Information We Collect
CTalk collects only the minimum information necessary to provide and improve the service.
Information you provide directly:
- Account registration data: username, phone number or email address used to create your account.
- Profile information: display name and optional profile photo.
- Support communications: messages you send to our support team.
Information collected automatically:
- Device information: device type, operating system version, and app version.
- Connection metadata: timestamps of connections to our servers and IP addresses (used for IP whitelist enforcement where applicable).
- Crash and error reports: anonymous diagnostic data to improve app stability.
We do not collect: message content, call audio/video, file contents, or any data processed end-to-end. This information is encrypted on your device and is technically inaccessible to us.
How We Use Your Information
The limited information we collect is used exclusively for the following purposes. We never sell, rent, or share your personal data with advertisers or third parties for marketing purposes.
- Account management: to authenticate your identity, deliver notifications, and manage your subscription or plan.
- Service operation: to route messages, facilitate calls, and sync data across your devices.
- Security enforcement: to detect abuse, enforce IP whitelisting, and protect against unauthorized access.
- Product improvement: to diagnose bugs and measure performance using aggregate, anonymized data.
- Legal compliance: to comply with applicable laws and valid legal requests in the jurisdictions where we operate.
End-to-End Encryption
CTalk uses end-to-end encryption (E2EE) by default for all private messages, group chats, voice messages, file transfers, and voice/video calls.
- Messages are encrypted on your device using your private key before being sent to our servers.
- Our servers only store and relay ciphertext — we cannot decrypt or read your messages.
- Decryption only happens on the recipient's device using their private key.
- Perfect Forward Secrecy (PFS) ensures that session keys rotate with every message.
Zero-knowledge architecture: Even if compelled by a court order, CTalk cannot provide the contents of your messages because we do not have access to them.
Data Storage & Retention
Messages and media are stored in encrypted form on our servers only long enough to be delivered to the recipient. Once delivered, they are deleted from our servers.
Account data (username, phone/email, profile photo) is retained for as long as your account is active. If you delete your account, we will permanently erase your account data.
Server logs containing IP addresses and connection timestamps are retained for a maximum of 90 days for security purposes, after which they are automatically purged.
Third-Party Services
CTalk uses a limited number of third-party services strictly necessary for operating the platform. We do not integrate advertising networks, social media trackers, or data analytics platforms that harvest user behavior.
- Push notification providers (Apple APNs, Google FCM): only a device token and message count are shared — no message content.
- Cloud infrastructure providers: servers are hosted on reputable cloud providers bound by data processing agreements. All stored data is encrypted at rest.
Cookies & Analytics
The CTalk website uses only strictly necessary cookies for session management and security. We do not use advertising cookies or cross-site tracking cookies.
We may use privacy-preserving analytics tools that collect aggregate, anonymized data (such as page visit counts) without identifying individual users.
Children's Privacy
CTalk is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.
If you believe a child has provided us with personal information without parental consent, please contact us at [email protected] and we will promptly delete the information.
International Data Transfers
CTalk operates globally, which means your data may be transferred to and processed in countries other than where you reside. We ensure that all cross-border data transfers are conducted under appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized by applicable data protection law.
Regardless of where data is processed, the protections described in this policy apply to all users.
Your Rights
Depending on your location, you may have certain rights regarding your personal data. Contact us at [email protected]. We will respond within 30 days.
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated data.
- Portability: Request a machine-readable export of your data.
- Objection: Object to specific types of data processing.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
Security
We implement industry-standard technical and organizational measures to protect your data:
- End-to-end encryption for all message content.
- Encryption at rest (AES-256) for all server-stored data.
- TLS 1.3 for all data in transit between your device and our servers.
- Regular independent third-party security audits.
- Strict internal access controls with audit logging.
We are committed to promptly notifying affected users and relevant authorities in the event of a data breach, as required by law.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app, via email, or by updating the "Last updated" date at the top of this page.
Your continued use of CTalk after the effective date of any changes constitutes your acceptance of the updated policy.