Introduction
SpamWatch is developed and operated by Eric Brasch, an individual developer based in Costa Mesa, California. This privacy policy explains how SpamWatch collects, uses, and protects your information when you use our spam call blocking application.
Information We Collect
- Email address at registration
- Phone number stored as a cryptographic hash, never in plaintext, never reversible
- Spam call reports submitted by the user including reported phone numbers and optional category selection
- App usage data including sync timestamps and subscription status
- Payment information processed by Stripe, we never see or store your card details
Information We Do NOT Collect
- Call content or recordings of any kind
- Your contact list or address book
- Location data or GPS coordinates
- Device identifiers beyond what Apple provides for push notifications
- Browsing history or activity outside the app
How We Use Your Information
- To provide spam call identification and blocking through iOS CallKit
- To match your registered number against active marketing lists to warn you proactively before calls arrive
- To aggregate reported numbers into campaign clusters for blocking
- To send push notifications about your protection status and at-risk alerts
- To process subscription payments via Stripe
- To improve our spam detection algorithms
How We Protect Your Information
- Your phone number is stored using HMAC-SHA256 cryptographic hashing with a secret server-side key. This means even if our database were compromised, your actual phone number could not be recovered.
- All data transmission uses TLS 1.2 or higher encryption
- Database access is restricted using row level security policies meaning users can only access their own data
- We never sell your personal information to any third party
- We never share your information with marketers or data brokers
Spam Number Reporting
- Numbers you report as spam are used to build our shared community block list
- Reported numbers are processed by our clustering system but are not individually attributed to you when distributed to other users
- Reported numbers that reach our confidence threshold are distributed to all SpamWatch users as part of the shared block list
- The block list contains reported spam numbers only, never user personal data
Third Party Services We Use
- Supabase for database and authentication infrastructure
- Stripe for payment processing, subject to Stripe's own privacy policy
- Cloudflare for security and performance
- Apple CallKit for on-device call blocking and identification
- Expo for app build and push notification infrastructure
Data Retention
- Account data is retained until you delete your account
- Spam reports are retained to improve platform detection accuracy
- When you delete your account all personal data is removed within 30 days
- Aggregated, non-personal spam detection data may be retained indefinitely
Your Rights
- Request access to the personal data we hold about you
- Request deletion of your account and associated personal data
- Opt out of push notifications at any time through iOS Settings
- Contact us at privacy@getspamwatch.com for any privacy related requests
Children's Privacy
SpamWatch is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information please contact us immediately.
California Privacy Rights
As a California resident you have additional rights under the California Consumer Privacy Act including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. Contact privacy@getspamwatch.com to exercise these rights.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes through the app or by email. Continued use of SpamWatch after changes constitutes acceptance of the updated policy.