Compliance & Security
We take data protection, regulatory compliance, and user safety seriously.
Data Protection
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Access Control
Role-based access with least-privilege principle
Data Residency
Primary data stored in Firebase (Google Cloud) Mumbai region
Backup
Automated daily backups with 30-day retention
Regulatory Compliance
IT Act 2000
Compliant with Indian Information Technology Act and amendments
DPDP Act 2023
Aligned with Digital Personal Data Protection Act requirements
RBI Guidelines
Payment processing follows RBI digital payment regulations via Cashfree
TRAI
VoIP communications comply with TRAI guidelines
Security Measures
Authentication
Firebase Auth with phone/email verification and optional 2FA
API Security
Bearer token authentication with automatic refresh
Rate Limiting
API rate limiting to prevent abuse and DDoS
Monitoring
Real-time security monitoring and alerting
User Privacy
Anonymity
User identities are never revealed to buddies during calls
Minimal Collection
We only collect data necessary for service delivery
Deletion Rights
Users can request complete data deletion at any time
No Selling
We never sell or share personal data with third parties for marketing
Payment Security
PCI DSS
Payment processing via PCI DSS compliant Cashfree gateway
No Card Storage
We never store card details — handled entirely by Cashfree
Audit Trail
Complete transaction logs for all financial operations
Auto Refunds
Automated refund system for failed or dropped calls
Platform Compliance
Google Play
Compliant with Google Play Developer policies and content guidelines
App Store
Follows Apple App Store Review Guidelines
Agora
Voice calls via Agora SDK with end-to-end encryption
Firebase
Google Cloud security standards and certifications (SOC 2, ISO 27001)
Questions about compliance?
Our team is happy to discuss our security practices and certifications.
Contact Compliance Team