Privacy Policy - Kalibrant

1. Data Controller

Kalibrant acts as the Data Controller as defined by the General Data Protection Regulation (GDPR). We are committed to protecting your privacy through a strict "Security by Design" approach.

🛡️ The "Double Shield" Charter

At Kalibrant, we implement a proprietary Double Shield masking system. This ensures that your personal identifiers (email addresses, phone numbers) are pseudonymized before they ever reach our technical analysis logs or database.

No Message Body Storage: We do NOT store the body content of your emails or SMS messages. Only metadata required for analysis is processed.
Masking at Source: Personal identifiers (e.g., email addresses) are masked (e.g., "j***@g***l.com") in all our internal logs and databases.

Our analysts work on hashed data structures, ensuring that specific individuals cannot be identified from technical logs alone. Nothing of value is left un-anonymized, and nothing that does not need to be stored is retained.

2. Data Collection & Processing

We collect data solely for the purpose of providing phishing analysis and cybersecurity guidance. This includes:

Account Data: Email address (for authentication via Firebase).
Scan Data: URLs, emails, or texts submitted for risk analysis.
Support Messages: Communications with our "Serenity" experts.

3. Purpose Limitation & Data Minimization

Your data is processed strictly to:

Deliver risk assessments for submitted content.
Provide personalized cybersecurity advice (Serenity Tier).
Manage your subscription and account access.

We do not sell, rent, or monetize your personal data to third parties.

4. Your Rights & Total Erasure

Under GDPR, you have the right to access, rectify, and erase your data. Kalibrant goes a step further with our Total Erasure commitment.

⚠️ Total Erasure Clause

Deleting your account via the Kalibrant app triggers an immediate, total, and irreversible wipe of your data. This includes:

Your authentication record.
All submitted scans and analysis history.
All support chat logs and metadata.

Once confirmed, this action cannot be undone, even by our support team.

5. Sub-processors

To provide our service, we rely on trusted, compliant sub-processors:

Google Firebase: Hosting, Authentication, and Database infrastructure.
Google Cloud Platform: Secure cloud storage and computing.
RevenueCat: Subscription and payment entitlement processing.