Privacy Policy

Last Updated: March 7, 2026

1. Data Controller

Kalibrant acts as the Data Controller as defined by the General Data Protection Regulation (GDPR). We are committed to protecting your privacy through a strict "Security by Design" approach.

🛡️ The "Double Shield" Charter

At Kalibrant, we implement a proprietary Double Shield masking system. This ensures that your personal identifiers (email addresses, phone numbers) are pseudonymized before they ever reach our technical analysis logs or database.

No Message Body Storage: We do NOT store the body content of your emails or SMS messages. Only metadata required for analysis is processed.
Masking at Source: Personal identifiers (e.g., email addresses) are masked (e.g., "j***@g***l.com") in all our internal logs and databases.

Our analysts work on hashed data structures, ensuring that specific individuals cannot be identified from technical logs alone. Nothing of value is left un-anonymized, and nothing that does not need to be stored is retained.

2. Data Collection & Processing

We collect data solely for the purpose of providing phrasing analysis, threat intelligence, and cybersecurity guidance. This includes:

Account Data: Email address (for authentication via Firebase).
Scan Data: URLs, domains, emails, or texts submitted for risk analysis. We query industry-leading threat intelligence networks and utilize advanced AI models to assess risks without retaining your personal data.
Support Messages: Communications with our "Serenity" experts.

🔒 End-to-End Encryption (E2EE)

All support messages sent within the 'Serenity' tier are protected by strong Hybrid End-to-End Encryption (E2EE) using Curve25519, XSalsa20, and Poly1305 algorithms.

This means your messages are encrypted on your device and can only be decrypted by the intended Kalibrant expert. Kalibrant's infrastructure, servers, and automated systems cannot read your messages at rest or in transit. Your private key never leaves your device's secure enclave.

3. Biometric Authentication

To enhance the security of your app access, Kalibrant supports Biometric Authentication (such as Face ID or Touch ID). All biometric processing occurs entirely locally on your device's secure enclave. Kalibrant does not collect, transmit, or store your biometric data on its servers at any time.

4. Purpose Limitation & Data Minimization

Your data is processed strictly to:

Deliver risk assessments for submitted content through our threat intelligence engines.
Provide personalized cybersecurity advice (Serenity Tier).
Manage your subscription and account access.
Monitor for compromises involving your provided credentials (Data Breach Monitoring).

We do not sell, rent, or monetize your personal data to third parties.

5. Your Rights & Total Erasure

Under GDPR, you have the right to access, rectify, and erase your data. Kalibrant goes a step further with our Total Erasure commitment.

⚠️ Total Erasure Clause

Deleting your account via the Kalibrant app triggers an immediate, total, and irreversible wipe of your data. This includes:

Your authentication record.
All submitted scans and analysis history.
All encrypted support chat logs and metadata.
Your public keys stored on our servers.

Once confirmed, this action cannot be undone, even by our support team, and any inaccessible encrypted data is permanently destroyed.

6. Sub-processors

To provide our service, we rely on trusted, compliant sub-processors:

Google Firebase: Hosting, Authentication, and Database infrastructure.
Google Cloud Platform: Secure cloud computing functionality.
Apple / Google: Subscription, receipt validation, and payment entitlement processing.
Threat Intelligence Providers: World-class enterprise security networks queried securely for scan and breach analysis.