Privacy Policy

Last updated: June 9, 2026

This Privacy Policy describes how Vocis ("we", "our", "us") collects, uses, and protects your personal data when you use our mobile application (the "App").

1. Data We Collect

We collect the following data to provide the App's functionality:

• Account data: username, display name, and password (hashed with bcrypt — we never store passwords in plaintext).
• Profile data: display name and online status (shared with your contacts).
• Communications: text messages sent through the App (stored on our server until delivery, then retained for chat history).
• Media files: images, videos, and other files you share through the App (stored temporarily on our server, auto-deleted after 24 hours).
• Local device storage: if you opt in to "Remember Me", your username and password are stored encrypted on your device (Android EncryptedSharedPreferences) for automatic log-in. Missed call history is also stored locally.
• Call data: HD audio calls are relayed through our server in real-time. Audio streams are not recorded or stored.
• Device information: we do not collect device IDs, IMEI, MAC addresses, or any hardware identifiers.

2. How We Use Your Data

Your data is used exclusively to operate the App:

• Authenticate you and maintain your session (JWT tokens, 30-day expiry).
• Display your contacts and their online status.
• Deliver text messages and file transfers between you and your contacts.
• Relay HD audio calls between you and your contacts (real-time only, not stored).
• Provide over-the-air (OTA) app updates (legacy — all updates are now distributed through Google Play Store).

3. Data Storage and Security

• Server: Data is stored on a VPS hosted at IONOS (Germany). The database is SQLite with WAL mode. Passwords are hashed with bcrypt. All API communication is encrypted via HTTPS/TLS.
• Device: Your JWT token and saved credentials are stored encrypted on your device using AES-256 encryption (Android EncryptedSharedPreferences).
• Retention: Chat messages are kept for continuous history. Media files are auto-deleted after 24 hours. Server and access logs may contain IP addresses, user IDs, and usernames; they are retained for up to 30 days.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties. Your messages, files, and calls are only accessible to you and the contacts you communicate with.

5. Your Rights

You have the right to:

• Access your data — contact us to request a copy.
• Delete your account and associated data — contact us to request deletion.
• Correct inaccurate data — contact us to request corrections.
• Withdraw consent — uninstalling the App stops all data collection.

To exercise these rights, contact us at: neural_core@sys32.net

6. Third-Party Services

The App uses the following third-party services:

• Google STUN server (stun.l.google.com:19302) — used for WebRTC NAT traversal during calls. No personal data is sent.
• Let's Encrypt — TLS certificate authority for HTTPS. No personal data is shared.

7. Children's Privacy

The App is not intended for users under the age of 13. We do not knowingly collect data from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be notified through the App.

9. Contact

For privacy-related inquiries: neural_core@sys32.net