Privacy Policy — Ittisal

1) Who we are

Ittisal is provided by Saifullah Ahad ("we", "us", "our"). Our website/portfolio is: https://saifullah.ai.

2) What this policy covers

This Privacy Policy explains what information we collect, how we use it, and the choices you have when you use Ittisal (the "App"), a messaging and calling application for Android.

3) Information we collect

We collect the following categories of information depending on which features you use:

• Phone number: Required for account creation and sign-in via one-time verification code (OTP). Stored in Firebase Authentication.
• Profile information: Name, profile photo, and status/about text that you choose to provide. Stored in Firebase Firestore.
• Messages: Text messages you send and receive. Messages are encrypted end-to-end using AES encryption (Google Tink). Encrypted content is stored in Firebase Firestore.
• Media files: Photos, videos, voice messages, and files you share in chats. Stored in Firebase Cloud Storage.
• Contacts: If you grant permission, we read your device contacts to help you find friends who already use Ittisal. Contact data is compared against registered users and is not stored on our servers beyond this lookup.
• Call data: Call metadata (caller, receiver, type, duration, status) for voice and video calls. Stored in Firebase Firestore. Call audio/video is transmitted peer-to-peer via WebRTC and is not recorded or stored.
• Device tokens: Firebase Cloud Messaging (FCM) tokens for delivering push notifications to your device.
• Admin Mode data: If enabled, we store the hashed admin PIN and the list of allowed contact UIDs in Firebase Firestore.

4) How we use information

• Deliver messages, media, and calls between users.
• Authenticate your identity via phone number verification.
• Send push notifications for new messages and incoming calls.
• Enforce Admin Mode restrictions (blocking messages and calls from non-approved contacts).
• Display your profile to other users you communicate with.
• Help you find contacts who use Ittisal.

5) Third-party services

Ittisal uses the following third-party services:

• Firebase Authentication: Phone number sign-in. Privacy Policy
• Firebase Firestore: Message and user data storage. Privacy Policy
• Firebase Cloud Storage: Media file storage. Privacy Policy
• Firebase Cloud Messaging (FCM): Push notifications. Privacy Policy
• Google STUN servers: WebRTC call connection setup. No personal data is sent to STUN servers.

We do not use advertising SDKs, analytics SDKs, or crash reporting services.

6) Sharing and disclosure

We do not sell your personal information. We do not share your data with third parties for advertising or marketing purposes.

Information is shared only in these cases:

• With other users: Your messages, media, profile name, and photo are shared with the users you communicate with.
• Firebase infrastructure: Data is processed and stored on Google Firebase servers to provide app functionality.
• Legal requirements: If required by law or to protect rights, safety, and security.

7) Data retention

Messages and media are retained in Firebase as long as the chat exists. Call metadata is retained for call history purposes. You may request deletion of your account and all associated data by contacting us at the email address below.

8) Permissions used

Ittisal requests the following Android permissions, each used only for its stated purpose:

• Camera: For video calls and taking photos to share in chats.
• Microphone: For voice calls, video calls, and recording voice messages.
• Contacts: To find friends who already use Ittisal (optional).
• Storage/Media: To send and receive photos, videos, and files in chats.
• Notifications: To alert you about new messages and incoming calls.
• Internet: Required for all messaging, calling, and data synchronization.

All permissions are optional except Internet. You can deny any permission in Android settings, though some features may not work without them.

9) Your choices and controls

• Permissions: Allow or deny any permission in Android settings at any time.
• Profile: Edit or remove your profile name, photo, and about text in Settings.
• Admin Mode: Admins can enable, disable, and manage allowed contacts with a PIN.
• Deletion: Request deletion of your account and data by emailing www.saifullah.ai@gmail.com.

10) Security

Messages are encrypted end-to-end using AES encryption with per-chat keys (Google Tink library). All data in transit uses HTTPS encryption (enforced via Firebase). Admin PINs are stored as SHA-256 hashes, not in plain text. We use reasonable technical safeguards to protect your information, but no method of transmission or storage is completely secure.

11) Children's privacy

Ittisal is not directed to children under 13. We do not knowingly collect personal information from children under 13. The Admin Mode feature allows an admin to manage device communications, and requires an admin to set up and control.

12) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy at https://privacy.saifullah.ai/Ittisal and update the effective date above.

13) Contact

If you have questions or requests, contact: Saifullah Ahad
Email: www.saifullah.ai@gmail.com
Phone: +8801711134346
Website: https://saifullah.ai