← Back to homepage

Privacy Policy

Controller: Funktsioon OÜ

Last updated: March 3, 2026

1. Scope

This Privacy Policy explains how Quldra processes personal data when you use Quldra mobile apps, APIs, and related services.

2. Data we collect

• Account/install data: install ID, hashed install fingerprint, hashed recovery seed, username.
• Optional profile/contact data: email, phone number, and updates opt-in preference.
• Messaging metadata: room/group IDs, sender install ID, client message ID, timestamps, delivery/read receipts, typed-byte usage counters, optional message tone, optional reply linkage.
• Encrypted message payloads: API-stored message text payloads are stored encrypted by the client.
• Media records: encrypted media blob uploads, media ID, file name, MIME type, byte size, and media URL/reference.
• Invites and group governance data: invite code, room mapping, optional hashed invite password, join-request status, group membership/roles.
• Push data: device push token, platform, push enabled/disabled state, and sender-detail preference.
• Billing/purchase data: store name, product ID, receipt/transaction reference, subscription status, expiry, top-up bytes, and coupon redemption records.
• Safety and support data: moderation reports and error reports you submit (including error message, context, app version, platform).

3. How we use data

• Provide account registration, install recovery, and username resolution.
• Operate direct/group messaging, invites, and join approvals.
• Store and deliver encrypted message/media payloads and message receipts.
• Run push notifications according to your preferences.
• Measure usage and enforce quota/token billing.
• Validate in-app purchases and maintain subscription status.
• Investigate abuse, security incidents, moderation reports, and service errors.
• Comply with legal obligations and enforce terms.

4. Security

Quldra uses on-device cryptographic controls, encrypted transport, and security measures designed to protect service data. You are responsible for maintaining device and credential security on your side.

5. Legal bases

Depending on your jurisdiction, we process data under one or more legal bases: contract performance (service delivery), legitimate interests (security, abuse prevention, service operations), legal obligation, and consent where required.

6. Data sharing

We do not sell personal data. We may share data with service providers that support hosting, object storage, push delivery, app-store billing validation, and payments. We may also disclose data when required by law, legal process, sanctions/export controls, or to protect users, rights, and service integrity.

7. International transfers

Data may be processed in multiple jurisdictions where our infrastructure and providers operate. Where required, we use contractual and organizational safeguards for cross-border transfers.

8. Retention

We retain data for as long as needed to operate the service, maintain billing and abuse-prevention records, and satisfy legal obligations. Different data categories may have different retention periods. Backups and logs may persist for a limited additional period.

9. Your choices and rights

• You can control optional profile/contact fields and push preferences in-app.
• You can leave groups/chats; local hidden/deleted chat states may be device-specific.
• Depending on applicable law, you may request access, correction, deletion, restriction, objection, portability, or complaint rights.

10. Children

Quldra is not intended for children under the age required by applicable law to consent to data processing for this type of service.

11. Changes to this Policy

We may update this Privacy Policy. Material changes will be reflected by updating the date above and, where appropriate, by additional notice.

12. Contact

Privacy inquiries and rights requests: privacy@quldra.com