PRIVACY POLICY

Effective Date: September 11, 2025

1. SCOPE AND ACCEPTANCE 

1.1 This Privacy Policy (“Policy”) governs all processing of Personal Data (as defined in Section 2) by Trust Call : Caller ID & Block (“the App,” “we,” “us,” or “our”) in connection with the installation, access, or use of the App and any related services we provide (“Services”).

1.2 By downloading, installing, accessing, or using the App, you (“you” or “user”) acknowledge that you have read, understood, and agree to be legally bound by this Policy and our Terms of Service. If you do not agree, you must not access or use the App.

2. AGE RESTRICTION 

The App is not directed to, and we do not knowingly collect Personal Data from, individuals under eighteen (13) years of age. By using the App, you represent that you are at least eighteen (13) years old. If we learn that we have inadvertently collected Personal Data from a minor under 13, we will promptly delete such information.

3. INTERPRETATION AND DEFINITIONS 

3.1 Interpretation

(a) Headings and titles are for convenience only and do not affect interpretation.
(b) Words denoting the singular include the plural and vice versa; references to any gender include all genders.
(c) The phrase “including” means “including without limitation.”

3.2 Definitions

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the Company, where “control” means ownership of more than fifty percent (50 %) of the voting power.

“Applicable Law” means all binding laws, regulations, regulatory guidance, and court or administrative orders applicable to the processing of Personal Data.

“Maxify Global,” “Company,” “we,” “us,” or “our” means Maxify Global APPS – Developer of Trust Call : Caller ID & Block

“Device” means any electronic device capable of accessing the Services, including smartphones, tablets, or similar equipment.

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that person.

“Services” means the Trust Call : Caller ID & Block mobile application and any related services, features, or content provided by the Company.

“Usage Data” means data collected automatically through the use of the Services, including, without limitation, IP addresses, device identifiers, browser type, operating system version, time stamps, and diagnostic information.

“User,” “you,” or “your” means the individual who accesses or uses the Services, or, where applicable, the legal entity on whose behalf that individual is acting.

4. DATA COLLECTION AND PROCESSING

4.1 Categories of Personal Data

We process the following categories of Personal Data only to the extent necessary to provide, maintain, and improve the Services:

Technical & Device Data

• IP address, device identifier, operating system version, language settings, network type, and   similar diagnostics (“Technical Data”).

• Lawful basis: performance of the contract (Art. 6(1)(b) GDPR) and our legitimate interest in ensuring network security and fraud prevention (Art. 6(1)(f) GDPR).

Call-Related Data

• Incoming and outgoing telephone numbers (but not the content of calls) and call duration.

• Your local contact list (names and numbers only) solely for the purpose of displaying caller  identification and spam detection within your Device.

• Lawful basis: explicit consent (Art. 6(1)(a) GDPR; §1798.120 CCPA). You may revoke consent at any time via the in-app “Permissions” screen.

Advertising & Analytics Data

• Google Advertising ID (AAID) or any successor identifier.

• A randomly generated installation ID used to evidence your consent status for personalized advertising.

• Lawful basis: consent (Art. 6(1)(a) GDPR). You may reset or opt-out of ad personalization through (i) Android Settings ➜ Google ➜ Ads, or (ii) the “Ad Preferences” menu within the App.

4.2 Data Minimization & Retention
We do not collect more data than is adequate, relevant, and limited to what is necessary for the purposes described. Each category is retained only for the period required to fulfil those purposes or to comply with Applicable Law.

5. PURPOSES AND LEGAL BASES OF PROCESSING

We process Personal Data strictly for the following specified purposes and on the corresponding legal bases:

5.1 Provision of Core Services

> Caller Identification & Spam Prevention

• Purpose: To recognize, label, and suppress incoming or outgoing calls identified as spam, fraud, or otherwise unwanted.

• Legal basis: Performance of the contract (Art. 6(1)(b) GDPR), and our legitimate interest in protecting users and network integrity (Art. 6(1)(f) GDPR).

5.2 Service Optimization

> Performance Monitoring & Troubleshooting

• Purpose: to detect crashes, measure response times, and improve speed, stability, and compatibility across Devices.

• Legal basis: legitimate interests in maintaining a secure and efficient service (Art. 6(1)(f) GDPR).

5.3 Advertising (where enabled)

> Limited Ad Delivery

• Purpose: to serve contextual or non-personalized advertisements via certified networks (e.g., Google AdMob) using Advertising IDs solely for frequency capping, fraud detection, or aggregated reporting.

• Legal basis: consent (Art. 6(1)(a) GDPR; §1798.120 CCPA). You may withdraw consent at any time as described in Section 7.

5.4 Prohibited Processing

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. We do not sell, rent, or otherwise disclose Personal Data for monetary or other valuable consideration beyond the purposes expressly stated in this Section 5.

