Credail.Back to Home

Privacy Policy

Effective Date: February 17, 2026 · Last Updated: March 27, 2026

1. Introduction

Credail ("we," "us," or "our") operates the Credail mobile application and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Credail, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

  • Phone number — used as your primary identifier and for OTP-based authentication via Twilio Verify.
  • Display name and profile photo — voluntarily provided to personalize your profile.
  • About / status text — optional self-description visible to your contacts.

2.2 Messages and Communications

  • Text messages, images, videos, audio messages, documents, stickers, and GIFs sent or received through the Service. All messages are stored on our servers for delivery and are processed by AI for trust scoring.
  • Voice notes are stored on our servers and are transcribed and analyzed by AI when a trust report is generated.
  • Group chat metadata including group name, members, and roles.
  • Message delivery and read receipts, typing indicators, and online presence status.
  • Status/Story updates (text, image, or video content that expires after 24 hours).
  • Polls created and votes cast within group chats.

2.3 Voice and Video Calls

  • Call metadata (participants, duration, timestamps).
  • Call audio is recorded both on your device and on our servers. These recordings are stored on Cloudflare R2 cloud storage.
  • Call recordings are transcribed using AI (Google Speech-to-Text or self-hosted Whisper) and analyzed by our AI system to assess communication quality for Credail Score calculation (tone, clarity, respectfulness, consistency).
  • Call transcription data is stored and used for trust report generation.

2.4 Credail Score and Trust Data

  • Your Credail Score is a numerical trust rating out of 100, computed from four factors: Communication Integrity, Reliability & Responsibility, Character & Humility, and Speech Purity & Respectfulness.
  • Any Credail user you have chatted with can generate a trust report about you. This report analyzes all your messages, voice notes, and call recordings across all your chats with that user using AI.
  • You can also generate a trust report about any user you have chatted with, or generate a self-report about yourself.
  • Historical score snapshots, trend data, and detailed factor-level breakdowns are stored permanently for trend analysis.
  • Custom weight preferences you set for each trust factor.
  • Peer reliability ratings submitted by other users.
  • AI-detected commitments and follow-up tracking data.

2.5 Contacts

  • With your permission, we sync your device contacts to enable features such as finding other Credail users, displaying contact names, and status privacy controls.
  • Contact data is stored securely and used only for Service-related features.

2.6 Location Data

  • Live location sharing — when you explicitly choose to share your real-time location with a contact or group, your GPS coordinates are transmitted for the duration of the sharing session.
  • Static location messages — when you send a location pin.
  • Location data is only collected when you actively initiate sharing; we do not track your location in the background.

2.7 Device and Technical Information

  • Device identifiers and push notification tokens (Firebase Cloud Messaging).
  • Crash reports and diagnostic data via Firebase Crashlytics.
  • App usage analytics via Firebase Analytics.
  • Network and connection information for real-time messaging reliability.

2.8 Media and Files

  • Photos, videos, audio recordings, and documents you send through the Service are uploaded to our cloud storage (Cloudflare R2) and made available to intended recipients.
  • Thumbnail images are generated for media previews.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Providing the Service — delivering messages, facilitating calls, enabling group chat features, and displaying status updates.
  • Credail Score calculation — your text messages, voice notes, and call recordings are analyzed by AI to compute your trust score. Any user you chat with can request this analysis by generating a trust report about you.
  • Offline message delivery — queuing messages when recipients are offline and delivering them upon reconnection.
  • Push notifications — sending you alerts for new messages, calls, and status updates.
  • Account security — verifying your phone number via OTP, managing authentication tokens.
  • Service improvement — analyzing usage patterns, diagnosing technical issues, and improving AI scoring accuracy.
  • Chat backup and restore — enabling you to back up your chat history to your personal Google Drive account and restore it when needed.

4. Google API Services — Limited Use Disclosure

Credail uses the Google Drive API to allow you to back up and restore your chat history. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 What We Access

  • We request the drive.file scope, which only allows access to files created by the Credail app in your Google Drive.
  • Backup files are stored in the app-specific appDataFolder, a hidden folder in your Google Drive that is not visible in your regular Drive interface.
  • We cannot access, read, modify, or delete any other files in your Google Drive.

4.2 How We Use Google Drive Data

  • Backup — your chat messages (text content only, no media files) are packaged into a ZIP file and uploaded to your Google Drive's app-specific folder.
  • Restore — previously backed-up files are downloaded from your Google Drive and used to restore your chat history on a new or reinstalled device.
  • List and delete — you can view and delete your existing backups from within the app.

4.3 Limited Use Compliance

  • We do not use Google Drive data for advertising, marketing, or any purpose unrelated to the backup and restore feature.
  • We do not transfer Google Drive data to third parties, except as necessary to provide and improve the backup feature, as required by law, or during a merger or acquisition with advance user notice.
  • We do not use Google Drive data to serve advertisements.
  • We do not allow humans to read your Google Drive data unless you provide affirmative consent for specific messages, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.
  • You can revoke Credail's access to your Google Drive at any time via your Google Account permissions page or by signing out of Google within the Credail app.

5. AI-Powered Analysis

Credail uses artificial intelligence to analyze your communication patterns and compute your Credail Score. When a trust report is generated (by you or another user), the following data is processed by AI:

  • All text messages in the relevant chats are analyzed for tone, honesty indicators, and language quality.
  • All voice notes are transcribed and analyzed.
  • All call recordings are transcribed and analyzed for clarity, respectfulness, consistency, and reliability.
  • Commitments and promises made in conversations are detected and tracked for follow-up.
  • Your group behavior, blocking history, and peer ratings are included in the analysis.

AI analysis is performed by third-party AI providers (see Section 11). The AI does not retain your raw conversation data after processing. Analysis results are used for Credail Score calculation and trust report generation within the Service.

6. Data Storage and Security

  • Messages and user data are stored on secure servers with access controls.
  • Media files are stored on Cloudflare R2 cloud storage with access-controlled URLs.
  • Authentication tokens are protected using JWT with appropriate expiration times (24 hours for access tokens, 30 days for refresh tokens).
  • On your device, sensitive data (such as Google account credentials for backup) is stored using Android's EncryptedSharedPreferences with AES-256 encryption.
  • We implement industry-standard security measures, but no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

  • Messages — retained as long as your account is active.
  • Media files — images, videos, audio, and documents are automatically deleted from our servers after 72 hours. Profile pictures and call recordings are not subject to this automatic deletion.
  • Status/Story updates — automatically deleted after 24 hours.
  • Call history — retained for 30 days, then automatically purged.
  • Call recordings — retained on our servers for transcription and trust scoring purposes.
  • Credail Score history — factor scores from each generated report are retained permanently for trend analysis. Full reports are cached for 24 hours.
  • Google Drive backups — stored in your personal Google Drive until you delete them. We store only backup metadata (file ID, size, date) on our servers.
  • Account deletion — you may request account deletion at any time. Your account enters a 30-day grace period during which you can cancel. After 30 days, all your data is permanently deleted from our servers.

8. Data Sharing and Disclosure

We do not sell your personal information. We share your data in the following circumstances:

  • With other Credail users — your messages, profile information, Credail Score, and status updates are visible to your contacts and group members. Any user you chat with can generate a trust report about you, which includes an AI-generated score and behavioral analysis based on your conversations with them.
  • AI providers — your messages, voice note transcriptions, and call transcriptions are sent to third-party AI providers for trust score analysis. We use providers such as xAI (Grok), Qwen (self-hosted), OpenAI, and DeepSeek. The active provider is configured by our administrators. AI providers process data only as necessary for analysis and do not retain your data after processing.
  • Other service providers — Twilio (phone verification), Firebase (push notifications, analytics, crash reporting), Cloudflare R2 (media and recording storage), Google (Speech-to-Text transcription), and Sentry (error tracking).
  • Legal requirements — we disclose your information if required by law, regulation, legal process, or governmental request.
  • Safety — we disclose data when necessary to protect the safety, rights, or property of Credail, our users, or the public.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, user data is transferred. We will notify you before your data becomes subject to a different privacy policy.

9. Your Rights and Choices

  • Access and portability — you can export your chat history using the backup feature.
  • Correction — you can update your profile information, display name, and photo at any time.
  • Deletion — you can delete individual messages, entire chats, status updates, and your account.
  • Privacy controls — you can configure who sees your last seen, profile photo, about, status, and live location through granular privacy settings (Everyone, My Contacts, Nobody).
  • Blocking — you can block contacts to prevent them from messaging you or seeing your information.
  • Credail Score weights — you can customize how your Credail Score is calculated by adjusting factor weights.
  • Google Drive access — you can sign out of Google or revoke access via Google Account settings at any time.
  • Notification preferences — you can customize notification settings within the app.

10. Children's Privacy

Credail is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

11. Third-Party Services

Our Service integrates with the following third-party services:

  • Twilio — phone number verification via OTP.
  • Firebase (Google) — push notifications (FCM), crash reporting (Crashlytics), and analytics.
  • Cloudflare R2 — secure media file storage.
  • Google Drive — optional chat backup storage (user-initiated only).
  • Tenor (Google) — GIF search and sharing.
  • Google Maps — location display in shared location messages.
  • Sentry — error tracking and application monitoring.

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to the transfer of your information to these countries. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the app or on our website with an updated "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: