Privacy Policy

Summary

NOX is designed to avoid the collection of personal data wherever technically possible. No phone contacts, no call log, no location, no advertising identifier, no user profile. The app operates entirely on your device.

The only communications with servers happen to: (a) download an updated list of phone numbers classified as spam; (b) verify through Google Play that the running copy of the app is legitimate and unmodified. Neither exchange contains any user-identifying data.

1. Data Controller

Pursuant to Articles 4 and 24 of Regulation EU 2016/679 (GDPR), the Data Controller is:

Ivan Di Gregorio: Natural person (individual); Via N. Tommaseo 10, 20039 Canegrate (MI), Italy; Email: privacy@noxcalls.app

NOX is developed and distributed as an independent project. Mandatory designation of a Data Protection Officer (DPO) under GDPR Art. 37 is not applicable, as the triggering conditions are not met.

2. Personal Data Processed

NOX is designed according to the principles of data minimization (GDPR Art. 5.1.c) and privacy by design (GDPR Art. 25). This means processing is reduced to the minimum technically necessary for service operation.

2.1 Data processed exclusively on the device

The following data is accessed by NOX on the user's device and never leaves the device. It is not transmitted to any server, not stored externally, not shared with third parties.

Incoming phone numbers: intercepted via Android's CallScreeningService API only during the instant the phone rings, to compare them against the local list of spam-classified numbers. The number is not logged, recorded, or transmitted.
Numbers manually added to blacklist: saved in encrypted local storage (EncryptedSharedPreferences, AES-256). Not synced with any cloud service.
Aggregated statistical counters: total count of calls blocked, allowed, filtered. These are numeric values with no identifier association and reside exclusively on the device.

According to Google Play's official guidance, data that stays on the device and is not sent to external servers does not constitute data collection.

2.2 Data transmitted to external servers

NOX communicates with only two remote endpoints. In both cases, the data exchanged cannot identify the natural person using the app.

2.2.1 Blacklist synchronization server (api.sentinel-risk.io)

NOX periodically downloads a list of numbers classified as spam/scam from a server operated by the Controller. The technical characteristics of this communication are:

Identifier sent to server: a random device identifier generated by the app on first launch (UUID v4), with no link to personal identifiers (no IMEI, no Android ID, no Advertising ID, no Google account, no phone number). This identifier is used exclusively to prevent service abuse.
Direction of data: the server sends data to the client (the spam list). The client does not send call numbers, contacts, call log, or anything similar.
Encryption: all communications occur exclusively over HTTPS (TLS 1.2+) with cryptographic certificate pinning: the client refuses connection if the server's certificate does not match the configured SPKI pins.
Server location: Hetzner Online GmbH, Nuremberg datacenter, Germany (European Union). No data transfer outside the EEA.

2.2.2 Google Play Integrity API

To protect the service from abuse (bots, emulators, tampered app copies), NOX uses the Google Play Integrity service provided by Google LLC. When the app starts and periodically during use, it requests from Google a cryptographic integrity token attesting that the device is genuine, the app is unmodified, and the installation comes from legitimate channels.

Data sent to Google: app package identifier (com.nox.app), cryptographic hash of the app signature, a random nonce generated by the server for each request. No user-identifying data.
Purpose: exclusively anti-abuse and service integrity protection (legitimate interest, GDPR Art. 6.1.f).
Extra-EU transfer: Google LLC is established in the United States. The transfer is covered by the following legal bases: (i) Google LLC's certification under the EU-U.S. Data Privacy Framework issued by the U.S. Department of Commerce on July 10, 2023; (ii) Standard Contractual Clauses (SCC) of the European Commission included in the Google Cloud Data Processing Addendum.
Official documentation: developer.android.com/google/play/integrity and cloud.google.com/privacy/gdpr.

In summary, the only data leaving the device are technical identifiers with no personal references, transmitted encrypted, solely to enable service operation and prevent abuse.

2.3 Data NOX does NOT process

For absolute clarity, NOX does not access, collect, process, store or transmit:

Name, surname, date of birth, address, email of the user
Phone number of the user
Contact list
Log of placed or received calls
SMS, MMS, messaging app content
GPS, cellular or Wi-Fi location
Advertising identifiers (Advertising ID, GAID)
Unique device identifiers (IMEI, Android ID, serial number)
Google account, social accounts, credentials
Biometric data (fingerprint, face, voice)
Usage data, behavioral analytics, event tracking
Audio recordings of calls

NOX does not request the READ_CONTACTS Android permission, does not request READ_CALL_LOG, does not request RECORD_AUDIO, and does not include any SDK for analytics, advertising, attribution, or behavioral tracking (no Firebase Analytics, no Google Analytics, no Facebook SDK, no AppsFlyer, no Mixpanel, no SaaS crash reporting).

3. Processing Purposes and Legal Bases

Processing of the technical data described in section 2.2 is carried out under the following legal bases pursuant to GDPR Art. 6:

Processing	Purpose	Legal basis
Spam list download	Performance of the service requested by the user installing the app	Art. 6.1.b — contract performance (terms accepted at first launch)
Anonymous device identifier	Service abuse prevention, rate limiting	Art. 6.1.f — legitimate interest of Controller
Play Integrity attestation	App integrity protection, fraud prevention	Art. 6.1.f — legitimate interest of Controller

No profiling (GDPR Art. 22), no automated decision-making with legal effects, no processing of special categories of data (GDPR Art. 9) is performed.

4. Data Retention

Given the absence of collected personal data, retention rules apply exclusively to technical data:

Anonymous device identifier: retained server-side for the duration of app installation. Upon uninstall, the identifier is deleted in the next automatic cleanup cycle (within 30 days).
Google integrity tokens: ephemeral. Used for real-time verification and not retained after validation (a few seconds).
Server technical logs: the application server retains minimal access logs (IP, timestamp, endpoint called) for 14 days for security purposes, under legitimate interest (GDPR Art. 6.1.f). IP addresses are processed as technical data and are not used to identify users, nor combined with other datasets for identification purposes. They are subsequently deleted.
Local data on device: remains as long as the app is installed. Uninstalling NOX deletes all local data.

5. Data Subject Rights

Pursuant to GDPR Articles 15-22, the user has the right to:

Access their personal data being processed (Art. 15)
Obtain rectification of inaccurate data (Art. 16)
Obtain erasure ("right to be forgotten", Art. 17)
Obtain restriction of processing (Art. 18)
Obtain data portability in structured format (Art. 20)
Object to processing based on legitimate interest (Art. 21)
Not be subjected to automated decisions (Art. 22)

To exercise these rights, the user may write to: privacy@noxcalls.app. The Controller commits to responding within 30 days of receipt, as per GDPR Art. 12.3.

Practical note: given NOX's technical architecture, complete deletion of any data related to the user can be achieved simply by uninstalling the app. The anonymous technical identifier associated with the device will cease to be used and will be deleted from systems in the next cleanup cycle.

6. Right to Lodge a Complaint

If the user believes that processing of their data violates GDPR, they have the right to lodge a complaint with the competent supervisory authority, pursuant to GDPR Art. 77. In Italy the competent authority is:

Garante per la Protezione dei Dati Personali (Italian DPA): Piazza Venezia 11, 00187 Rome, Italy; Email: garante@gpdp.it · PEC: protocollo@pec.gpdp.it; Website: www.gpdp.it

Users residing in other EU/EEA member states may alternatively contact their national supervisory authority.

7. Data Security

The Controller has adopted appropriate technical and organizational measures pursuant to GDPR Art. 32, including:

Encryption in transit: mandatory HTTPS/TLS 1.2+, with HSTS active on .app domain by construction
Certificate pinning: the app refuses connections to servers with certificates not matching the configured SPKI cryptographic pins, protecting against Man-in-the-Middle attacks even in case of compromised CAs
Encryption at rest on device: EncryptedSharedPreferences from Android Jetpack Security (AES-256-SIV + AES-256-GCM) for sensitive local data
App integrity attestation: continuous Google Play Integrity API
Code obfuscation: R8 full mode enabled on production builds
Permission minimization: only Android permissions strictly necessary for operation are requested

8. Minors

NOX is not intended for children under the age of 14 and does not knowingly collect data referable to minors. Given the absence of personal data collection, no age verification mechanisms are in place. If a parent/guardian believes data relating to a minor has been processed contrary to the above, they may contact the Controller at the address indicated in section 1.

9. Cookies and Web Tracking

The noxcalls.app website does not use cookies of any kind — neither technical cookies, nor analytics cookies, nor profiling cookies, nor tracking pixels, nor browser fingerprinting. No third-party analytics or advertising scripts are loaded (no Google Analytics, no Facebook Pixel, no Hotjar, no tag manager).

The site loads Google Fonts typography directly from Google servers (fonts.googleapis.com, fonts.gstatic.com). This loading involves an HTTP request to Google servers which, as with any standard web request, includes the visitor's IP address and browser user-agent. Google processes this information according to its own privacy policy, available at policies.google.com/privacy. No profiling data is shared by the site with Google beyond the technical font-loading request.

10. International Data Transfers

Pursuant to GDPR Articles 44-49, the Controller declares the following regarding international data transfers:

Recipient	Country	Transfer legal basis
Hetzner Online GmbH (backend)	Germany (EU)	Not applicable (intra-EU processing)
Cloudflare Inc. (DNS, landing page CDN)	USA (EU edge presence)	EU-U.S. Data Privacy Framework + SCC
Google LLC (Play Integrity API)	USA	EU-U.S. Data Privacy Framework + SCC

11. Changes to the Privacy Policy

The Controller reserves the right to update this Privacy Policy to reflect product changes, supervening regulatory obligations, or improvements in text clarity. Substantive changes will be communicated via in-app notification or update of the "Last updated" date at the top of the document. Users are invited to consult this page periodically.

12. Contacts

For any question regarding this Privacy Policy or the processing of personal data, users may contact the Controller at:

privacy@noxcalls.app: The Controller commits to responding to all communications within 30 days.