Mike/Kordant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

significant android work

Browse Source
This commit is contained in:
Michael Freno
2026-06-02 00:04:30 -04:00
parent 542172d1e8
commit 6c4d77bbec
53 changed files with 5182 additions and 587 deletions
Download Patch File Download Diff File Expand all files Collapse all files

297
web/src/routes/privacy.tsx
View File

@@ -4,63 +4,260 @@ export function PrivacyPolicy() {
return (
<div class="max-w-4xl mx-auto px-4 py-12">
<h1 class="text-4xl font-bold mb-8">Privacy Policy</h1>
<p class="text-gray-600 mb-8">Last updated: {new Date().toLocaleDateString()}</p>
<p class="text-gray-600 mb-8">Last updated: June 1, 2026</p>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">1. Information We Collect</h2>
<h2 class="text-2xl font-semibold mb-4">1. Introduction</h2>
<p class="mb-4">
We collect information you provide directly, such as when you create an account, update your profile, or contact us.
Kordant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains
how we collect, use, disclose, and safeguard your information when you use our mobile application
(Kordant for Android and iOS) and website (kordant.com), collectively referred to as the "Service."
</p>
<p class="mb-4">
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use
of your information in accordance with this policy. If you do not agree with any part of this policy,
please do not use the Service.
</p>
<p class="mb-4">
This policy complies with the <strong>General Data Protection Regulation (GDPR)</strong>,
<strong>California Consumer Privacy Act (CCPA)</strong>, and Google Play's Data Safety requirements.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">2. Information We Collect</h2>
<p class="mb-4">
We collect information you provide directly, information automatically collected when you use the Service,
and information from third-party sources.
</p>
<h3 class="text-xl font-semibold mt-6 mb-3">2.1 Information You Provide Directly</h3>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Account Information:</strong> Name, email address, password, and phone number when you create an account, update your profile, or sign in via Google.</li>
<li><strong>Payment Information:</strong> When you subscribe or make purchases, payment processing is handled securely by Stripe. We do not store credit card numbers on our servers.</li>
<li><strong>Profile Content:</strong> Avatar images, display name, and other profile customization data.</li>
<li><strong>Voice Recordings:</strong> Audio recordings you voluntarily capture for the VoicePrint feature, used to create a voice fingerprint for caller identification. Recordings are processed and stored securely.</li>
<li><strong>Watchlist Data:</strong> Personal information you choose to monitor for exposure (email addresses, phone numbers, or other identifiers).</li>
<li><strong>Property Information:</strong> Property addresses and related information you add for title monitoring and data broker removal services.</li>
<li><strong>Spam Reports:</strong> Phone numbers you report as spam or block for community protection.</li>
<li><strong>Communications:</strong> Information you provide when contacting support or communicating with us.</li>
</ul>
<h3 class="text-xl font-semibold mt-6 mb-3">2.2 Information Collected Automatically</h3>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Device Information:</strong> Device model, operating system version, app version, device locale/language, and unique device identifiers (FCM token for notifications).</li>
<li><strong>Usage Data:</strong> App interactions, feature usage, API requests, startup timing, and navigation patterns to improve our service.</li>
<li><strong>Call Data (Android only):</strong> Incoming phone numbers are checked against our spam database for call screening purposes. Phone numbers are hashed (SHA-256) before storage in the local database. Anonymized call screening logs are maintained for 7 days.</li>
<li><strong>Crash Data:</strong> Crash reports, ANR traces, and performance diagnostics collected via Firebase Crashlytics.</li>
<li><strong>Notification Preferences:</strong> Your opt-in/opt-out choices for different notification types (security alerts, marketing, system notifications).</li>
</ul>
<h3 class="text-xl font-semibold mt-6 mb-3">2.3 Information from Third-Party Sources</h3>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Google Sign-In:</strong> When you authenticate via Google, we receive your name, email address, and profile picture as authorized by your Google account.</li>
<li><strong>Data Brokers:</strong> We may collect publicly available information from data broker websites as part of our DarkWatch monitoring service, which is initiated by your search terms or watchlist items.</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">3. How We Use Your Information</h2>
<p class="mb-4">We use the collected information for the following purposes:</p>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Provide and Maintain the Service:</strong> To operate our platform, authenticate users, process requests, and deliver features like call screening, dark web monitoring, and exposure alerts.</li>
<li><strong>Personalization:</strong> To customize your experience, remember your preferences (theme, notification settings), and surface relevant alerts.</li>
<li><strong>Security and Fraud Prevention:</strong> To detect root access, tampering, and unauthorized access; to screen incoming calls for spam and scams; and to protect the integrity of our service.</li>
<li><strong>Communications:</strong> To send you security alerts, exposure warnings, scan results, account notifications, and (with your consent) marketing communications.</li>
<li><strong>Analytics and Improvements:</strong> To analyze usage patterns, diagnose crashes, measure performance, and improve the Service.</li>
<li><strong>Compliance:</strong> To comply with legal obligations, enforce our terms of service, and respond to lawful requests.</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">4. Third-Party Services</h2>
<p class="mb-4">We use the following third-party services that may process your data:</p>
<div class="overflow-x-auto">
<table class="w-full border-collapse border border-gray-300 mb-4">
<thead>
<tr class="bg-gray-100">
<th class="border border-gray-300 px-4 py-2 text-left">Service</th>
<th class="border border-gray-300 px-4 py-2 text-left">Purpose</th>
<th class="border border-gray-300 px-4 py-2 text-left">Data Shared</th>
</tr>
</thead>
<tbody>
<tr>
<td class="border border-gray-300 px-4 py-2">Firebase Crashlytics</td>
<td class="border border-gray-300 px-4 py-2">Crash reporting and analytics</td>
<td class="border border-gray-300 px-4 py-2">Crash logs, device info, app version</td>
</tr>
<tr>
<td class="border border-gray-300 px-4 py-2">Firebase Cloud Messaging</td>
<td class="border border-gray-300 px-4 py-2">Push notifications</td>
<td class="border border-gray-300 px-4 py-2">Device token, notification delivery data</td>
</tr>
<tr>
<td class="border border-gray-300 px-4 py-2">Google Sign-In</td>
<td class="border border-gray-300 px-4 py-2">Authentication</td>
<td class="border border-gray-300 px-4 py-2">Name, email, profile picture</td>
</tr>
<tr>
<td class="border border-gray-300 px-4 py-2">Stripe</td>
<td class="border border-gray-300 px-4 py-2">Payment processing</td>
<td class="border border-gray-300 px-4 py-2">Payment card data (processed by Stripe, not stored by us)</td>
</tr>
<tr>
<td class="border border-gray-300 px-4 py-2">Clerk</td>
<td class="border border-gray-300 px-4 py-2">Web authentication</td>
<td class="border border-gray-300 px-4 py-2">Name, email, authentication data</td>
</tr>
<tr>
<td class="border border-gray-300 px-4 py-2">Resend</td>
<td class="border border-gray-300 px-4 py-2">Email delivery</td>
<td class="border border-gray-300 px-4 py-2">Email address</td>
</tr>
<tr>
<td class="border border-gray-300 px-4 py-2">Twilio</td>
<td class="border border-gray-300 px-4 py-2">SMS notifications</td>
<td class="border border-gray-300 px-4 py-2">Phone number</td>
</tr>
</tbody>
</table>
</div>
<p>
Each third-party service has its own privacy policy governing the use of your data.
We do not sell your personal information to any third party.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">5. Data Storage and Security</h2>
<h3 class="text-xl font-semibold mt-6 mb-3">5.1 Encryption in Transit</h3>
<p class="mb-4">
All data transmitted between our mobile and web applications and our servers is encrypted using
<strong>TLS 1.2 or higher</strong>. Our Android app enforces certificate pinning for an additional
layer of security against man-in-the-middle attacks.
</p>
<h3 class="text-xl font-semibold mt-6 mb-3">5.2 Encryption at Rest</h3>
<p class="mb-4">
On Android, sensitive data including authentication tokens and cached user profiles are encrypted
using <strong>AES-256-GCM</strong> via Android's EncryptedSharedPreferences, with the master key
stored in the hardware-backed Android Keystore. Phone numbers in the local spam database are
<strong>SHA-256 hashed</strong> before storage.
</p>
<h3 class="text-xl font-semibold mt-6 mb-3">5.3 Server-Side Security</h3>
<p class="mb-4">
Data stored on our servers is encrypted at rest using industry-standard encryption.
We implement strict access controls, regular security audits, and follow security best practices
to protect your data.
</p>
<h3 class="text-xl font-semibold mt-6 mb-3">5.4 Security Features</h3>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Root Detection:</strong> Our Android app detects compromised devices and restricts sensitive features.</li>
<li><strong>Certificate Pinning:</strong> The Android app validates server certificates against known pins to prevent MITM attacks.</li>
<li><strong>Secure Deletion:</strong> Sensitive data is overwritten before removal to prevent forensic recovery.</li>
<li><strong>Log Sanitization:</strong> Authentication tokens, passwords, phone numbers, and email addresses are redacted from all logs.</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">6. Data Retention</h2>
<p class="mb-4">We retain your data for the following periods:</p>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Account data:</strong> Retained for as long as your account is active.</li>
<li><strong>Authentication tokens:</strong> Retained until logout or token expiration.</li>
<li><strong>Call screening logs (local):</strong> Anonymized logs retained for 7 days.</li>
<li><strong>Voice recordings:</strong> Retained until you delete your enrollment or account.</li>
<li><strong>Crash data:</strong> Retained per Firebase Crashlytics retention policy.</li>
<li><strong>Usage analytics:</strong> Retained in aggregated form for service improvement.</li>
<li><strong>Backup data:</strong> Retained for up to 90 days after account deletion for legal compliance.</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">7. Your Rights and Choices</h2>
<p class="mb-4">Depending on your jurisdiction, you have the following rights:</p>
<ul class="list-disc pl-6 space-y-2">
<li><strong>Access:</strong> Request a copy of the personal data we hold about you.</li>
<li><strong>Rectification:</strong> Request correction of inaccurate or incomplete data.</li>
<li><strong>Deletion (Right to be Forgotten):</strong> Request deletion of your personal data. This can be done in-app via Settings Delete Account, or by emailing privacy@kordant.com.</li>
<li><strong>Data Portability:</strong> Request your data in a machine-readable format.</li>
<li><strong>Opt-Out of Marketing:</strong> Unsubscribe from marketing communications at any time via notification settings or by replying "STOP" to SMS messages.</li>
<li><strong>Withdraw Consent:</strong> Withdraw consent for data processing at any time (e.g., disable VoicePrint, turn off call screening).</li>
<li><strong>Non-Discrimination:</strong> We will not discriminate against you for exercising any of your privacy rights.</li>
</ul>
<p class="mt-4">
To exercise any of these rights, contact us at <a href="mailto:privacy@kordant.com" class="text-blue-600 hover:underline">privacy@kordant.com</a>.
