Legal

Privacy Policy

Effective date: April 2, 2026

StrayTech AI ("we", "us", or "our") operates the website straytech.ai and the Callisto mobile application (together, the "Services"). We are committed to the highest standards of privacy protection. This policy describes what information we collect, why we collect it, and your rights regarding that information. We comply fully with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and all other applicable privacy frameworks — and where those frameworks differ, we apply the stricter standard.

1. Our Core Commitment

We do not collect analytics, track usage behavior, run advertising, or sell, share, or rent your personal information to any third party — ever. We have no interest in building profiles about our users or visitors, and we have deliberately architected our Services to avoid doing so.

2. Information Collected via Our Website

We collect only what is strictly necessary to operate the website:

  • Information you provide directly. When you contact us by email or submit a GitHub issue, we receive the content of that communication and any contact details you choose to include (e.g. your email address or GitHub username). We use this solely to respond to you.
  • Standard server logs. Our web server records basic request metadata (IP address, browser type, page requested, timestamp) as a normal function of serving web traffic. These logs are used only for security and operational purposes and are not processed for analytics or advertising. Logs are retained for no longer than 30 days and are then automatically deleted.

We do not use cookies, tracking pixels, fingerprinting, third-party analytics (e.g. Google Analytics), social media widgets, or any other tracking technology on this website.

3. Information Collected by the Callisto Mobile Application

Callisto is a VoIP and messaging client for VoIP.ms. It stores data on your device and communicates only with VoIP.ms servers. No data is sent to StrayTech AI or any other third party.

  • Account credentials. Your VoIP.ms API credentials (email and password) and SIP credentials (username and password) are stored exclusively on your device, encrypted with AES-256-GCM using keys held in the Android Keystore. Credentials are never transmitted anywhere other than directly to VoIP.ms for authentication.
  • Messages. SMS and MMS message content is synced from the VoIP.ms API and stored in an encrypted local database (SQLCipher). Messages are not sent to or accessible by StrayTech AI.
  • Contacts. If you grant the READ_CONTACTS permission, the app reads contact names, phone numbers, and photo URIs from your device to display caller ID and resolve names in conversations. This data is cached locally and never transmitted off your device.
  • Microphone audio. The app requests RECORD_AUDIO permission to place and receive VoIP phone calls. Audio is transmitted in real time to the call recipient via SIP. Audio is not recorded, stored, or sent to any server other than the SIP call path.
  • Phone number (DID). Your selected VoIP.ms phone number is stored on-device in encrypted preferences.
  • Voicemail. Voicemail audio and transcriptions are fetched from VoIP.ms and optionally cached locally. They are not shared with any third party.
  • Call history. Call records are stored locally on your device. They are not transmitted to StrayTech AI or any third party.

The app contains no analytics SDKs, crash reporting services, advertising frameworks, or any code that reports usage data to StrayTech AI or third parties.

4. Third-Party Services

The Callisto app communicates exclusively with VoIP.ms (voip.ms/api/) using your own account credentials. Your use of VoIP.ms is governed by their own terms and privacy policy. We have no access to your VoIP.ms account or the data exchanged between the app and VoIP.ms.

Our GitHub issues repository is operated by GitHub, Inc. Information you submit there is subject to GitHub's privacy policy.

5. How We Use Information

We use the limited information we collect only to:

  • Respond to your support requests or inquiries
  • Operate the app's features on your device (credentials, messages, contacts, calls)
  • Operate, maintain, and secure our Services
  • Comply with legal obligations

We do not use your information for marketing, profiling, or any automated decision-making.

6. Legal Bases for Processing (GDPR)

For visitors in the European Economic Area (EEA) and United Kingdom, we process personal data only under the following lawful bases:

  • Legitimate interests — operating and securing our Services (server logs)
  • Contract performance — responding to your direct communications
  • Legal obligation — where required by applicable law

We do not process personal data on the basis of consent because we do not collect data that requires it.

7. Data Sharing

We do not sell, rent, trade, or share your personal information with any third party for commercial purposes. The only circumstances under which information may be disclosed are:

  • To comply with a valid legal obligation, court order, or governmental request
  • To protect the rights, property, or safety of StrayTech AI, our users, or the public

8. Data Storage and Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. We apply the principle of least privilege throughout our infrastructure.

Website. Served exclusively over TLS (HTTPS). Server logs are retained for 30 days. Correspondence is retained as long as needed to resolve your inquiry and for a reasonable period thereafter.

Callisto app. All sensitive data on your device is encrypted:

  • Credentials — AES-256-GCM with the Android Keystore
  • Database — SQLCipher with a Keystore-protected passphrase
  • Communication with VoIP.ms — TLS encryption
  • Android backup is disabled (allowBackup="false") to prevent credential exposure

9. Data Deletion

Website. You may request deletion of any correspondence by contacting us. You may also request earlier deletion of server log entries at any time (see Your Rights, below).

Callisto app. You can delete all local data at any time by logging out within the app (Settings > Logout) or by uninstalling the app. Individual messages and voicemails can be deleted within the app.

10. Your Rights

Depending on your jurisdiction, you have some or all of the following rights regarding your personal data. We honor these rights for all users, regardless of location:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restriction — request that we limit how we process your data
  • Right to object — object to processing based on legitimate interests
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to opt out of sale (CCPA) — we do not sell personal information; this right is automatically honored
  • Right to non-discrimination (CCPA) — exercising your rights will never affect the service you receive

To exercise any of these rights, contact us at support@straytech.ai. We will respond within 30 days (or sooner as required by applicable law). We will never require you to create an account to exercise a privacy right.

11. Children's Privacy

Our Services are not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently done so, contact us immediately and we will delete it.

12. Changes to This Policy

If we make material changes to this policy, we will update the effective date at the top of this page. We will not retroactively weaken the privacy protections described here without explicit notice.

13. Contact

Questions, concerns, or rights requests related to this policy should be sent to:
support@straytech.ai
or filed via our GitHub issues page.