Proof of concept — demo environment, not production. No SLA, no emergency calling (no 911/112), data may be reset without notice. Calls will drop after ~50s as the app is in testing mode.
T9phone

Privacy Policy

How T9phone collects, uses, and protects your personal data. Last updated June 2, 2026.

T9phone is a proof-of-concept, encrypted calling service. This policy explains our handling of personal data under the EU General Data Protection Regulation (GDPR). For an exhaustive, field-by-field list of every value we store and everything we deliberately do not collect, see What we store.
Who we are

T9phone (“we”, “us”) operates the T9phone service portal and is the data controller for the personal data described in this policy. As this is a proof-of-concept project, we operate without a registered business address; you can reach us for any privacy matter at t9phone@protonmail.com.

What we collect and why

We collect the minimum data needed to operate the service:

  • Account data — email address, a bcrypt hash of your password, and your chosen nickname. Used to create your account, authenticate you, and route calls.
  • SIP credentials — a generated username and an encrypted password your phone uses to register with the calling server.
  • Group and membership data — the groups you belong to, your role, and a membership audit log.
  • Session data — a server-side session and an opaque cookie to keep you logged in.

We do not store call records, call audio, IP addresses, device fingerprints, location, or message content. See What we store for the full inventory.

Legal basis

We process your personal data on the following GDPR legal bases:

  • Performance of a contract (Art. 6(1)(b)) — account, SIP, and group data needed to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — security measures such as failed-login lockouts and short-lived verification/reset tokens.
  • Consent (Art. 6(1)(a)) — where you voluntarily provide optional information; you may withdraw consent at any time.
Service providers we share data with

We do not sell your data or share it for advertising. We rely on a small number of processors strictly to run the service:

  • Resend — sends transactional email (verification, password reset). Receives your email address.
  • Stripe — processes payments where billing is enabled. Stripe acts as an independent controller for payment data; we never see or store your full card details.
  • Hosting provider — runs our servers. May process transient access logs (including IP addresses) on our behalf.
  • TURN relay — forwards encrypted call media to traverse carrier NAT. It sees ciphertext only and cannot decrypt calls.
Call confidentiality

Calls are end-to-end encrypted (ZRTP), negotiated directly between the two phones. Our server handles SIP signalling only and is never in the audio path, so we cannot listen to, record, or decrypt any call — even if compelled to.

Retention

We keep account, SIP, and group data for as long as your account exists. Verification and password-reset tokens are deleted as soon as they are used or expire (24 hours and 1 hour respectively). Server-side sessions expire after 30 days of inactivity. When you delete your account, your personal data is erased immediately and irreversibly.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate data;
  • erase your data (“right to be forgotten”);
  • restrict or object to processing;
  • receive your data in a portable format;
  • lodge a complaint with your local data protection authority.

You can exercise erasure yourself from the Account page. For any other request, email t9phone@protonmail.com.

Cookies

We use a single, strictly necessary cookie to hold an opaque session identifier that keeps you logged in. We do not use analytics, advertising, or tracking cookies, so no cookie consent banner is required.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “last updated” date at the top of this page.