We will respond within 30 days as required by applicable law.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">8. California Privacy Rights (CCPA)</h2>
<p class="mb-4">
Under the California Consumer Privacy Act (CCPA), California residents have additional rights:
</p>
<ul class="list-disc pl-6 space-y-2">
<li>Account information (name, email, password)</li>
<li>Payment information (processed securely via Stripe)</li>
<li>Usage data and analytics</li>
<li>Device and browser information</li>
<li><strong>Right to Know:</strong> Request disclosure of categories and specific pieces of personal information collected.</li>
<li><strong>Right to Delete:</strong> Request deletion of personal information collected.</li>
<li><strong>Right to Opt-Out:</strong> We do not sell personal information. If this changes, we will update this policy.</li>
<li><strong>Right to Non-Discrimination:</strong> We will not deny service or charge different rates for exercising CCPA rights.</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">2. How We Use Your Information</h2>
<ul class="list-disc pl-6 space-y-2">
<li>Provide and maintain our services</li>
<li>Process your transactions</li>
<li>Send you notifications and updates</li>
<li>Improve our products and services</li>
<li>Comply with legal obligations</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">3. Third-Party Services</h2>
<p class="mb-4">We use the following third-party services:</p>
<ul class="list-disc pl-6 space-y-2">
<li>Clerk - Authentication and user management</li>
<li>Stripe - Payment processing</li>
<li>Resend - Email delivery</li>
<li>Twilio - SMS notifications</li>
<li>Firebase - Push notifications</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">4. Your Rights</h2>
<p class="mb-4">Under GDPR and CCPA, you have the right to:</p>
<ul class="list-disc pl-6 space-y-2">
<li>Access your personal data</li>
<li>Rectify inaccurate data</li>
<li>Request deletion of your data</li>
<li>Export your data in a machine-readable format</li>
<li>Opt-out of marketing communications</li>
</ul>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">5. Contact Us</h2>
<p>
For privacy inquiries, contact us at{" "}
<a href="mailto:privacy@kordant.com" class="text-blue-600 hover:underline">
privacy@kordant.com
</a>
To exercise your CCPA rights, contact us at <a href="mailto:privacy@kordant.com" class="text-blue-600 hover:underline">privacy@kordant.com</a>.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">9. Children's Privacy</h2>
<p class="mb-4">
Our Service is not intended for children under the age of 13 (or 16 in the European Economic Area).
We do not knowingly collect personal information from children. If we learn that we have collected
personal information from a child without appropriate consent, we will delete that information promptly.
If you believe a child has provided us with personal data, please contact us.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">10. International Data Transfers</h2>
<p class="mb-4">
Your information may be transferred to and processed in countries other than your own.
We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs)
and other GDPR-compliant transfer mechanisms when transferring data from the European
Economic Area (EEA) to countries outside the EEA.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">11. Changes to This Privacy Policy</h2>
<p class="mb-4">
We may update this Privacy Policy from time to time. We will notify you of material changes
by posting the new policy on this page and updating the "Last updated" date. For significant
changes, we may also provide in-app notification or email notice.
</p>
<p>
We encourage you to review this Privacy Policy periodically for any changes.
Your continued use of the Service after the posting of changes constitutes your acceptance
of such changes.
</p>
</section>
<section class="mb-8">
<h2 class="text-2xl font-semibold mb-4">12. Contact Us</h2>
<p class="mb-4">
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices,
please contact us:
</p>
<ul class="list-disc pl-6 space-y-2">
<li>Email: <a href="mailto:privacy@kordant.com" class="text-blue-600 hover:underline">privacy@kordant.com</a></li>
<li>Website: <a href="https://kordant.com/contact" class="text-blue-600 hover:underline">kordant.com/contact</a></li>
<li>Data Protection Officer: dpo@kordant.com</li>
</ul>
<p class="mt-4">
We will acknowledge receipt of your request within 5 business days and respond within 30 days.
</p>
</section>
</div>