Credail.Back to Home

Privacy Policy

Effective Date: February 17, 2026 · Last Updated: February 17, 2026

1. Introduction

Credail ("we," "us," or "our") operates the Credail mobile application and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Credail, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

  • Phone number — used as your primary identifier and for OTP-based authentication via Twilio Verify.
  • Display name and profile photo — voluntarily provided to personalize your profile.
  • About / status text — optional self-description visible to your contacts.

2.2 Messages and Communications

  • Text messages, images, videos, audio messages, documents, stickers, and GIFs sent or received through the Service.
  • Group chat metadata including group name, members, and roles.
  • Message delivery and read receipts, typing indicators, and online presence status.
  • Status/Story updates (text, image, or video content that expires after 24 hours).
  • Polls created and votes cast within group chats.

2.3 Voice and Video Calls

  • Call metadata (participants, duration, timestamps).
  • Voice and video call content may be analyzed in real time by our AI system to assess communication quality for Credail Score calculation (tone, clarity, respectfulness, consistency).
  • Call transcription data generated by AI analysis.

2.4 Credail Score and Trust Data

  • Your Credail Score (a numerical trust rating out of 100) computed from four factors: Communication Integrity, Reliability & Responsibility, Character & Humility, and Speech Purity & Respectfulness.
  • Historical score snapshots, trend data, and detailed factor-level breakdowns.
  • Custom weight preferences you set for each trust factor.
  • Peer reliability ratings submitted by other users.
  • AI-detected commitments and follow-up tracking data.

2.5 Contacts

  • With your permission, we sync your device contacts to enable features such as finding other Credail users, displaying contact names, and status privacy controls.
  • Contact data is stored securely and used only for Service-related features.

2.6 Location Data

  • Live location sharing — when you explicitly choose to share your real-time location with a contact or group, your GPS coordinates are transmitted for the duration of the sharing session.
  • Static location messages — when you send a location pin.
  • Location data is only collected when you actively initiate sharing; we do not track your location in the background.

2.7 Device and Technical Information

  • Device identifiers and push notification tokens (Firebase Cloud Messaging).
  • Crash reports and diagnostic data via Firebase Crashlytics.
  • App usage analytics via Firebase Analytics.
  • Network and connection information for real-time messaging reliability.

2.8 Media and Files

  • Photos, videos, audio recordings, and documents you send through the Service are uploaded to our cloud storage (Cloudflare R2) and made available to intended recipients.
  • Thumbnail images are generated for media previews.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Providing the Service — delivering messages, facilitating calls, enabling group chat features, and displaying status updates.
  • Credail Score calculation — analyzing your text messages, voice calls, and video calls using AI to compute and update your trust score.
  • Offline message delivery — queuing messages when recipients are offline and delivering them upon reconnection.
  • Push notifications — sending you alerts for new messages, calls, and status updates.
  • Account security — verifying your phone number via OTP, managing authentication tokens.
  • Service improvement — analyzing usage patterns, diagnosing technical issues, and improving AI scoring accuracy.
  • Chat backup and restore — enabling you to back up your chat history to your personal Google Drive account and restore it when needed.

4. Google API Services — Limited Use Disclosure

Credail uses the Google Drive API to allow you to back up and restore your chat history. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 What We Access

  • We request the drive.file scope, which only allows access to files created by the Credail app in your Google Drive.
  • Backup files are stored in the app-specific appDataFolder, a hidden folder in your Google Drive that is not visible in your regular Drive interface.
  • We cannot access, read, modify, or delete any other files in your Google Drive.

4.2 How We Use Google Drive Data

  • Backup — your chat messages (text content only, no media files) are packaged into a ZIP file and uploaded to your Google Drive's app-specific folder.
  • Restore — previously backed-up files are downloaded from your Google Drive and used to restore your chat history on a new or reinstalled device.
  • List and delete — you can view and delete your existing backups from within the app.

4.3 Limited Use Compliance

  • We do not use Google Drive data for advertising, marketing, or any purpose unrelated to the backup and restore feature.
  • We do not transfer Google Drive data to third parties, except as necessary to provide and improve the backup feature, as required by law, or during a merger or acquisition with advance user notice.
  • We do not use Google Drive data to serve advertisements.
  • We do not allow humans to read your Google Drive data unless you provide affirmative consent for specific messages, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.
  • You can revoke Credail's access to your Google Drive at any time via your Google Account permissions page or by signing out of Google within the Credail app.

5. AI-Powered Analysis

Credail uses artificial intelligence (powered by third-party AI models) to analyze communication patterns and compute your Credail Score. This includes:

  • Text analysis of chat messages for tone, honesty indicators, and language quality.
  • Voice and video call analysis for clarity, respectfulness, consistency, and reliability.
  • Commitment detection and follow-up tracking to measure reliability.

AI analysis results are used solely for Credail Score calculation and related trust features within the Service. Analysis is performed securely and the AI does not retain your raw conversation data after processing.

6. Data Storage and Security

  • Messages and user data are stored on secure servers with access controls.
  • Media files are stored on Cloudflare R2 cloud storage with access-controlled URLs.
  • Authentication tokens are protected using JWT with appropriate expiration times (24 hours for access tokens, 30 days for refresh tokens).
  • On your device, sensitive data (such as Google account credentials for backup) is stored using Android's EncryptedSharedPreferences with AES-256 encryption.
  • We implement industry-standard security measures, but no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

  • Messages — retained as long as your account is active. Pending (offline-queued) messages are delivered and cleared upon recipient reconnection.
  • Status/Story updates — automatically deleted after 24 hours via scheduled cleanup.
  • Call history — retained for 30 days, then automatically purged.
  • Credail Score snapshots — retained for trend analysis (30, 90, 365 day views).
  • Google Drive backups — stored in your personal Google Drive until you delete them. We store only backup metadata (file ID, size, date) on our servers.
  • Account deletion — you may request account deletion at any time. Your account enters a 30-day grace period during which you can cancel. After 30 days, all your data is permanently deleted from our servers.

8. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following limited circumstances:

  • With other Credail users — your messages, profile information, Credail Score, and status updates are visible to your contacts and group members as part of normal Service operation.
  • Service providers — we use trusted third-party services including Twilio (phone verification), Firebase (push notifications, analytics, crash reporting), Cloudflare R2 (media storage), and AI providers (trust score analysis). These providers process data only as necessary to deliver their services to us.
  • Legal requirements — we may disclose your information if required by law, regulation, legal process, or governmental request.
  • Safety — we may disclose data to protect the safety, rights, or property of Credail, our users, or the public.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

9. Your Rights and Choices

  • Access and portability — you can export your chat history using the backup feature.
  • Correction — you can update your profile information, display name, and photo at any time.
  • Deletion — you can delete individual messages, entire chats, status updates, and your account.
  • Privacy controls — you can configure who sees your last seen, profile photo, about, status, and live location through granular privacy settings (Everyone, My Contacts, Nobody).
  • Blocking — you can block contacts to prevent them from messaging you or seeing your information.
  • Credail Score weights — you can customize how your Credail Score is calculated by adjusting factor weights.
  • Google Drive access — you can sign out of Google or revoke access via Google Account settings at any time.
  • Notification preferences — you can customize notification settings within the app.

10. Children's Privacy

Credail is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

11. Third-Party Services

Our Service integrates with the following third-party services:

  • Twilio — phone number verification via OTP.
  • Firebase (Google) — push notifications (FCM), crash reporting (Crashlytics), and analytics.
  • Cloudflare R2 — secure media file storage.
  • Google Drive — optional chat backup storage (user-initiated only).
  • Tenor (Google) — GIF search and sharing.
  • Google Maps — location display in shared location messages.
  • Sentry — error tracking and application monitoring.

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the app or on our website with an updated "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: