Privacy Policy

1. Introduction

iRopit is a cross-platform device synchronization platform that enables users to sync SMS messages, call history, app notifications, and device-to-device chat between their Android mobile devices and Chrome browser. Our Services are designed with privacy and security as foundational principles, employing end-to-end encryption for sensitive data.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

We collect different types of information to provide and improve our Services. Below is a detailed breakdown of the information we collect:

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (stored securely via Firebase Authentication)
• Profile information (optional)

2.2 SMS Messages

Our core functionality involves syncing SMS messages between your devices. We collect:

• SMS message content (sender, body text, timestamps)
• Message read/unread status
• Conversation thread information

2.3 Call History

To provide call history synchronization, we collect:

• Phone numbers associated with calls
• Call type (incoming, outgoing, missed)
• Call duration
• Call timestamps
• Associated contact names (if available)

2.4 App Notifications

When you grant Notification Access permission, we collect notifications from your phone's apps:

• Application package name and app name (e.g., WhatsApp, Telegram)
• Notification title and text content
• Notification type and category
• Notification timestamp

2.5 Contacts

With your permission, we access contact information for display purposes:

• Contact names
• Phone numbers

Contact data is used solely to display contact names alongside SMS messages and call logs, making it easier to identify who is communicating with you. Contact data is not shared with any third parties.

2.6 Device Information

We collect device information for multi-device management:

• Device model and manufacturer
• Operating system and version
• Platform type (Android, Chrome)
• Device identifier (generated by iRopit, not hardware ID)
• Online/offline status
• Firebase Cloud Messaging (FCM) token for push notifications

2.7 Usage Data & Preferences

• Theme preference (dark/light mode)
• Language preference (English/Arabic)
• Notification preferences (sound, vibration, do not disturb)
• Sync settings (auto-sync, Wi-Fi only, sync interval)
• Onboarding completion status

3. How We Collect Information

3.1 Directly from You

We collect information you provide when creating an account, configuring settings, or contacting our support team.

3.2 Automatically via Android App

The iRopit Android app collects data automatically through:

• Notification Listener Service (Android): This is the primary method used to capture incoming SMS and app notifications. The service runs in the background and detects new notifications as they arrive on your device. This approach is used instead of direct SMS/Call Log API access, in compliance with Google Play policies.
• SMS Permission: The SEND_SMS permission is used exclusively to enable the "Send SMS from Browser" feature, which allows you to compose and send SMS messages from the Chrome Extension through your phone.
• Read SMS Permission: The READ_SMS and RECEIVE_SMS permissions are used as a fallback to read incoming SMS content when notification access doesn't capture the full message text.

3.3 Via Chrome Extension

The Chrome Extension collects data through Firebase real-time listeners and periodic background sync using Chrome Alarms API. The extension reads synchronized data from Firebase to display on your desktop and sends SMS requests back to your phone when you compose messages from the browser.

4. Purpose of Data Collection

We use the information we collect for the following purposes:

5. Data Storage & Security

5.1 Cloud Storage

Your data is stored securely using Google Firebase infrastructure, which provides enterprise-grade security:

• Firebase Authentication — Secure user authentication with email/password and Google Sign-In
• Cloud Firestore — Real-time synchronized database with security rules
• Firebase Cloud Storage — Encrypted file storage for chat attachments
• Firebase Cloud Functions — Server-side processing with access controls

5.2 Encryption

5.3 Local Storage

Certain data is stored locally on your device for performance and offline access, including authentication tokens (stored securely), user preferences, device identifiers, and cached data. Local data is stored using secure storage mechanisms provided by the operating system.

5.4 Security Measures

• SSL/TLS encryption for all data in transit
• Firebase Security Rules restricting data access to authorized users only
• Secure authentication with session management
• Optional biometric lock (fingerprint/face recognition) for app access
• Regular security audits and updates

6. Data Sharing & Disclosure

We may share information only in the following limited circumstances:

6.1 Between Your Own Devices

The primary purpose of iRopit is to sync data between your own registered devices. Data is shared only between devices authenticated with your account credentials.

6.2 Service Providers (Data Processors)

We use the following third-party services as data processors:

• Google Firebase — Cloud infrastructure, authentication, database, storage, and messaging. Google's privacy policy applies: https://policies.google.com/privacy
• Firebase Cloud Messaging (FCM) — For delivering push notifications to your devices.

6.3 Legal Requirements

We may disclose your information when required to do so by law, in response to valid legal processes (such as a court order or subpoena), or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

7. Permissions Explained

iRopit requires certain permissions to function. Here is a detailed explanation of each permission and why it is needed:

Chrome Extension Permissions

8. Your Rights

You have the following rights regarding your personal data:

To exercise any of these rights, please contact us at privacy@iropit.com or iropitapp@gmail.com. We will respond to your request within 30 days.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Services. Specifically:

• Account data — Retained until you delete your account
• SMS and call data — Retained as long as your account is active; you can delete individual items at any time
• Chat messages and files — Retained until deleted by the user or account deletion
• Device information — Removed when you unregister a device or delete your account
• Usage preferences — Retained with your account; reset on account deletion

When you delete your account, all associated data is permanently removed from our servers within 30 days, except where retention is required by law.

10. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information. If you believe that your child has provided us with personal information, please contact us at privacy@iropit.com.

11. Third-Party Services

iRopit uses the following third-party services:

These third-party services have their own privacy policies. We recommend reviewing their privacy policies to understand how they handle your data.

12. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, as Firebase servers are located globally. We ensure that appropriate safeguards are in place for such transfers, relying on Google's compliance with applicable data protection regulations including GDPR Standard Contractual Clauses where applicable.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will notify you through in-app notifications or email. We encourage you to review this Privacy Policy periodically for any changes.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your CCPA rights

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). The legal bases for processing your data include:

• Consent: You provide consent for data processing when you create an account and grant permissions
• Contractual necessity: Processing is necessary to provide the Services you requested
• Legitimate interests: Processing for security, fraud prevention, and service improvement

You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

16. Contact Us

If you have any questions about this Privacy Policy, your data, or our privacy practices, please contact us: