Eyecon Privacy Policy
Effective date: 2026-07-06
Eyecon Global Ltd is operated by Instabridge Sweden AB. For the purposes of this Privacy Policy, “Eyecon”, “Eyecon Caller ID & Spam Block”, “Eyecon VPN”, “Eyecon Global Ltd”, “Instabridge”, “we”, “us”, or “our” refers to Instabridge Sweden AB, company reg. no. 559246-0538, and its subsidiaries, representatives, and affiliates including, our websites, applications, and other offerings that link to this Privacy Policy or otherwise make it available to you. We are the data controller of the personal data that we collect from you when using the Services, except if explicitly stated otherwise in this policy.
Please read this Privacy Policy carefully. This document contains a policy statement regarding our collection, use and processing of personal data, with whom we may share your personal data and your rights in relation to your personal data. It also tells you what to expect when we collect and use personal data about you that you share with us when using our Services.
Eyecon Global Ltd. respects the privacy of users of our mobile applications and related services (the “Apps” or “Services”) and is committed to protecting the personal data we process about you. This Privacy Policy provides comprehensive disclosure of potential scenarios in which personal data may be collected, used, or shared. This is intended to ensure transparency and to cover all relevant circumstances. We nonetheless make every effort to minimise the collection and use of personal data, and we rely on aggregate and/or de-identified data wherever possible.
This Privacy Policy explains:
- what personal data we collect;
- why and how we use it;
- with whom we share it;
- how long we keep it; and
- which rights and choices you have.
By installing, accessing or using the Apps, Websites or our Services, you acknowledge that you have read this Privacy Policy.
This Privacy Policy is intended to describe our privacy practices globally. It also includes additional information required under specific privacy laws, including the the EU/EEA General Data Protection Regulation (GDPR)/UK GDPR, Israeli Protection of Privacy Law, 5741-1981 (the “PPL”), including Amendment No. 13 and the Privacy Protection (Data Security) Regulations, 5777-2017, the California Consumer Privacy Act (“CCPA”), and other U.S. state or local privacy laws where applicable. Not all rights and legal bases described in this Policy apply to every user. Your rights and our obligations depend on where you are located, where the relevant processing takes place, and which laws apply to that processing.
If you provide us with personal information about someone else, you hereby confirm that they are aware that you have provided their personal information to us, and that they consent to our use of their personal information according to this Privacy Policy.
Please note that this notice does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you may interact with, in or through Eyecon. We will not be responsible or liable for: (i) the availability or accuracy of such third-party apps or sites (ii) the content, products or services on or availability of such third party apps or sites; or (iii) your use of any such third party apps or sites.
We may update the Privacy Policy from time to time by posting a new version on eyecon-app.com with an updated date (the “Effective Date”). Your continued use of the Services after the Effective Date will be an acknowledgement of your acceptance of the amended Private Policy and our updated practices. If we make material changes to our privacy policy, we will notify you and ask you to confirm your consent.
If there is any difference between the English version and any other language version of this Privacy Policy, the English version will apply (to the extent permitted by applicable law or regulation).
1. Who we are
The data controller and database owner for the processing described in this Privacy Policy is:
Instabridge Sweden AB
Email: support@eyecon-app.com
Eyecon Global Ltd. is a subsidiary of Instabridge Sweden AB, reg. no. 559246-0538, Sweden (the “Instabridge Group”). Certain processing operations (for example, shared infrastructure, analytics or support) may also involve other Instabridge Group entities as controllers or processors.
We have appointed an external Privacy Protection Officer / Data Protection Officer (“PPO/DPO”) responsible for monitoring compliance with applicable privacy laws, and acting as our contact with supervisory authorities:
ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer, Burchardstraße 14, 20095 Hamburg
Email: privacy@instabridge.com
Subject line: “For the attention of the Data Protection Officer”
If you have any questions or concerns regarding your data, please contact privacy@instabridge.com. If you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive concern), please contact them by post, as communication by email may pose security risks. Please indicate in your request that your concern relates to Instabridge Sweden AB and Eyecon.
2. Scope and relationship to other documents
This Privacy Policy applies to:
- your use of the Eyecon Apps, including Eyecon Caller ID & Spam Block and Eyecon VPN, on Android, iOS and any other platforms we support;
- your use of the Websites eyecon-app.com and eyecon-vpn.com ; and
- any other services that link to this Privacy Policy.
It does not apply to:
- third-party apps, websites or services that you access through the App; or
- other Instabridge Group products that have separate privacy notices.
Your use of the App is also governed by our End User Licence Agreement (EULA). This Privacy Policy supplements and forms part of the EULA.
Not all features described in this Privacy Policy are available in every Eyecon App. The personal data we collect and process depends on which App you use, which features are available in that App, and which permissions or settings you enable. For example, Eyecon Caller ID & Spam Block includes caller ID, dialer, spam detection, contact and call-related features, but does not provide the VPN feature unless expressly stated. Eyecon VPN includes VPN connectivity and related account, device, analytics, support, advertising and subscription features, but does not provide caller ID, dialer, call-log, SMS, address book enrichment, spam-labelling, or notification-ID features unless expressly stated in that App.
3. Why we process personal data
We process personal information only where we have a lawful basis under applicable data protection laws. The legal basis we rely on depends on the type of information and the context in which we collect and use it. Where GDPR, UK GDPR, or a similar law requiring a legal basis applies, we rely on the legal bases described below. In other jurisdictions, we process personal information for the purposes described in this Policy and in accordance with applicable law, your choices, and any consent or permissions required for the relevant feature. In general, we process personal information only:
- where we need it to perform a contract with you;
- where it is in our legitimate interests and those interests are not overridden by your data protection interests or fundamental rights and freedoms;
- where we have your consent;
- where we must comply with a legal obligation; and, in limited cases,
- where processing is necessary to protect vital interests (yours or someone else’s).
3.1 Performance of a contract
We process your personal information where this is necessary to:
- provide and operate the App and its core features (such as caller ID, spam detection, dialer and contact tools);
- maintain your account and profile;
- communicate with you about your purchases, subscriptions, or account (where applicable);
- provide customer support and respond to your requests.
3.2 Legitimate interests
We process personal information where necessary to pursue legitimate interests of Eyecon, the Instabridge Group, or our users, and where these interests are not overridden by your rights and interests. Our legitimate interests include, for example:
- developing, managing, delivering, maintaining, and improving the App, its features, and user experience;
- running basic analytics and usage statistics to understand how the App is used and how it performs;
- fraud detection and prevention, and preventing abuse, spam, and misuse;
- ensuring the security, integrity, and performance of our networks and systems;
- general corporate operations (such as internal administration, reporting, audits, and business continuity);
- communicating with you about your customer service requests or operational messages (for example, service notices);
- defending our legal rights and handling claims; and
- where applicable, supporting compliance with certain foreign or cross-border requirements related to our operations.
We perform balancing tests where required to ensure that our interests do not override your fundamental rights and freedoms.
3.3 Consent
In some cases we rely on your consent. This is particularly relevant for:
- accessing your device contacts and certain call/SMS permissions (where required by your device or applicable law);
- using or sharing identifiers and events with third-party partners for personalised/behavioural advertising (for example, ads targeted based on your online behaviour or other personal information collected by us or third parties); and
- some advanced analytics activities where consent is required;
- sending certain forms of direct marketing (such as SMS or email promotions), where required by law.
Where we rely on consent:
- we will request it explicitly (for example, using in-App screens, consent banners, or system permission prompts);
- you may withdraw it at any time via the App settings or by contacting us;
- withdrawal will not affect processing carried out before it, but may limit your ability to use some features (for example personalised ads or certain contact features).
3.4 Legal obligations
We may process and retain your personal information where this is necessary to comply with legal obligations under applicable laws, for example:
- tax and accounting rules;
- communications or consumer laws (including anti-spam rules);
- obligations to respond to lawful requests from authorities and courts.
3.5 Vital interests
In limited circumstances, we may process personal information where this is necessary to protect vital interests—your interests or those of another person—for example in connection with an emergency or serious threat to safety.
4. What data we collect
We distinguish between non-personal data and personal data:
- Non-personal data is information that does not identify an individual and cannot reasonably be used to do so (for example, aggregated statistics).
- Personal data is information that identifies you or can reasonably be linked to you, or that relates to an identifiable individual (including your contacts and callers).
When non-personal data is combined with personal data, we treat it as personal data.
4.1 Data you provide to us
Account and profile data
When you install and use the App/Services and/or create a user account, we may collect and process:
- name and username/handle;
- email address and phone number;
- password (or other account credentials you create);
- profile photo or avatar;
- language, region, time zone, and other preferences you choose.
Third-party login data (e.g., Google/Facebook)
If you choose to sign in using a third-party account, you give us permission to receive authentication and account information from that provider, such as your username, email address, and encrypted access credentials (e.g., tokens). Depending on your settings with the third-party provider, we may also receive additional profile information available through that account (for example country and hometown, date of birth, and networks).
Contact and address book data – specific to Eyecon Caller ID & Spam Block
With your explicit permission, we access your device address book to provide features such as caller ID, reverse lookup, contact management, and related tools. This may include:
- contact names, nicknames, labels, and groups;
- phone numbers;
- photos stored with contacts;
- notes or other contact metadata you store.
Communications and content you choose to share
You may provide personal data when you:
- contact us (for example via email or in-App support) for customer or technical support;
- use sharing features (such as “invite a friend,” “share this page,” or similar features), where available;
- participate in offers, contests, or special events;
- subscribe to newsletters or sign up to hear about current or upcoming products (where offered);
- complete surveys offered by us or on our behalf.
In these cases, we may process:
- your contact details;
- the content of your message and any attachments;
- any technical or diagnostic information you choose to share;
- responses you provide (for example survey answers) and related participation details.
Transaction information
Where you make purchases or payments (for example subscriptions or in-app purchases), we may process transaction-related information such as purchase history and payment or billing details (as applicable, and often via our payment providers/app stores).
Biographic and demographic data
Depending on how you use the Services and what you choose to provide (including via third-party login), we may process biographic or demographic information such as date of birth and gender.
4.2 Data we collect (or generate) from your device and your use of the Services
When you access or use the Services, we collect personal data from and about you and the device(s) you use. Depending on your device, operating system, and settings (including permissions you grant), this may include:
Identifiers and network information
- IP address;
- unique device identifiers and advertising identifiers;
- installation identifiers and similar direct/indirect identifiers;
- SIM-related identifiers (for example carrier information and, where available, SIM/eSIM-related identifiers);
- network information and performance data (for example signal level and connectivity diagnostics).
Device and technical data
- device model, hardware, and operating system version/firmware;
- mobile carrier, preferred languages, browser type and version (where relevant), and Internet service provider;
- mobile network information;
- applications installed on your device and default communication/browsing apps (where accessible and permitted by the platform);
- App version, configuration, logs, diagnostic data, and related metadata;
- error, crash, and performance data.
Interaction data
- clickstream-style interaction data within the Services (for example screens viewed, taps/clicks, scrolls, navigation flows);
- searches (including reverse lookups) and other in-App actions;
- feature usage frequency and timing;
- settings and preferences selected in the App/Services.
Location data
- approximate location inferred from IP address (for example country or region); and/or
- precise location derived from GPS or similar signals only if you enable location features and grant the relevant device permissions.
In-app purchase information
- information associated with in-app purchases (for example purchase events and entitlements), typically received via the app store/payment platform.
Inferences
- inferences drawn from the personal data we collect to better understand your preferences and improve the Services (for example suggesting relevant features or improving usability).
Data from connected third-party channels
If you connect your account to a third-party application, we may receive similar information about your interactions with the Services through those channels, depending on your settings and the third party’s policies.
Identity-based advertising identifiers
If you enable personalised advertising, Eyecon and its advertising partners may use identity-linking technologies (for example UID2) that rely on hashed identity inputs (such as a hashed email) and pseudonymous advertising tokens. These tokens are created and processed by the UID2 provider and our ad partners to deliver and measure personalised advertising.
Notification listener (optional feature)
If you enable Eyecon’s notification/ID features and grant notification access, the app may read notifications from other apps to provide caller-ID and message-preview functionality. This data is processed and stored locally on your device. We may extract the minimum data required for the feature, such as phone numbers detected in the notification, short message text, group name, and the notification icon (if present).
VPN related data – specific to the Eyecon VPN app
If you enable Eyecon’s VPN feature, we may use a third-party VPN connectivity provider, PureVPN, to establish and maintain an encrypted VPN connection. In this setup, Eyecon remains the customer-facing service provider and data controller for the personal data we collect through the App, while PureVPN acts as our processor/service provider for VPN connectivity.
To provide the VPN feature, we and/or PureVPN may process the minimum technical data necessary to establish, operate, secure, and troubleshoot the VPN connection. Depending on the implementation, this may include service configuration data and limited connection-related technical data such as VPN credentials/tokens, device type, session keys or public-key material generated for a session, selected VPN location, app version, and limited technical troubleshooting information. We seek to minimise this data and to avoid using it to identify users where not necessary.
Neither Eyecon nor PureVPN store or share browsing content, traffic payload, or a record of websites you visit through the VPN feature. We do not use VPN traffic content for advertising, profiling, or analytics.
4.3 Call, messaging, and address book data (caller ID features)
To support caller ID, dialer features, spam detection, and block/allow lists—and only where permitted by your device, operating system, local law, and granted permissions—we may process:
Call and messaging metadata
- phone numbers involved in calls;
- call direction (incoming/outgoing), time, date, duration, and number of calls;
- spam labels, block/unblock actions, and user reports;
- limited SMS metadata and (where applicable) content only if you explicitly enable SMS-related features and only to the extent permitted by local law and your operating system.
Local processing and storage
Call log information required to provide call history features (for example phone number, contact name if it exists in your address book, and call time/date and duration) is stored and processed locally on your device.