6. INTERNATIONAL TRANSFERS & THIRD PARTY DISCLOSURES

6.1 Categories of Recipients

We engage the third-party service providers listed in Schedule A (together, “Third-Party Controllers”). Each Third-Party Controller determines its own purposes and means of processing and is therefore an independent controller within the meaning of GDPR Art. 4(7) and CCPA §1798.140(w). We do not authorize any recipient to use Personal Data for purposes beyond those described in Section 5.

6.2 Transfer Mechanisms

(a) Intra-EU/EEA transfers: Processed in accordance with Applicable Law.

(b) Transfers to Adequate Countries: Carried out under the European Commission’s then-current adequacy decisions.

(c) Transfers to Other Countries: Governed by the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or any successor clauses approved by the European Commission. Where SCCs apply, we have completed transfer impact assessments and adopted supplementary technical and organizational safeguards (encryption in transit, pseudonymization, minimized data fields, audit rights, and sub-processor due-diligence).

(d) UK Transfers: effected under UK Addendum to the EU SCCs or UK International Data Transfer Agreement, as applicable.

6.3 Legal and Regulatory Disclosures

We may disclose Personal Data when required by Applicable Law, competent judicial or administrative authority, or to exercise or defend legal claims, provided that we will use reasonable efforts to notify you unless prohibited.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, Personal Data may be transferred as part of that transaction subject to the same safeguards described herein.

Schedule A – Third-Party Controllers (as of the Effective Date)

1. Google LLC (Firebase, Analytics, AdMob, Ads) – USA

2. Meta Platforms Ireland Ltd. (Audience Network) – USA

3. AppLovin Corporation – USA

4. Unity Technologies – USA

5. Mintegral International – Singapore

6. Liftoff Mobile, Inc. – USA

Each entity above publishes its own privacy notice and adheres to GDPR, CCPA, and Google Play policies. We do not sell Personal Data beyond the transfers listed in this Schedule.

7. DATA SUBJECT RIGHTS AND OPT-OUT MECHANISMS 

7.1 Scope of Rights

Subject to Applicable Law, you may exercise the following rights at any time:

(a) Right of Access – obtain confirmation of whether we process Personal Data and receive a copy.

(b) Right to Rectification – correct inaccurate or incomplete Personal Data.

(c) Right to Erasure (“right to be forgotten”) – request deletion where no overriding lawful basis exists.

(d) Right to Restriction – temporarily or permanently restrict processing in specified circumstances.

(e) Right to Data Portability – receive Personal Data in a structured, machine-readable format and/or request direct transmission to another controller where technically feasible.

(f) Right to Object – object to processing based on legitimate interests or direct marketing.

(g) Right to Withdraw Consent – revoke consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.2 Exercise of Rights

You may exercise any of the above rights by:

(i) Emailing us at apps.maxifyglobal@gmail.com from the address associated with your account.

We will respond within one (1) month of receipt (extendable by two (2) months for complex requests) in accordance with Applicable Law.

7.3 Consequences of Opt-Out

Withdrawing consent or disabling data collection may result in limited or non-functional access to certain features (e.g., caller identification, spam detection, personalized advertising). We will inform you of any material impact at the time of your request.

7.4 Do Not Sell or Share (CCPA)

We do not sell Personal Data as defined by the CCPA. California residents may nonetheless submit a “Do Not Sell or Share My Personal Information” request via the methods set out in Section 6.2; we will record and respect such preferences.

7.5 Third-Party Links

The Services may contain hyperlinks to external websites or services that are not operated by us. If you click on a third-party link, you will be directed to that party’s site. We strongly advise you to review the privacy notice of every site you visit. We have no control over, and assume no responsibility or liability for, the content, privacy policies, or practices of any third-party sites or services.

8. DATA SECURITY

8.1 Technical and Organizational Measures

We implement state-of-the-art technical and organizational measures (“TOMs”) designed to ensure a level of security appropriate to the risk, including:

(a) Pseudonymization & Minimization: identifiers are separated from direct identifiers wherever feasible; only strictly necessary data fields are processed.

(b) Access Control: role-based access with least-privilege principles, multi-factor authentication for administrative accounts, and periodic access reviews.

(c) Resilience & Recovery: redundant infrastructure, documented back-ups, and a tested disaster-recovery plan with a Recovery Time Objective (RTO) ≤ 24 hours.

(d) Supplier Obligations: Data Partners are bound by Data Processing Agreements or Standard Contractual Clauses incorporating security schedules at least as protective as our own TOMs.

8.2 Continual Improvement

Security measures are reviewed at least annually, and updated whenever there is a material change in risk profile or Applicable Law.

9. CHILDREN'S PRIVACY

9.1 Age Restriction

The Services are not directed to, and we do not knowingly offer them to, children under thirteen (13) years of age (“Children”). By accessing or using the Services, you represent and warrant that you are at least thirteen (13) years old, or, if older than thirteen (13) but younger than the age of majority in your jurisdiction, that you have obtained verifiable parental consent as required by Applicable Law.

