Privacy Policy — Callora

Callora (“we”, “us”, or “our”) is operated by ShunyaTech. This Privacy Policy explains how we collect, use, and protect your information when you use the Callora app.

1. Information We Collect

Phone Number

When you enable the wake-up call feature, you provide your phone number. It is stored securely on your device using iOS Keychain (Secure Store) and transmitted to our servers solely to place a wake-up call on your behalf. We do not store your full phone number on our servers — we store a one-way hash of it for fraud detection purposes only.

Device Token

If you use the app without signing in, we generate a random anonymous device token to track your call usage. This token contains no personal information.

Apple Account

If you choose to sign in with Apple, we receive your Apple ID email address (or Apple’s private relay email if you opt to hide it). This is used solely for account management and call count tracking.

Call Logs

We record metadata about each wake-up call: timestamp, delivery status (connected, voicemail, SMS fallback), and a hashed phone number. We do not record call audio.

Usage Data

We collect basic usage data including call counts and purchase history to enforce usage limits and process refunds.

2. How We Use Your Information

To place wake-up calls to your verified phone number
To enforce free tier limits (5 calls) and track purchased call credits
To detect and prevent abuse of the service
To send SMS fallback messages if a phone call cannot connect

3. Third-Party Services

We share limited data with the following services to operate Callora:

Twilio (twilio.com)

Places phone calls and sends SMS messages. Your phone number is transmitted to Twilio to initiate calls. Twilio’s privacy policy applies to call data.

Supabase (supabase.com)

Our backend database. Stores your call count, purchase credits, and anonymised call logs. Data may be stored on servers located outside Australia, including in the United States. By using the app you consent to this transfer.

RevenueCat (revenuecat.com)

Processes in-app purchases. RevenueCat receives a transaction ID and anonymous user ID to verify purchases. No payment card data passes through our servers.

Sentry (sentry.io)

Error monitoring. May receive anonymised error logs and device metadata. No personal data is intentionally sent to Sentry.

4. Data Retention

Device tokens and call counts are retained for 12 months of inactivity then deleted. If you sign in with Apple, your account data is retained until you request deletion. Hashed phone numbers in call logs are retained for up to 90 days.

5. Your Rights

You may request deletion of your data at any time by emailing support@shunyatech.com.au. We will delete your account, call history, and any associated data within 30 days.

6. Children's Privacy

Callora is not directed at children under 13. We do not knowingly collect data from children under 13.

7. Changes to This Policy

We may update this policy from time to time. Continued use of the app after changes constitutes acceptance of the updated policy.

8. Contact

For privacy questions or data deletion requests: support@shunyatech.com.au