Fair use and service improvement
In addition, we may collect limited call usage metrics (such as call counts, and call time and duration) for purposes such as monitoring fair use, product development, resolving issues, and improving user experience.
We do not collect/track or store the audio or other content of your calls, or the content of your sms messages.
4.4 Data about your contacts, callers, and other individuals
To provide caller ID and related features, we may process data that relates to people who are not users of the Services, including:
- phone numbers, names, photos, and labels contained in your address book;
- how you and other users label or classify a number (for example “Mom”, “Bank”, “Spam”);
- spam reports, reputation signals, and spam-related classifications for specific numbers;
- information from public sources that links phone numbers to individuals or organisations.
We treat this type of information with particular care and provide mechanisms for individuals to exercise their rights where applicable (see Appendix B).
4.5 Data from public and third-party sources
We may receive personal data from the following sources:
Publicly available sources
Where permitted by law and platform terms, we may use publicly available information (for example public web pages, business directories, or public social media profiles) to help identify phone numbers and suggest caller names.
Third-party services and SDKs
We use third-party tools for functions such as hosting, analytics, spam detection, crash reporting, advertising, measurement, and customer support. These third parties may provide us with information such as:
- installation data and app store events;
- aggregated usage, performance, or diagnostic metrics;
- attribution and campaign performance data;
- identifiers and device data needed to provide their services.
We use this information only for the purposes described in this Privacy Policy, subject to contractual restrictions and applicable law.
VPN infrastructure provider – specific to the Eyecon VPN app
If you use the VPN feature, we may receive information from our VPN connectivity provider relating to the operation of the feature, such as service availability, aggregate performance and reliability indicators, generic error information, and support-related information where troubleshooting is required. Our VPN provider applies a no-activity-logs approach for VPN traffic and does not process browsing history, DNS browsing activity, or traffic payload for analytics or profiling purposes. Any support information is used only to investigate and resolve service issues.
Personal Information Collected Using Cookies and Similar Technologies
We and our partners use various tools to collect personal information when you visit our sites and Services, including cookies, pixels, software development kits, advertising identifiers, and other similar technologies. Some of these technologies store information in the browser or on your device. Other technologies may use network-related or other information to recognize your device (e.g., IP address). Our Services use these technologies, for example, when you first request a web page, and information is then stored on your computer or other device so the website or app can access information when you make subsequent requests for pages from that Service.
Examples of Cookies we use on our website and their purposes:
At any time, you can control the use of cookies by adjusting the settings on your browser. However, if you choose to disable some or all cookies, please note that by blocking any or all cookies, you may not have access to certain features, content, or personalization available through our Services.
Functional cookies: We use functional cookies to operate certain functions of the website in accordance with your choices, meaning that when you continue to use or come back to the website, the site will be provided as you have previously requested, e.g. remembering your username and customization of the website.
Analytics cookies: We use analytics cookies to analyse how the website is accessed, used or is performing. We use the information to maintain, operate and improve the website.
Third party cookies: We may allow our partners to use cookies on the website for the same purposes identified above. We may also use service providers acting on our behalf to use cookies for the purposes identified above.
Security Cookies: We use security cookies for security purposes.
Advertising Cookies: advertising cookies are used to serve you with advertisements that may be relevant to you and your interests.
If you have any questions or comments about our use of cookies, please contact privacy@instabridge.com.
Other personal information collected using tracking technologies
Depending on the Services you use and your consent settings, we and our partners may also use these technologies to gather information about how you view and use our Services and content, and to connect your activity with other personal information we store about you. Some of these partners include:
Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other information), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
5. How we use your personal information (purposes)
We use personal data for the purposes described below. Not all purposes apply to every Eyecon App or every user. The personal data we process depends on which Eyecon App you use, which features are available in that App, which permissions or settings you enable, and which Services you request.
5.1 Operating and providing the Services
We use personal data to operate, maintain, and provide the Eyecon Apps and related Services, including to:
- provide the features available in the relevant Eyecon App;
- authenticate you and manage your account, profile, subscription, purchases, and settings;
- provide customer support and respond to your requests;
- maintain service reliability, troubleshoot errors, and improve performance;
- communicate with you about your account, purchases, support requests, security issues, or important service updates.
Some account, device, diagnostic, analytics, support, security, subscription, and preference data may be processed through shared infrastructure used by more than one Eyecon App. For example, if you use both Eyecon Caller ID & Spam Block and Eyecon VPN, we may use common account, subscription, support, fraud-prevention, security, diagnostics, and preference data across those Apps to operate, secure, support, and improve the Services.
We do not use app-specific data from one Eyecon App for unrelated purposes in another Eyecon App unless this Privacy Policy says so, we are required or permitted to do so by law, or we obtain your consent. In particular, we do not use Caller ID-specific data, contacts, call/SMS data, notification data, or VPN traffic-related data for unrelated product purposes.
5.2 Caller ID, contact matching, spam protection, and related features
Where you use Eyecon Caller ID & Spam Block or another Eyecon App that includes caller ID, dialer, reverse lookup, contact, spam detection, block/allow list, or similar communication features, we may use personal data to:
- run caller ID, dialer, reverse lookup, contact management, spam detection, and block/allow list features;
- identify calls and numbers using aggregated signals from users, your device permissions, and public or third-party sources where permitted;
- suggest names, photos, labels, or other identifiers associated with phone numbers;
- improve the accuracy, coverage, and quality of caller ID and reverse lookup results;
- build and maintain spam, fraud, abuse, and reputation indicators for phone numbers;
- warn users about suspected spam, fraud, abusive, or unwanted callers;
- process user reports, corrections, block/unblock actions, and spam labels;
- prevent misuse of the Services and protect users and the public.
These purposes apply only where the relevant feature is available, permitted by your device, operating system, local law, and app-store rules, and where you have granted any required permissions.
5.3 VPN connectivity and security
Where you use Eyecon VPN or another Eyecon App that includes VPN functionality, we may use personal data and technical data to:
- To provide an optional VPN feature that routes traffic through secure VPN infrastructure;
- to authenticate VPN sessions and apply the connection settings you choose (for example VPN location);
- to maintain service reliability, diagnose connectivity issues, prevent abuse, and secure the VPN feature;
- to provide support in relation to VPN performance or connection problems.
We do not use VPN traffic content, browsing history through the VPN feature, or DNS activity for behavioural advertising, analytics profiling, or marketing.
5.4 Notification handling
Where you use Eyecon Caller ID & Spam Block or another Eyecon App that includes caller ID, if you enable notification-based caller ID or message-preview features and grant notification access, we use notification data only to operate those features, such as to display caller ID or message previews, match detected phone numbers to contacts, and detect spam or unwanted communications.
Notification processing is performed locally on your device unless this Privacy Policy states otherwise. Notification text, images, and related notification content are not sent to Eyecon for advertising, profiling, or cross-context behavioural targeting.
5.5 Analytics and product improvement
We use personal data to understand, maintain, and improve the Eyecon Apps and Services, including to:
- understand how users interact with features and where they encounter issues;
- measure app performance, stability, and reliability;
- analyse crashes, errors, diagnostics, and usage patterns;
- run tests and experiments to improve usability, performance, and functionality;
- generate aggregated or de-identified statistics for internal reporting, planning, and product development.
Where possible, we use aggregated or de-identified data for analytics and product improvement.
5.6 Advertising, user acquisition, and campaign measurement
We may use personal data for advertising, user acquisition, and campaign measurement as described below.
Personalised or behavioural advertising
If you explicitly consent to personalised or behavioural advertising, we may use identifiers, such as advertising IDs, coarse location, app installation data, and in-App event data to show ads tailored to your interests and to measure ad performance.
Identity-linking technologies
If you enable personalised advertising, we and our advertising partners may use identity-linking technologies, such as UID2, that rely on hashed identity inputs or pseudonymous advertising tokens. These technologies are used only for personalised ad delivery, frequency capping, and ad measurement, and only where permitted by your consent and applicable law. We do not use them for unrelated non-advertising profiling.
Non-personalised or contextual advertising
Even if you do not consent to personalised advertising, we may show non-personalised or contextual ads, for example based on the screen you are viewing, the general context of the App, or limited technical information needed to display and measure non-personalised ads.
User acquisition and campaign measurement
We may share a limited set of identifiers, installation data, and app events with mobile measurement partners, advertising platforms, and campaign partners to measure installs, campaign performance, fraud, and attribution.
5.7 Direct communication and marketing
We may use personal data to:
- send service, transactional, and operational messages, such as security alerts, support replies, technical notices, purchase or subscription messages, and important policy or service updates;
- send marketing messages about Eyecon features, offers, or Services where you have consented or where otherwise permitted by law;
- manage your marketing preferences, consents, and opt-outs.
You may opt out of marketing communications as described in this Privacy Policy. We may still send you non-marketing service messages where necessary.
5.8 Compliance, security, fraud prevention, and enforcement
We use personal data where necessary to:
- comply with applicable laws, including privacy, consumer protection, tax, accounting, communications, anti-spam, and security laws;
- comply with obligations under the Israeli Protection of Privacy Law, Amendment 13, and the Data Security Regulations where applicable;
- secure our systems, databases, networks, Apps, and Services;
- detect, investigate, and prevent fraud, abuse, spam, misuse, security incidents, and unlawful activity;
- respond to lawful requests from courts, regulators, law enforcement, or other authorities;
- enforce our EULA, terms, policies, and this Privacy Policy;
- establish, exercise, or defend legal claims.
5.9 Restrictions on advertising and unrelated use
We do not use the following data as inputs for ad targeting:
- the content of your calls or SMS;
- names, notes, or photos from your contacts;
- notification content;
- VPN traffic content, browsing history, DNS browsing activity, or traffic payload;
- spam/fraud scores or detailed caller ID labels.
We do not use personal data for purposes that are inconsistent with this Privacy Policy unless we are required or permitted to do so by law, or we obtain your consent.
5.10 Use of aggregated or anonymised data
We may use your non-personal information data in an aggregated and/or anonymised form to share publicly and to third parties, for example, in reports on internet use trends, to partners under agreement with us, or as part of community benchmarking. Data shared in this manner cannot reasonably be used to identify you as an individual. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws.
5.11 AI Recommendations & Personalisation (Optional Feature)
If you enable AI Recommendations & Personalisation (“AI Feature”), we process certain information you choose to share to provide more relevant, contextual recommendations and answers in the app. This feature is optional and can be turned off at any time.
Data you can choose to share for AI personalisation (opt-in per category)
We process AI Feature data based on your consent (GDPR Art. 6(1)(a)) for each category you enable. You can withdraw consent at any time in Settings.
You can opt in separately to each category below. We only process the categories you have enabled:
- gps location: current GPS coordinates for location-based recommendations.
- location history: places visited and travel patterns for personalised recommendations.
- installed apps: installed app names to infer interests for recommendations.
- recently opened apps: recently used apps to tailor responses to your current context.
- browser history: websites visited (e.g., domains or URLs depending on your selection) to infer interests.
- search history: search queries to tailor responses.sms history:
- text messages/communications: (content and/or metadata, depending on your selection) used only to provide context in AI responses.
- call history: call records (metadata) used only to provide context in AI responses.
- photo metadata: photo timestamps and location metadata used only to provide context in AI responses.
- responses and feedback: your prior AI interactions and feedback used to improve your future AI experience.
- other: other information you explicitly choose to provide for personalisation (described at the time you opt in).
How we use data for AI personalisation (purposes)
We use AI Feature data only to:
- Generate personalised AI responses and recommendations during your session (on-the-fly inference); and
- Maintain and protect the AI Feature, including security, abuse prevention, debugging, and quality assurance.
We do not use AI Feature data to train or fine-tune AI models.
Enhanced safeguards (potentially sensitive inferences)
Some AI Feature data (alone or combined) could allow inferences about sensitive information (such as health, religion, or political opinions). We apply enhanced safeguards, including data minimisation, strict access controls, encryption, and purpose restrictions.
Sharing and international transfers
We may share AI Feature data with service providers that help operate the AI Feature (for example, cloud infrastructure and AI processing vendors) acting as our processors under data-processing agreements. If processing involves transfers outside the EU/EEA, we use appropriate safeguards such as Standard Contractual Clauses.
Retention and deletion of AI Feature data
AI Feature data is retained for no more than 30 days and is automatically scheduled for deletion. If you disable a category or turn off the AI Feature, we stop collecting that category and delete related AI Feature data according to the same automated schedule, unless a longer period is required by law.
6. How long we keep your data (retention)
We will keep your personal data for as long as you have an account in the Services or for as long as we need to keep any personal data to comply with our legal obligations, resolve disputes, or enforce our agreements. After this your personal data will be deleted.
7. Sharing and storing your data
We do not sell your personal data in the ordinary sense of “sale”. We share personal data with:
7.1 Service providers and processors
We use third-party service providers who process data on our behalf and under our instructions, for example:
- cloud hosting and storage providers;
- analytics and measurement services;
- spam and fraud detection services;
- VPN services;
- crash reporting and performance monitoring providers;
- customer support and communication tools;
- payment and billing providers, where relevant.
These providers act as processors or database holders under GDPR and Israeli law and may only use personal data to provide services to us, subject to confidentiality and security obligations.
We store your personal information on industry standard servers, including through the use of the following third parties:
- Firebase and Google Cloud, owned by Google, who is a Service Provider. The data we store and otherwise process about you will be stored on servers hosted by Google Cloud.
- Amplitude, who is a Service Provider, and their service provider Amazon Web Services, which acts as a subprocessor.
- Singular. Singular is a Service Provider, and data that they process on our behalf is hosted by their service providers Amazon Web Services, Inc. and Snowflake, Inc, which act as subprocessors.
- CrispChat. Crisp IM SAS is a Service Provider, and data that they process on our behalf is hosted by their service providers Amazon Web Services, Inc. and DigitalOcean LLC,which act as subprocessors.
- Payment data is hosted by Stripe Payments Europe, Ltd, which is a Service Provider.
- Call, text and data usage data for Eyecon Mobile is processed and hosted by OXIO, Inc, which is a Service Provider.
7.2 Advertising and user acquisition partners
For in-app advertising and campaign measurement we work with:
- ad networks and mediation platforms;
- mobile measurement partners and attribution providers;
- platforms where we run user acquisition campaigns.
Depending on your consent and settings, these partners may receive:
- advertising IDs or other mobile IDs;
- coarse location;
- App installation and event data related to ads (for example, impressions, clicks, conversions);
- limited device and network information
- UID2 tokens and related metadata; these are generated and stored by the UID2 provider and may be shared with our advertising partners for ad delivery and measurement.
Some partners act as our processors and may only use data to provide services to us. Others act as independent controllers and use data they receive to improve and measure their own advertising services; their use is governed by their own privacy policies.
We do not permit partners to access or use:
- the content of your calls or SMS;
- names, photos or notes from your contacts;
- spam/fraud scores or detailed caller ID labels
7.3 Other users and the public
To provide caller ID and spam protection, we may show Eyecon users:
- names, photos or other identifiers associated with a number, derived from aggregated signals and public sources;
- spam warnings and reputation indicators for numbers reported as spam or suspected fraud.
We do not expose your entire address book to other users.
If you believe a number is incorrectly labelled, please contact us (see Section 11).
7.4 Instabridge Group entities
We may share personal data with other entities in the Instabridge Group where necessary for:
- shared infrastructure and security;
- group-level analytics and planning;
- centralised support or governance.
All such processing is subject to intra-group agreements and safeguards.
7.5 Authorities and legal recipients
We may disclose personal data where we believe in good faith that it is necessary to:
- comply with applicable laws or lawful requests from authorities or courts;
- respond to legal claims, investigations or regulatory inquiries;
- protect our rights, property or safety, or those of our users or the public;
- investigate and prevent fraud, abuse, security incidents or violations of our EULA.
7.6. Third-party services, SDKs and links
The App uses third-party software development kits (SDKs) and services, for example for:
- hosting and storage;
- analytics and product measurement;
- spam and fraud detection;
- VPN services;
- crash reporting and performance monitoring;
- in-App advertising and campaign attribution;
- customer support.
These partners may collect or receive certain data from your device or from our systems as described above. Some act as processors, others as independent controllers.
We maintain an internal register of our processors and SDKs, and we require our partners to implement appropriate privacy and security safeguards. Where partners act as independent controllers (for example some large ad networks or platforms), their processing is governed by their own privacy policies, which we recommend you review.
The App may also link to third-party apps, websites or services (for example messaging apps or social networks). Your use of those services is governed by their own terms and privacy policies, not this one.
7.6.1 VPN service provider (PureVPN)
If you use Eyecon’s VPN app, we may share limited personal data and technical data with PureVPN, our VPN connectivity provider, solely to enable and support the VPN service. PureVPN acts as our processor/service provider in this context.
The data shared is limited to what is necessary to provide the VPN feature, such as technical connection data, VPN service credentials/configuration, selected VPN location, device type, session-related cryptographic material, and troubleshooting information where needed. We instruct PureVPN to process such data only for the purpose of providing the VPN feature, maintaining reliability and security, and handling support.
PureVPN does not process or store browsing activity, DNS browsing logs, traffic content/payload, or device advertising identifiers for analytics or tracking on Eyecon’s behalf. We do not permit PureVPN or its subprocessors to use data processed for the VPN feature for their own marketing or profiling purposes.
PureVPN may use vetted subprocessors for infrastructure hosting, network operations, operational monitoring, and support tooling, subject to contractual data protection, confidentiality, and security obligations.
7.6.2 Notification data storage & sharing
Where you use Eyecon Caller ID & Spam Block or another Eyecon App that includes caller ID, if you enable notification-based caller ID or message-preview features and grant notification access, notification/ID data is kept on your device in the app’s local database. We do not share notification data, message content or associated images. You can disable the notification/ID feature or revoke notification access in your device settings; doing so stops further reading of notifications and deletes related local feature data where permitted.
8. International transfers
Instabridge Sweden AB is based in Sweden, and uses service providers and infrastructure in multiple locations, including:
- the European Economic Area (EEA);
- Israel;
- the United States; and
- other countries as needed to provide the Services.
When personal data is transferred outside your country:
- for EU/EEA data, we use safeguards such as standard contractual clauses and other measures required by GDPR;
- for Israeli data, we comply with the PPL and the Data Security Regulations, including rules on transfers from Israel and, where applicable, cross-border transfer conditions and contractual protections;
- for other jurisdictions, we apply appropriate safeguards required by local law.
We maintain internal documentation of our databases and cross-border data flows and review them periodically.
If you are located in the European Union (“EU”), United Kingdom (“UK”) or Switzerland then we may transfer personal data that we collect from you to third party suppliers and trusted partners located in countries that are outside of the EU and the European Economic Area (“EEA”) (including, but not limited to the USA) or to our partners/related third parties in connection with the above purposes. The same rule applies for users outside the EU/EAA, that is your data may be transferred outside of the country from which it was originally collected. Please be aware that the countries to which we may transfer data may have data protection laws that are different from the laws where you live.
When transferring personal data outside the EU/EEA, we will ensure that the country in which your personal data will be handled has been deemed “adequate” by the EU Commission under Article 45 of the General Data Protection Regulation (“GDPR”) or if your personal data will be transferred to a country which the EU Commission does not consider to have an adequate level of protection for personal data, we will take all necessary steps required under applicable law in order for such transfer of personal information across borders to be compliant with applicable law. We will only transfer your personal data to a country outside the EU/EEA that does not have adequate data protection laws where; (i) the transfer is being safeguarded by the use of Standard Contractual Clauses (SCCs), which have been approved by the European Commission as appropriate safeguards for international transfers under Article 46(2) of the GDPR; or (ii) where applicable, by an adequacy decision adopted by the European Commission under Article 45 of the GDPR.
By installing or using the App or Services, you consent to those transfers of personal information to other countries and to service providers.
You can find further information about the rules on data transfers outside the EU/EEA, including the mechanisms that we rely upon, on the European Commission website (https://ec.europa.eu/info/law/law-topic/data-protection_en).
9. Security
We implement technical and organisational measures designed to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in line with the Data Security Regulations and relevant industry standards.
These measures include, as appropriate:
- encryption of data in transit and at rest;
- access controls based on least privilege and need-to-know;
- strong authentication for administrative access (for example multi-factor authentication);
- logging and monitoring of key systems and access to databases;
- separation of environments and network security controls;
- regular security testing, audits and training;
- documented procedures for incident detection, response, notification and remediation.
We classify our databases by security level and apply the required controls for each level, taking into account data sensitivity, the number of data subjects and the number of authorised users.
No system is completely secure. If you believe that your account or data may have been compromised, please contact us immediately.
