Skip to main content

Privacy Policy

Last updated: June 1, 2026

1. Introduction

Kordant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (Kordant for Android and iOS) and website (kordant.com), collectively referred to as the "Service."

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of your information in accordance with this policy. If you do not agree with any part of this policy, please do not use the Service.

This policy complies with the General Data Protection Regulation (GDPR),California Consumer Privacy Act (CCPA), and Google Play's Data Safety requirements.

2. Information We Collect

We collect information you provide directly, information automatically collected when you use the Service, and information from third-party sources.

2.1 Information You Provide Directly

  • Account Information: Name, email address, password, and phone number when you create an account, update your profile, or sign in via Google.
  • Payment Information: When you subscribe or make purchases, payment processing is handled securely by Stripe. We do not store credit card numbers on our servers.
  • Profile Content: Avatar images, display name, and other profile customization data.
  • Voice Recordings: Audio recordings you voluntarily capture for the VoicePrint feature, used to create a voice fingerprint for caller identification. Recordings are processed and stored securely.
  • Watchlist Data: Personal information you choose to monitor for exposure (email addresses, phone numbers, or other identifiers).
  • Property Information: Property addresses and related information you add for title monitoring and data broker removal services.
  • Spam Reports: Phone numbers you report as spam or block for community protection.
  • Communications: Information you provide when contacting support or communicating with us.

2.2 Information Collected Automatically

  • Device Information: Device model, operating system version, app version, device locale/language, and unique device identifiers (FCM token for notifications).
  • Usage Data: App interactions, feature usage, API requests, startup timing, and navigation patterns to improve our service.
  • Call Data (Android only): Incoming phone numbers are checked against our spam database for call screening purposes. Phone numbers are hashed (SHA-256) before storage in the local database. Anonymized call screening logs are maintained for 7 days.
  • Crash Data: Crash reports, ANR traces, and performance diagnostics collected via Firebase Crashlytics.
  • Notification Preferences: Your opt-in/opt-out choices for different notification types (security alerts, marketing, system notifications).

2.3 Information from Third-Party Sources

  • Google Sign-In: When you authenticate via Google, we receive your name, email address, and profile picture as authorized by your Google account.
  • Data Brokers: We may collect publicly available information from data broker websites as part of our DarkWatch monitoring service, which is initiated by your search terms or watchlist items.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide and Maintain the Service: To operate our platform, authenticate users, process requests, and deliver features like call screening, dark web monitoring, and exposure alerts.
  • Personalization: To customize your experience, remember your preferences (theme, notification settings), and surface relevant alerts.
  • Security and Fraud Prevention: To detect root access, tampering, and unauthorized access; to screen incoming calls for spam and scams; and to protect the integrity of our service.
  • Communications: To send you security alerts, exposure warnings, scan results, account notifications, and (with your consent) marketing communications.
  • Analytics and Improvements: To analyze usage patterns, diagnose crashes, measure performance, and improve the Service.
  • Compliance: To comply with legal obligations, enforce our terms of service, and respond to lawful requests.

4. Third-Party Services

We use the following third-party services that may process your data:

ServicePurposeData Shared
Firebase CrashlyticsCrash reporting and analyticsCrash logs, device info, app version
Firebase Cloud MessagingPush notificationsDevice token, notification delivery data
Google Sign-InAuthenticationName, email, profile picture
StripePayment processingPayment card data (processed by Stripe, not stored by us)
ClerkWeb authenticationName, email, authentication data
ResendEmail deliveryEmail address
TwilioSMS notificationsPhone number

Each third-party service has its own privacy policy governing the use of your data. We do not sell your personal information to any third party.

5. Data Storage and Security

5.1 Encryption in Transit

All data transmitted between our mobile and web applications and our servers is encrypted usingTLS 1.2 or higher. Our Android app enforces certificate pinning for an additional layer of security against man-in-the-middle attacks.

5.2 Encryption at Rest

On Android, sensitive data including authentication tokens and cached user profiles are encrypted using AES-256-GCM via Android's EncryptedSharedPreferences, with the master key stored in the hardware-backed Android Keystore. Phone numbers in the local spam database areSHA-256 hashed before storage.

5.3 Server-Side Security

Data stored on our servers is encrypted at rest using industry-standard encryption. We implement strict access controls, regular security audits, and follow security best practices to protect your data.

5.4 Security Features

  • Root Detection: Our Android app detects compromised devices and restricts sensitive features.
  • Certificate Pinning: The Android app validates server certificates against known pins to prevent MITM attacks.
  • Secure Deletion: Sensitive data is overwritten before removal to prevent forensic recovery.
  • Log Sanitization: Authentication tokens, passwords, phone numbers, and email addresses are redacted from all logs.

6. Data Retention

We retain your data for the following periods:

  • Account data: Retained for as long as your account is active.
  • Authentication tokens: Retained until logout or token expiration.
  • Call screening logs (local): Anonymized logs retained for 7 days.
  • Voice recordings: Retained until you delete your enrollment or account.
  • Crash data: Retained per Firebase Crashlytics retention policy.
  • Usage analytics: Retained in aggregated form for service improvement.
  • Backup data: Retained for up to 90 days after account deletion for legal compliance.

7. Your Rights and Choices

Depending on your jurisdiction, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Deletion (Right to be Forgotten): Request deletion of your personal data. This can be done in-app via Settings → Delete Account, or by emailing privacy@kordant.com.
  • Data Portability: Request your data in a machine-readable format.
  • Opt-Out of Marketing: Unsubscribe from marketing communications at any time via notification settings or by replying "STOP" to SMS messages.
  • Withdraw Consent: Withdraw consent for data processing at any time (e.g., disable VoicePrint, turn off call screening).
  • Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at privacy@kordant.com. We will respond within 30 days as required by applicable law.

8. California Privacy Rights (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected.
  • Right to Delete: Request deletion of personal information collected.
  • Right to Opt-Out: We do not sell personal information. If this changes, we will update this policy.
  • Right to Non-Discrimination: We will not deny service or charge different rates for exercising CCPA rights.

To exercise your CCPA rights, contact us at privacy@kordant.com.

9. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without appropriate consent, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) and other GDPR-compliant transfer mechanisms when transferring data from the European Economic Area (EEA) to countries outside the EEA.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also provide in-app notification or email notice.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after the posting of changes constitutes your acceptance of such changes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will acknowledge receipt of your request within 5 business days and respond within 30 days.