Privacy Policy

At eave, we believe that protecting your privacy and protecting you from scams go hand in hand. This Privacy Policy explains what information eave collects, how it is used, and the choices you have. We have written it in plain language - if anything is unclear, please contact us.

1. The short version

• eave never records your calls. Audio is analysed locally and in real time, then immediately discarded.
• eave never stores your voice or your words.
• eave never reads your call log or identifies who you are calling.
• We do not sell, share, or monetise your personal data.
• eave requires an email address to create an account. It is used solely for authentication and is never sold or shared.
• Beyond your email, the only other data we collect is limited, anonymised technical and feedback data to improve the service, described in detail below.

2. Who we are

eave is a mobile application (Android and iOS) that helps you recognise phone scams in real time. The eave app and this website are operated by the eave team at North Lo (contact: support@eaveapp.ca). References to "eave", "we", "us", or "our" in this policy refer to the team operating the eave application and related services at https://www.eaveapp.ca.

3. Information we collect

3.1 Audio

When you activate monitoring, eave uses your device microphone to listen to your side of the conversation only. Audio is streamed to our backend solely for real-time transcription and scam-pattern analysis. Audio is never stored, never logged, and never retained after processing. Once a result is returned, the audio stream is discarded immediately.

3.2 Transcription text

The text transcribed from your speech during a monitored call is used only to evaluate whether scam-related language is present. Transcription data is not stored by default. If you choose to submit voluntary post-call feedback (see Section 3.4), an anonymised summary of the session may be retained for model improvement purposes only.

3.3 Technical and diagnostic data

We may collect anonymised technical information such as:

• App version and operating system version
• Session duration and monitoring start/stop events (no audio content)
• Error and crash reports

This data contains no personally identifiable information and is used solely to maintain and improve the reliability of the service.

3.4 Voluntary feedback

After a monitoring session ends, you may optionally tell us whether the call was suspicious. If you choose to submit feedback, we store an anonymised record of whether our detection was accurate. This helps us train better models. You are never required to submit feedback.

3.5 Account registration and sign-in

To use the eave mobile app, you create an account with your email address and password, or sign in with Google or Apple. Authentication is handled by Firebase Authentication (Google). We receive your email address and a unique account identifier from Firebase. We use this information solely to authenticate you, manage your account, and provide the service. We do not use your email for marketing and do not sell or share it with third parties for their own marketing.

3.6 Family alert contacts (optional)

If you choose to add family or trusted contacts for scam SMS alerts, the app stores contact names and phone numbers on your device and syncs them to our backend so alerts can be sent when high-confidence scam language is detected. This data is linked to an anonymous household identifier on our servers, not to your email address in alert delivery logs. You can remove contacts at any time in the app; synced server copies are updated or deleted when you change or delete contacts locally.

3.7 Device permissions

The eave app may request access to:

• Microphone — to listen during monitored calls or manual monitoring sessions (audio is processed in real time and not stored; see Section 3.1).
• Bluetooth — to connect to an optional eave hardware accessory (puck/clip) that streams audio to the app.
• Notifications — to show in-app alerts during active monitoring (optional).

3.8 Third-party service providers

We use trusted infrastructure and processing providers to operate eave. They process data only on our instructions and for the purposes described in this policy:

• Firebase / Google — account sign-in and authentication
• Apple — Sign in with Apple (when you choose that option)
• Cloud hosting (Microsoft Azure) — runs our backend API
• Speech-to-text providers (e.g. Deepgram, Azure OpenAI) — convert live audio to text for real-time scam analysis; audio is not retained by eave after processing
• Twilio — delivers optional family SMS scam alerts to phone numbers you provide

Each provider’s handling of data is also governed by their own privacy policies. We do not sell your personal information to data brokers or advertisers.

3.9 Information we do NOT collect

• We do not collect the phone numbers you call or are called from.
• We do not read, access, or store your call log or contacts.
• We do not collect your name or any information beyond what is described above.
• We do not collect your precise GPS location.
• We do not track you across apps or websites.

4. How we use information

We use the limited information we collect to:

• Provide real-time scam detection during calls
• Maintain and improve the accuracy of our detection models
• Diagnose and fix technical issues with the app

We do not use your information for advertising. We do not build user profiles. We do not sell data to any third party.

5. Data sharing

We do not sell, rent, or trade your personal information. We may share limited anonymised technical data with infrastructure providers (such as cloud hosting services) solely for the purpose of operating the service. Any such providers are contractually required to keep data confidential and use it only to provide services to us.

6. Data security

All communication between the eave app and our backend is encrypted in transit using TLS. We use API key authentication to prevent unauthorised access. Given that we do not store audio or transcription data, the scope of any potential breach is materially limited.

7. Data retention

Audio data: not retained by eave (discarded in real time after processing).
Transcription text: not retained by default; optional anonymised feedback may be stored up to 12 months for model improvement.
Account email and authentication data: deleted when you delete your account (see Section 9).
Family alert contact names and phone numbers: removed from our servers when you delete them in the app or delete your account.
Technical/diagnostic data: retained for up to 90 days, then deleted.

8. Children's privacy

eave is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Your rights

eave holds a minimal amount of personal data about you: your email address used for authentication. You have the right to access, correct, and delete this data at any time.

To delete your account and all associated data, open the eave app, go to Settings > Delete Account, and follow the prompts. You may also request deletion by emailing support@eaveapp.ca from the email address on your account. Deletion is permanent; associated data (including synced family contacts) is removed within 30 days. Full instructions: https://www.eaveapp.ca/delete-account

If you have submitted voluntary feedback and wish to have it removed without deleting your account, please contact us at support@eaveapp.ca.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised date. We encourage you to review this policy periodically.

11. Contact us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
support@eaveapp.ca