Privacy Policy

Brey ("we", "our", or "us") operates the Brey mobile application and website (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2.1 Information you provide

• Phone number — used to create and identify your account and to send one-time verification codes (OTP) via SMS.
• Display name — optional name you choose for your profile.
• Payment information — credit/debit card details entered during top-up are processed directly by Stripe, Inc. We do not store full card numbers on our servers.

2.2 Information collected automatically

• Call records — destination numbers, call duration, timestamps, and call status (completed, missed, failed). We do not record the content of calls.
• Device tokens — Apple Push Notification (APNs) or Firebase Cloud Messaging (FCM) tokens used to deliver incoming call notifications.
• IP address and device information — collected for security, fraud prevention, and service diagnostics.
• Usage data — app interactions, error logs, and crash reports used to improve the Service.

2.3 Information we do NOT collect

• We do not record, store, or listen to the audio content of any call.
• We do not access your device contacts unless you explicitly grant permission, and contact data is processed locally on your device only.
• We do not sell your personal information to third parties.

• To create and maintain your account
• To authenticate you via SMS one-time passwords
• To route and connect VoIP calls via the Telnyx telecommunications network
• To process payments and manage your calling credit balance
• To send inbound call notifications to your device
• To detect fraud, abuse, and security incidents
• To comply with applicable laws and regulations
• To improve and develop the Service

3.1 Customer Proprietary Network Information (CPNI)

Information about the calls you make — including the destination phone numbers you call, the duration of each call, the time and frequency of your calls, and the type of service you use — is "Customer Proprietary Network Information" (CPNI) under U.S. federal telecommunications law (47 U.S.C. § 222 and the FCC's CPNI rules).

We use CPNI only to provide and bill for the Service, to detect fraud or abuse, and to comply with the law. We do not use CPNI for marketing other communications-related services, and we do not share CPNI with third parties for marketing purposes without your prior express written consent. You may restrict our use of your CPNI at any time by contacting privacy@wificall.app; restricting CPNI use will not affect the provision of services you have purchased.

We share your information only as described below:

• Telnyx, Inc. — our telecommunications provider routes calls and sends SMS messages on our behalf. Telnyx processes destination phone numbers and call metadata as required to complete calls.
• Stripe, Inc. — processes payment card data to handle credit purchases. Stripe's use of your information is governed by the Stripe Privacy Policy.
• Google Firebase / Apple APNs — deliver push notifications for incoming calls. Only a device token and call metadata (caller ID, call ID) are shared; call audio is never transmitted through these services.
• Legal obligations — we may disclose information when required by law, court order, or to protect the safety of users or the public.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

For the purposes of the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), we do not "sell" your personal information, and we do not "share" it for cross-context behavioral advertising.

• Account data — retained for the duration of your account and for up to 90 days after deletion.
• Call records — retained for up to 12 months to support billing disputes and regulatory requirements.
• Payment records — retained for 7 years as required by financial regulations.
• OTP codes — automatically purged 10 minutes after creation.

We use industry-standard measures to protect your information, including TLS encryption for data in transit, hashed storage of sensitive credentials, and access controls on our infrastructure. However, no method of transmission over the internet is 100% secure.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

Your information may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

Depending on your location, you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate data.
• Deletion — request deletion of your account and personal data, subject to legal retention requirements.
• Portability — request your data in a structured, machine-readable format.
• Opt-out of marketing — we do not send marketing communications without your consent.

To exercise any of these rights, email us at privacy@wificall.app. We will respond within 30 days.

The Brey mobile app does not use cookies. Our website uses only essential cookies required for session management on the top-up payment page. We do not use advertising trackers or analytics cookies.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you additional rights regarding your personal information. These supplement the rights described in Section 9 above.

• Right to know — request the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete — request deletion of personal information we hold about you, subject to legal exceptions (for example, we must retain payment records for 7 years and call records for up to 12 months for billing and regulatory purposes).
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell your personal information and we do not share it for cross-context behavioral advertising. There is therefore nothing to opt out of, but you have this right if our practices ever change.
• Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes other than providing the Service.
• Right to non-discrimination — we will not deny, charge different prices for, or provide a different quality of service because you exercised any of these rights.

To exercise any of these rights, email privacy@wificall.app with the subject "California Privacy Request" and include your phone number on file with the Service. We will verify your identity and respond within 45 days. You may also designate an authorized agent to make a request on your behalf.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the EU General Data Protection Regulation (GDPR) and UK GDPR give you additional rights regarding your personal information.

13.1 Legal basis for processing

We process your personal information on the following legal bases:

• Performance of a contract — to provide the calling service you signed up for, route and bill calls, and respond to support requests.
• Legitimate interests — to detect fraud and abuse, secure the Service, and improve our product. These interests do not override your fundamental rights.
• Legal obligation — to comply with U.S. telecommunications, tax, and law-enforcement requirements.
• Consent — for any processing that requires consent (we will always ask first; you can withdraw consent at any time).

13.2 Your rights

• Right of access, rectification, erasure, and portability (as described in Section 9)
• Right to restrict or object to processing based on our legitimate interests
• Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal
• Right to lodge a complaint with your national Data Protection Authority (in the UK: the Information Commissioner's Office at ico.org.uk)
• Right not to be subject to solely automated decision-making with legal effect

13.3 International data transfers

Your information is processed in the United States, where our service providers and infrastructure are located. Where we transfer personal information out of the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to provide an appropriate level of protection. A copy of these safeguards is available on request.

13.4 How to exercise your rights

Email privacy@wificall.app with the subject "GDPR Request" and your phone number on file. We will verify your identity and respond within 30 days. If we cannot fulfill your request, we will explain why and the legal basis for the decision.

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@wificall.app
• General inquiries: support@wificall.app