10. Children and minors
The App is not intended for persons under the age of majority. Our Services are designed for a general audience and require all users to be above the minimum age to consent for data processing as a condition of access. By installing or using our Services you represent and warrant to us that you are above the minimum age to consent for data processing in your domicile.
If you are a parent or guardian of a minor, and believe that minor has uploaded personal information in connection with our Services without your consent, or if you wish to review personal information collected from your minor child, or have that information modified or deleted, you may contact us as described in “Contact Us” below. If we become aware that a minor has provided us with personal information in violation of applicable law, we will use reasonable efforts to delete any personal information we have collected, unless we have a legal obligation to keep it.
We do not knowingly collect or solicit personal data from children or persons below the applicable age. If we learn that we have collected such data, we will delete it and may restrict access to the App from the relevant account or device.
If you believe we have collected data about a child or person in violation of this Policy or applicable law, please contact us (see Section 11).
11. Your rights and choices
Your rights depend on where you live and which laws apply. If you are in the EU/EEA or the UK, the GDPR (and UK GDPR) generally applies to our processing of your personal data, and you have the rights described below. Some rights and legal bases described in this Policy apply only where the relevant law applies. Where a specific law does not apply, we will still handle privacy requests in accordance with this Policy, applicable law, and our internal privacy practices.
11.1 GDPR/UK GDPR rights (EU/EEA/UK)
You may have the right to:
- Access – to obtain confirmation of whether we process personal data about you and to receive a copy. (This right applies to data relating to you, not to data relating to other individuals.)
- Correction (rectification) – to request correction of inaccurate, incomplete, or outdated data.
- Deletion (erasure) – to request deletion of your personal data in certain circumstances (for example where it is no longer necessary for the purposes for which it was collected). This right may be limited where we are permitted or required by law to retain certain data. If you request deletion, you may no longer be able to use some or all of the Services.
- Restriction – to request restriction of processing in certain circumstances.
- Objection – to object to processing based on legitimate interests, and to object at any time to direct marketing. If you object to certain processing that is necessary to provide the Services, you may no longer be able to use some or all features (and if you share a device, other users of that device may be affected).
- Data portability – to receive certain data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
- Withdrawal of consent – where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect processing carried out before it, and it does not affect processing based on lawful grounds other than consent.
- Information about sharing – to request information about the categories of third parties with whom your personal data has been shared (and, where required by law, further details).
- Automated decision-making – where applicable, to request information about, and to challenge, decisions taken exclusively by automated processing that produce legal or similarly significant effects for you.
11.2 Israel and other jurisdictions
Israel: Under Israeli law, you also generally have the right:
- to review data about you held in a registered database; and
- to request correction, and in some cases deletion or blocking, of data that is incorrect, incomplete, unclear, or outdated.
Non-users (caller ID results): If you are not an Eyecon user but believe that data about your phone number or identity appears in Eyecon’s caller ID results, you may contact us and we will review your request in accordance with applicable law and guidance from the Israeli Privacy Protection Authority (PPA).
Other jurisdictions (including the United States): Depending on where you live, you may also have rights to:
- opt out of certain processing (for example “targeted advertising,” “sale”/“sharing” of personal information, or certain profiling, as those terms are defined under applicable law);
- appeal our decision if we decline to act on your request (where an appeal right is provided by law); and
- use an authorized agent to submit requests on your behalf where permitted by law (we will require appropriate proof of authorization).
For further information on your rights as a US user, please see ANNEX A.
11.3 Limits on rights
These rights are not absolute. We may decline or limit a request where there is a valid reason under applicable law—for example, where we cannot verify your identity, where the request would adversely affect the rights of another person, where we must retain data to comply with legal obligations, or where fulfilling the request would prevent us from providing the Services you request.
11.4 How to exercise your rights
To exercise your rights, please contact us the email below depending on what app you have used:
Please include enough information to identify you and your relationship with Eyecon. We may request additional information to verify your identity and locate your data (for example, confirming the email address or account information associated with you). Only you—or someone legally authorized to act on your behalf where permitted—may make a request.
We will respond within the timeframe required by applicable law.
11.5 Data deletion requests
You can request deletion of your data directly through the Eyecon apps or by contacting us via email. To request data deletion in the app, go to Account Settings, where you can select the option to delete your account and associated data. Alternatively, you may send an email to privacy@instabridge.com or privacy@instabridge.com with your deletion request clearly stated, and our team will process your request in accordance with applicable privacy laws.
11.5 Complaints
If you are unhappy with our processing of your personal data and/or consider it to be in contrary to applicable legislation you may have the right to lodge a complaint with a competent supervisory data protection authority (“DPA”) (such as with the DPA in your country of residence, the DPA in the country of your place of work or the DPA in the country where the alleged infringement has occurred).
- In Sweden, the supervisory authority is the Swedish Supervisory Authority for Privacy Protection (“Integritetsskyddsmyndigheten”).
- in the EU/EEA or UK, with your local data protection authority (including the authority in your country of residence, workplace, or where the alleged infringement occurred); and/or
- in Israel, with the Israeli Privacy Protection Authority (PPA).
We will cooperate with the appropriate authorities to resolve privacy-related complaints.
12. Specific information regarding direct marketing and advertising choices
12.1 Service messages
We may send you service or transactional messages, for example about:
- important changes to the App or our terms;
- security alerts or technical issues;
- responses to your requests.
These are not marketing and you cannot opt out of essential service messages.
12.2 Direct marketing
Where required by law (for example for SMS or email advertising under Israel’s Communications Law / Anti-Spam Act), we will obtain your prior consent before sending advertising messages.
You can withdraw consent or opt out at any time by:
- using the unsubscribe link included in a marketing message; or
- contacting us at support@eyecon-app.com or support@eyecon-vpn.com
We may still send you non-marketing service messages.
12.3 Behavioural / personalised advertising
We only use your personal data for behavioural / personalised advertising if you have explicitly consented to it in the App.
You can:
- enable or disable personalised ads in App Settings → Privacy / Advertising (or similar); and
- use your device settings to limit or reset your advertising identifier and interest-based ads.
If you disable personalised ads or do not provide consent:
- we will not use data from the App to create or update advertising profiles;
- we will not send behavioural/ad-personalisation data from the App to ad partners, except to the extent strictly necessary for non-personalised ads and basic measurement;
- you may still see non-personalised ads.
We do not use:
- call or SMS content;
- names, notes or photos from your contacts;
- spam/fraud scores or detailed caller ID labels
to build ad profiles.
13. Israel-specific information (PPL & Amendment 13)
If you are located in Israel or if Israeli law otherwise applies, the following additional information applies.
13.1 Applicable law and supervisory authority
Our processing of personal data is subject to:
- the Protection of Privacy Law, 5741-1981 (PPL);
- Amendment No. 13 to the PPL; and
- the Privacy Protection (Data Security) Regulations, 5777-2017.
The competent supervisory authority is the Israeli Privacy Protection Authority (PPA).
13.2 Databases, PPO and data broker considerations
We maintain internal documents describing our databases that hold personal data, including:
- their purposes;
- types of data subjects and data categories;
- transfers outside Israel;
- security classification and measures.
Under Amendment 13 and the Data Security Regulations, certain databases may require specific security levels, documentation and, in some cases, registration or notification. We classify our databases and apply required measures accordingly.
We have appointed a Privacy Protection Officer (PPO) with responsibilities and authority as required by law, including:
- monitoring compliance with the PPL, Amendment 13 and the Data Security Regulations;
- assisting in privacy impact assessments and risk management;
- advising management and reporting on privacy matters;
- serving as the contact point with the PPA.
To the extent that Eyecon’s activities fall within categories such as “data broker” or high-risk database owner under Amendment 13, we will comply with any additional transparency, supervision and registration obligations that apply.
13.3 Rights and remedies under Israeli law
In addition to the rights listed in Section 11, under Israeli law you generally have the right:
- to review data about you held in a registered database; and
- to request correction, and in some cases deletion or blocking, of data that is incorrect, incomplete, unclear or outdated.
If you wish to exercise these rights, please contact us using the details in Section 11 and specify that your request relates to your rights under the PPL.
If you are not an Eyecon user but believe that a phone number associated with you appears in Eyecon’s caller ID results, you may contact us to request review, correction or deletion of that data. We will handle your request in accordance with the PPL, Amendment 13 and relevant PPA guidelines.
If you are dissatisfied with our response, you may lodge a complaint with the Israeli Privacy Protection Authority.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to reflect:
- changes in our Services or technologies;
- changes in applicable laws or regulatory guidance;
- feedback from users or authorities.
When we make material changes, we will:
- update the “effective date” at the top; and
- where required, provide additional notice (for example via the App or by other appropriate means).
Your continued use of the App after the updated Privacy Policy becomes effective indicates that you have read and understood the changes. If you do not agree, you should uninstall the App and contact us if you wish to exercise your rights.
15. Contact us
If you have questions, concerns or requests regarding this Privacy Policy or your personal data, you can contact us at:
Eyecon Global Ltd.
Support email: support@eyecon-app.com
Privacy contact: privacy@instabridge.com
Data protection officer contact: privacy@instabridge.com
Data Protection Officer
External Data Protection Officer: ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer, Burchardstraße 14, 20095 Hamburg
If you have any questions or concerns regarding your data, please contact privacy@instabridge.com. If you wish to communicate directly with our data protection officer (for example, because you have a particularly sensitive concern), please contact them by post, as communication by email may pose security risks. Please indicate in your request that your concern relates to Instabridge Sweden AB and Eyecon.
|
Postal address: |
Prof. Dr. Christoph Bauer, Burchardstraße 14, 20095 Hamburg
|
|
E-mail address: |
Contact information Data Controller
|
Name: |
Instabridge Sweden AB |
|
Registration number: |
559246-0538 |
|
Postal address: |
Instabridge Sweden AB Box 190 101 23 Stockholm |
|
E-mail address: |
ANNEX A – SUPPLEMENTAL CCPA PRIVACY NOTICE
This Supplemental CCPA Privacy Notice supplements our Privacy Policy and only applies to our processing of personal information that is subject to the CCPA.
NOTICE AT COLLECTION
At or before the time of collection, California residents have a right to receive notice of our privacy practices. California residents can find this information below.
- Personal Information Collected. See the section of this Supplemental CCPA Privacy Notice titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for a list of personal information which may be collected. If we have previously collected personal information in the past 12 months, we may collect that personal information from you.
- Uses of Personal Information. See the section of this Supplemental CCPA Privacy Notice titled “Uses of Personal Information” for a list of the purposes for which we use personal information.
- Is Personal Information “Sold” or “Shared” for “Cross-Context Behavioral Advertising”? Yes.
- How Long is Personal Information Retained For? We will retain your personal information for as long as you have an account in the Services or for as long as we need to keep any personal information to comply with our legal obligations, resolve disputes, or enforce our agreements. After this your personal information will be deleted. AI Personalisation data is retained for no more than 30 days and is automatically scheduled for deletion. If you disable a category or turn off AI Personalisation, we stop collecting that category and delete related AI Personalisation data according to the same automated schedule, unless a longer period is required by law.
- Additional Information. For more information on our privacy practices, please review this Supplemental CCPA Privacy Notice and our Privacy Policy. Importantly, the section of our Privacy Policy titled “Your Rights and Choices” includes important details about how you can exercise some of the rights which you have under the CCPA.
CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED
We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources. If you choose to enable AI Personalisation in the Services, we may collect and use additional personal information only for the categories you specifically opt in to. You can change your selections at any time in Settings.
OVERVIEW OF PERSONAL INFORMATION COLLECTED, DISCLOSED, SOLD, AND/OR SHARED
The CCPA provides California residents with the right to know what categories of personal information Eyecon/Instabridge has collected about them, whether Eyecon/Instabridge disclosed that personal information for a business purpose (e.g., to a service provider), whether Eyecon/Instabridge “sold” that personal information, and whether Eyecon/Instabridge “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:
|
Category of Personal Information Collected by Instabridge |
Category of Third Parties To Whom Personal Information is Disclosed to for a Business Purpose |
Category of Third Parties To Whom Personal Information is Sold and/or Shared |
|
Identifiers |
|
|
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) |
|
|
|
Protected classification characteristics under California or federal law |
|
|
|
Commercial information |
|
|
|
Biometric information |
|
|
|
Internet or other electronic network activity |
|
|
|
Geolocation data |
|
|
|
Sensory data |
|
|
|
Professional or employment-related information |
|
|
|
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99)) |
|
|
|
Inferences drawn from other personal information to create a profile about a consumer |
|
|
|
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number |
|
|
|
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account |
|
|
|
Personal information that reveals a consumer’s precise geolocation |
|
|
|
Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership |
|
|
|
Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Eyecon or Instabridge is the intended recipient of the communication |
|
|
|
Personal information that reveals consumer’s genetic data |
|
|
|
Biometric information that is processed for the purpose of uniquely identifying a consumer |
|
|
|
Personal information collected and analyzed concerning a consumer’s health |
|
|
|
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation |
|
|
USES OF PERSONAL INFORMATION
We may use and disclose the personal information that we collect for the following business and commercial purposes:
- Processing for purposes described in the “How We Use Information” section of our Privacy Policy;
- Processing related to delivering personalized, cross-context behavioral advertising, as well as marketing communications;
Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- Helping to ensure security and integrity to the extent the use of personal information is reasonably necessary and proportionate for these purposes;
- Debugging to identify and repair errors that impair existing intended functionality;
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with Instabridge;
- Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar Services;
- Providing advertising and marketing services;
- Providing AI-powered personalisation features (opt-in); generating personalised AI responses and recommendations, and maintaining and protecting the AI Feature (including security, abuse prevention, debugging, and quality assurance). We do not use AI Personalisation data to train or fine-tune AI models.
- Undertaking internal research for technological development and demonstration;
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Instabridge, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Instabridge.
