callNest logocallNest

Privacy

Last updated: 8 May 2026 · Effective: 8 May 2026. Aligned with India's Digital Personal Data Protection Act, 2023.

Short version. Most of your data — call log, contacts, notes, tags — never leaves your phone. The only things that go off-device are: your email (sign-in), an opt-in anonymised crash and analytics signal, and a push token for reminders. You can turn analytics off, sign out, and delete your account any time.

1. Data we process on your device

  • Call log — read locally to list, tag, and score inquiry calls. Never uploaded.
  • Contacts — read to match callers; written only when you enable auto-save into a callNest contact group.
  • Notes, tags, follow-ups, lead scores — stored in an encrypted on-device database.
  • Backups — if enabled, an encrypted snapshot is uploaded to your own Google Drive's app folder. We have no access to it.

2. Data that leaves your device

  • Email + auth token — stored at our auth provider, Supabase, to identify your account on sign-in.
  • FCM push token — a device token from Firebase Cloud Messaging, kept against your account so reminders can be delivered.
  • Crash reports & analytics (opt-in, off by default) — if you enable “Help improve callNest”, anonymised crash traces (Sentry) and screen-level usage events (PostHog) are sent. Phone numbers, contacts, notes, and call content are never sent.
  • AI features (BYOK) — when you use AI features (e.g. weekly digest), the relevant text is sent directly from your phone to Anthropic with your own API key. We never see it.

3. What we do not do

  • We do not record or transcribe calls.
  • We do not sell or rent your data.
  • We do not upload your call log, contacts or notes.
  • We do not run ads or third-party trackers beyond the opt-in analytics named above.

4. Permissions, explained

See the full permissions table for why each Android permission is requested and what we don't do with it.

5. Retention

On-device data lives until you delete the app or clear its data. Server-side data (email, push token) is retained while your account is active. Account deletion clears server-side data within 30 days.

6. Your rights (DPDP)

  • Access — export your data anytime via Settings → Backup or Excel/CSV/PDF export.
  • Correction & deletion — edit or delete any record on-device. Account deletion via the email below.
  • Withdraw consent — turn off “Help improve callNest” in Settings.
  • Grievance officer — see contact below; we acknowledge within 7 days.

7. Security

On-device data is in an encrypted Room database. Sensitive secrets (e.g. your Anthropic API key) use EncryptedSharedPreferences (Android Keystore-backed AES-256-GCM). Network traffic uses TLS 1.2+.

8. Website analytics

callnest.pooniya.com uses Google Analytics 4 only when a measurement ID is configured. IP addresses are anonymised; no cross-site tracking.

9. Children

callNest is not directed at children under 18 and we do not knowingly collect data from them.

10. Contact & grievance officer

Grievance Officer: Mahendra Puniya
Email: mahendrapuniya92@gmail.com
Address: Primathon, India.