Last updated: 2026-06-29

VocaGuard ("we", "our", or "the app") is a real-time scam call detection service. This policy explains what data we collect, how we use it, and your rights.

1. How VocaGuard Works

VocaGuard detects scam calls by routing incoming calls through a secure private server. When you enable call forwarding, your carrier forwards incoming calls to the VocaGuard server, which transcribes the audio using speech recognition and runs scam detection. If a scam is detected, a push notification is sent to your phone in real time.

No call is recorded for storage. Audio is transcribed in memory and discarded immediately after analysis.

2. Data We Collect

• Call audio (server-side) — When call forwarding is active, the audio stream passes through the VocaGuard server for real-time transcription and scam analysis. Audio is processed in memory only and is never stored or retained after the call ends.
• Call transcripts (on-device) — A text transcript of calls flagged as suspicious is stored locally on your device in an encrypted database. The 50 most recent transcripts are kept; older ones are deleted automatically. Transcripts are never uploaded to our servers.
• Caller phone numbers — The phone number of incoming callers flagged as potential scams is stored locally on your device as part of the call history. This is the caller's number, never your own. Numbers are also checked against a local scam database and optionally against the NumVerify API (if you configure an API key).
• FCM device token — A Firebase Cloud Messaging token is registered with the VocaGuard server to deliver real-time scam alerts to your device. The token identifies your device to the notification service but contains no personal information.
• App settings — Sensitivity level, language preference, theme, and other preferences are stored locally in SharedPreferences on your device.
• Crash reports — If the app crashes, an anonymous crash report is sent to Firebase Crashlytics. Reports contain device model, Android version, and a stack trace. They do not contain call audio, transcripts, or phone numbers.

3. Data Shared With Third Parties

• Firebase Cloud Messaging (Google) — Used to deliver scam alert push notifications. Governed by Google's Privacy Policy.
• Firebase Crashlytics (Google) — Used for anonymous crash reporting to improve app stability. Governed by Google's Privacy Policy.
• NumVerify (optional) — If you enter an API key, caller phone numbers are sent to numverify.com for reputation lookup over HTTPS. You control whether this key is configured.
• Community blocklist (optional) — If you tap "Sync Now", your device downloads a list of known scam numbers from a public URL. No data is uploaded.

We do not sell, rent, or share your personal data with any other third parties. We do not use advertising networks or profiling services.

4. Permissions Used

• READ_PHONE_STATE, ANSWER_PHONE_CALLS — Identify the caller and detect call state changes.
• RECORD_AUDIO — Used for on-device speech recognition as a supplementary detection method on devices where call forwarding is not active.
• CALL_PHONE, SEND_SMS — Used by Family Guard Mode to alert designated family contacts when a scam is detected.
• POST_NOTIFICATIONS — Display real-time scam alert notifications.
• INTERNET — Communicate with the VocaGuard server, deliver FCM notifications, and perform optional NumVerify lookups.
• NOTIFICATION LISTENER SERVICE — Read notification content from WhatsApp, Telegram, Facebook Messenger, and SMS apps to detect scam messages in real time. Only the text of incoming messages from unknown senders is analysed; messages from saved contacts are never scanned. No message content is stored or transmitted to our servers.
• SYSTEM_ALERT_WINDOW (optional) — Display an on-screen warning overlay during a detected scam call. Requires manual grant.
• RECEIVE_BOOT_COMPLETED — Restart background services after device reboot so protection is always active.
• READ_CONTACTS — Identify known contacts so they can be excluded from scam screening.

5. Family Guard Mode

If Family Guard Mode is enabled, the names and phone numbers of designated family contacts are stored locally on the device. When a scam is detected, VocaGuard sends an SMS alert and optionally places a phone call to those contacts. Contact information is never transmitted to our servers.

6. Data Retention & Deletion

All personal data (transcripts, settings, contacts) is stored exclusively on your device. You can delete individual call records from the History tab at any time. Uninstalling VocaGuard permanently removes all locally stored data.

Server-side: call audio is processed in memory and never written to disk. FCM tokens are removed from our server when you uninstall the app or revoke the token.

7. Data Security

Call audio is transmitted to our server over an encrypted TLS connection. On-device transcripts are stored in an encrypted Room database. FCM tokens are transmitted over HTTPS.

8. Children's Privacy

VocaGuard is not directed at children under 13 and does not knowingly collect personal information from children.

9. Changes to This Policy

Material changes to this policy will be reflected with a revised "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions or data deletion requests, contact us at: support@vocaguard.com