DISCLOSURE REGARDING “SALES” OF PERSONAL INFORMATION AND/OR “SHARING” FOR “CROSS-CONTEXT BEHAVIORAL ADVERTISING”
In the preceding twelve months, Instabridge Sweden AB has “sold” and/or “shared” personal information for cross‑context behavioral advertising purposes. Such activities may involve providing your personal information to trusted third‑party advertising partners, who may use it to deliver targeted advertising across various digital contexts. We make these disclosures in accordance with applicable law. We do not sell AI Personalisation data. We do not share AI Personalisation data for cross-context behavioral advertising as part of the AI Feature.
DISCLOSURE REGARDING OPT-OUT PREFERENCE SIGNALS
Instabridge Sweden AB does “sell” and “share” personal information for cross‑context behavioral advertising. If you do not wish for your personal information to be used for these purposes, you may exercise your right to opt out. To do so, please click on the “Do Not Sell My Personal Information” link available on our website, in the app, or contact us at privacy@instabridge.com. We will process your opt‑out request in accordance with the CCPA and other applicable laws.
DISCLOSURE REGARDING INDIVIDUALS UNDER THE AGE OF 16
Instabridge Sweden AB does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. Eyecon/Instabridge does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”
DISCLOSURE REGARDING SENSITIVE PERSONAL INFORMATION
Instabridge Sweden AB only uses and discloses sensitive personal information for the purposes set forth in Section 7027(m) of the CCPA regulations. For AI Personalisation, we use and disclose Sensitive Personal Information only for purposes permitted under 11 CCR § 7027(m), and only as reasonably necessary and proportionate to provide the AI Personalisation feature you request via specifically opting in to that processing.
NON-DISCRIMINATION
California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
NOTICE OF FINANCIAL INCENTIVE
This Notice of Financial Incentives aims to inform you about any programs, benefits, and other financial incentive offerings, including price or service differences (collectively, “Incentive Offerings”), that we may provide in connection with the collection of your personal information so that you may make an informed decision on whether to participate in our Incentive Offerings. Such Incentive Offerings may be deemed “financial incentives” under the CCPA.
The material aspects of any Incentive Offering, along with the personal information collected in connection with an Incentive Offering, will be described at the time you are presented with the Incentive Offering.
Examples of our Incentive Offerings may include:
- One-Time Discount. We may offer you a discount on your data purchase or an amount of free data if you provide us your email address and agree to receive marketing communications.
- Refer-a-Friend Program. We may offer a discount on your future purchase when you provide your personal information along with your friends’ or colleagues’ personal information, and they make a purchase. The referred party may also receive a reward in the form of a discount on the first order and/or a free service for making a purchase through your referral.
You can opt-in to an Incentive Offering by following the instructions that accompany the presentation of the Incentive Offering. If you subsequently wish to withdraw from the Incentive Offering, you may request such withdrawal by contacting us as set forth in “Contact Us” above.
Each Incentive Offering may be based upon our reasonable and good-faith determination of the estimated value of such an offer to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized.
ANNEX B – Supplemental Privacy Statement for individuals who do not have an Eyecon account
This Supplemental Privacy Statement applies to people who do not hold an Eyecon account (referred to here as a “Non-Eyecon user” or “you”). It adds to, and should be read together with, our Privacy Policy.
What information do we collect about you?
A number of our features involve processing phone numbers — not only those belonging to Eyecon Caller ID users, but in some situations also those of people who do not use Eyecon Caller ID (i.e. Non-Eyecon users). To identify an incoming caller, we look the number up against our directory: where a number is not already saved in the user’s contacts, it is sent to our servers so that we can return a name and spam status. We may also store phone numbers as part of our community directory, as described below. We do not use Non-Eyecon users’ phone numbers for other forms of tracking, including advertising.
How do we use a Non-Eyecon user’s information?
When someone registers for Eyecon Caller ID (referred to as an “Eyecon Caller ID user”, “they”, “their”), they may choose to:
- enable access to their phonebook contacts in order to use the Caller ID feature. In that case, we upload their contacts — each contact’s phone number and the name saved against it — to our servers, where we use them to identify incoming callers and to build and improve our community directory. When a call comes in, we determine whether the number matches one of that user’s saved contacts and, if so, display the saved contact details on the caller ID screen; where there is no match, we identify the number against our directory;
- flag a phone number or an SMS as spam, or otherwise send us feedback. We use what they report to (i) recognise and confirm spam or malicious callers, (ii) provide context about numbers that would otherwise be unknown, and (iii) power features such as spam filtering, fraud protection, and message categorisation. For SMS, we never process the content of the message itself — only a hashed representation and pattern derived from it;
- propose a name for a phone number they have been in contact with, so that callers who were previously unidentified can be recognised by other users through live caller ID. To keep this accurate and protect the wider community, a proposed name is only shown via live caller ID after it has been confirmed by input from the community.
In these situations we will not notify you individually, as permitted under Article 14(5)(b) of the GDPR. We do, however, put suitable safeguards in place to protect your rights, freedoms, and legitimate interests, which includes making this statement publicly available.
What is our legal basis for this processing?
This processing is carried out on the basis of our legitimate interests and those of our users. In practice, this means our interest in running and delivering the Eyecon Caller ID service, and in keeping it safe and trustworthy by maintaining a community-driven directory of spam and fraudulent numbers, together with our users’ interest in being able to identify the people who contact them more easily.
Retaining Non-Eyecon user information
We only retain Non-Eyecon users’ phone numbers in the limited situations described above, and only for as long as needed to deliver the services that Eyecon Caller ID users have requested. Appropriate security measures are maintained to guard your personal data against unauthorised access, loss, or destruction. Where we retain name suggestions or numbers reported as spam, we erase them no later than two years after the suggestion was made or the spam report was submitted by an Eyecon Caller ID user.
How Non-Eyecon users exercise their data subject rights
You are entitled to all of the rights set out in the “Your Rights and Choices” section above. To correct the name shown for your number, remove your number from Eyecon Caller ID so that it is no longer visible to other users, or to exercise any of your other rights, contact us at privacy@instabridge.com.
Automated decision making and profiling
Delivering our Services sometimes relies on automated processing, which may make use of artificial intelligence (AI) or machine learning. Through this, we build spam and likely-fraud profiles in order to surface information about callers and SMS senders and to warn users about possible spam or fraud — and such profiles may relate to a “Non-Eyecon user”. Our automated systems examine patterns across the calls and messages that Eyecon Caller ID users receive or report, which helps us build these profiles and identify abuse such as spam or fraud. For SMS, this analysis is performed on a hashed representation and pattern of the message rather than its content. We likewise develop and train AI models on user reports to spot fraudulent and spam SMS messages. This enables faster, more consistent decisions and lets us work through very large volumes of data. Whenever we rely on AI systems, we maintain appropriate security measures to protect personal data against unauthorised access, loss, or destruction.
If you believe our spam classification is incorrect, or you would like your number removed from our search database, please contact us at privacy@instabridge.com.