in response to a court order, subpoena, or other valid legal process.
Business Transfers
If Chyra LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
7 International Data Transfers
We are based in the United States. Our service providers may store and process your data in the United States or other countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect your information when it is transferred internationally.
8 Data Retention
We keep your information only as long as we need it. Specific retention periods include:
- Account data — for as long as your account is active, plus a reasonable wind-down period after closure
- Call detail records and transaction records — up to 7 years to meet billing, tax, and telecommunications recordkeeping obligations
- Diagnostic data — typically up to 90 days
- Profile pictures — deleted promptly when you remove them or close your account
9 Data Security
We use industry-standard practices to protect your information:
- Encryption in transit (TLS / HTTPS for all network traffic)
- Encryption at rest for sensitive stored data
- Strict access controls and audit logging on our backend systems
- PCI DSS-compliant payment processing through Stripe
While we strive to protect your data, no method of transmission or storage is perfectly secure. If you suspect unauthorized access to your account, contact us immediately.
10 Your Rights & Choices
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information
- Object to or restrict certain processing
- Receive a portable copy of your data
- Withdraw consent (where processing is based on consent)
- Lodge a complaint with your local data protection authority. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, email privacy@chyraconnect.com. You can also delete your account directly from the app under Profile → Delete Account.
11 California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights, including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the "sale" or "sharing" of personal information.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. You can exercise your CCPA rights by emailing privacy@chyraconnect.com.
12 Canadian Privacy Rights
If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) gives you the right to access the personal information we hold about you, request that inaccurate information be corrected, and lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).
To exercise these rights or ask any question about how we handle Canadian personal information, email privacy@chyraconnect.com. We respond to all valid requests within 30 days.
13 Children's Privacy
ChyraConnect is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please email us and we will promptly delete it.
14 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date at the top. We encourage you to review this policy periodically.