9.2 COPPA Compliance (United States)

(a) No Intentional Collection: We do not knowingly collect, use, or disclose Personal Data from Children without verifiable parental consent as defined under the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506.

(b) Parental Rights: A parent or legal guardian may:

 (i) review any Personal Data we may have collected from their Child;

 (ii) request immediate deletion of such data; and

 (iii) refuse further collection or use of their Child’s Personal Data.

(c) Deletion Timeline: Upon receiving a verified parental request, we will delete the relevant Personal Data within thirty (30) calendar days and confirm deletion to the requesting parent or guardian.

9.3 Contact for Parental Requests

Parents or legal guardians may exercise any rights under this Section 8 by emailing us at:

apps.maxifyglobal@gmail.com 

Please include “COPPA/GDPR Parental Request” in the subject line and provide sufficient information to allow us to locate the Child’s account, if any.

10. RIGHTS OF EEA AND SWISS INDIVIDUALS

10.1 Statutory Rights

If you are located in the European Economic Area or Switzerland, you have the following rights under Regulation (EU) 2016/679 (“GDPR”) and, where applicable, the Swiss Federal Act on Data Protection (“FADP”):

(a) Right of Access (Art. 15 GDPR / § 8 FADP) – Obtain confirmation and a copy of your Personal Data.

(b) Right to Rectification (Art. 16 GDPR / § 5 FADP) – Correct inaccurate or incomplete data.

(c) Right to Erasure (Art. 17 GDPR) – Obtain deletion where no overriding legal basis exists.

(d) Right to Restriction of Processing (Art. 18 GDPR) – Limit processing while we verify or contest issues.

(e) Right to Data Portability (Art. 20 GDPR) – Receive data in a structured, commonly used, machine-readable format or have it transmitted to another controller.

(f) Right to Object (Art. 21 GDPR) – Object at any time to processing based on legitimate interests or direct marketing.

(g) Rights related to Automated Decision-Making (Art. 22 GDPR) – Not be subject to decisions based solely on automated processing producing legal or similarly significant effects.

10.2 Exercise Procedure

To exercise any of the above rights, please email us at apps.maxifyglobal@gmail.com  with “GDPR/FADP Rights Request” in the subject line. We may request additional information to verify your identity. We will respond within one (1) month of receipt; that period may be extended by two (2) further months where requests are complex or numerous.

10.3 No Fee; Manifestly Unfounded Requests

We do not charge a fee for exercising your rights unless your request is manifestly unfounded or excessive, in which event we may charge a reasonable administrative fee or refuse to act.

11. CALIFORNIA CONSUMER PRIVACY RIGHTS 

11.1 Scope

This Section 10 applies solely to California residents and supplements the rights described elsewhere in this Policy. It reflects the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).

11.2 Categories of Personal Information

In the preceding twelve (12) months we have collected the following categories of Personal Information (as defined in CCPA § 1798.140(v)):

(a) Identifiers; (b) Commercial information; (c) Internet or other electronic network activity; (d) Geolocation data; and (e) Inferences drawn from the above. We have not sold Personal Information and do not sell or share Personal Information for cross-context behavioral advertising.

11.3 Rights Granted

Subject to verification and applicable exceptions, you may:

(a) Right to Know (§ 1798.110) – Request disclosure of:

 (i) categories and specific pieces of Personal Information collected;

 (ii) categories of sources;

 (iii) business or commercial purpose;

 (iv) categories of third parties with whom we share; and

 (v) categories of Personal Information sold or shared (if any).

(b) Right to Delete (§ 1798.105) – Request deletion of Personal Information collected from you, subject to certain statutory exceptions.

(c) Right to Correct (§ 1798.106) – Request correction of inaccurate Personal Information.

(d) Right to Opt-Out of Sharing (§ 1798.120) – Direct us not to “share” Personal Information for cross-context behavioral advertising. Because we do not engage in such sharing, no action is required to opt-out; nevertheless, you may still submit an opt-out request.

11.4 How to Exercise Your Rights

You (or an authorized agent registered with the California Secretary of State) may submit a request:

• By email: apps.maxifyglobal@gmail.com  (subject line: “CCPA Request”); or

We will respond within forty-five (45) days of receipt. Complex requests may be extended once by an additional 45 days with prior notice. We will verify your identity using information already in our possession or may request additional information; sensitive data will not be used for verification beyond what is necessary.

11.5 Non-Discrimination

We will not discriminate against you for exercising any CCPA rights, including by denying services, charging different prices, or providing a different quality of service, except where the difference is reasonably related to the value provided by your data.

11.6 Shine the Light

Under California Civil Code § 1798.83, California residents may request once per calendar year a list of Personal Information (if any) disclosed to third parties for their direct marketing purposes in the preceding calendar year. Because we do not disclose Personal Information for third-party direct marketing, no such list exists.

12. DATA RETENTION AND DELETION

12.1 Retention Principles

Personal Data are retained only for the period necessary to fulfil the purposes described in this Policy and to comply with Applicable Law. Retention periods are determined by:

(a) the original purpose for collection;

(b) contractual, legal, or regulatory obligations (e.g., fraud prevention, tax, accounting); and

(c) the applicable statute of limitations.

12.2 Local Storage & User-Controlled Deletion

The App stores Personal Data locally on the Device only. Because the Services do not require user registration or maintain user accounts, you may permanently erase such data at any time by:

(a) Clearing the App’s data through your Device’s application settings; or

(b) Uninstalling the App.

Upon either action, all locally stored Personal Data are irreversibly removed from the Device.

12.3 Residual Server Data

Except as set out in Section 11.2, we do not retain Personal Data on our servers once the above retention periods expire. Anonymized or aggregated data that can no longer be linked to an identifiable individual may be retained indefinitely for analytical or statistical purposes.

12.4 Statutory Exceptions

Notwithstanding the above, we may retain Personal Data beyond the stated periods where necessary to:

(i) Comply with a legal or regulatory obligation;

(ii) Establish, exercise, or defend legal claims; or

(iii) Protect the vital interests of users or other individuals.

13. REQUESTED ANDROID PERMISSIONS 

We request only the permissions strictly necessary to deliver the Services you choose to enable. Each permission is requested at runtime when the relevant feature is first used and can be revoked at any time through your device settings.

13.1 Network & Connectivity

• INTERNET → Connects to the internet for caller ID services, spam updates, ads, and analytics.

• ACCESS_NETWORK_STATE → Checks if the device is connected to mobile data/Wi-Fi.

• ACCESS_WIFI_STATE → Views Wi-Fi connections to optimize data usage.

13.2 Phone & Call Management

• READ_PHONE_STATE → Detects call status (ringing, ongoing, ended).

• READ_PHONE_NUMBERS → Displays the device’s phone number in settings.

• CALL_PHONE → Allows direct calling when the user taps the “Call” button.

• ANSWER_PHONE_CALLS (Default Dialer only) → Lets the app answer calls automatically.

• MANAGE_OWN_CALLS → Manages the app’s own calls without global control.

• CONFIGURE_PHONE_ACCOUNT → Sets up the app as a phone account (dialer/VoIP).

• READ_CALL_LOG → Reads call history for caller ID and spam detection.

• WRITE_CALL_LOG → Creates or updates entries in the call log.

• MANAGE_BLOCKED_NUMBERS (Default Dialer only) → Blocks or unblocks phone numbers.

13.3 Contacts

• READ_CONTACTS → Reads saved contacts to display caller names.

• WRITE_CONTACTS → Adds/edits contacts or updates blocklists.

13.4 Notifications & Haptics

• POST_NOTIFICATIONS → Sends call alerts, missed call reminders, and spam notifications.

• VIBRATE → Provides vibration feedback for calls, notifications, and alerts.

• WAKE_LOCK → Keeps the device awake during active calls or spam detection.

13.5 Camera & Flashlight

• CAMERA → Used only for accessing the torch hardware.

• FLASHLIGHT → Controls flashlight/torch during calls.

13.6 Media Storage (API ≤ 32)

• READ_EXTERNAL_STORAGE (maxSdk 32) → Reads photos/videos for caller themes on older Android.

• READ_MEDIA_IMAGES (Android 13+) → Selects images for caller screen personalization.

• READ_MEDIA_VIDEO (Android 13+) → Selects videos for caller themes.

13.7 Overlay & System Controls

• SYSTEM_ALERT_WINDOW → Displays caller info or floating UI on top of other apps.

• WRITE_SETTINGS → Changes system settings like ringtones (requires user approval).

14. How we’ll let you know the rules have shifted

Think of this notice as a living document—it can grow, shrink, or pivot whenever new laws appear, business practices evolve, or we simply find a clearer way to explain things.

If we ever make a change that truly matters—something that could affect your rights or the way we handle your data—we’ll reach out through one or more of these channels:

• a banner or alert inside the app;

• a message in your inbox (if you’ve shared your email with us);

• a quick ping on your device.

Feel free to drop by and skim this page anytime; staying up-to-date is the easiest way to see how we’re safeguarding what you share.

15. REACH OUT - WE'RE LISTENING 

Have feedback, doubts, or special requests about how we handle your data? Let’s talk. Drop us a line at apps.maxifyglobal@gmail.com and we’ll get back to you as soon as we can. Your trust drives everything we do, and we’re always ready to make your experience with Trust Call : Caller ID & Block safer, clearer, and built around you.