Last updated: June 28, 2026
At eave, we believe that protecting your privacy and protecting you from scams go hand in hand. This Privacy Policy explains what information eave collects, how it is used, and the choices you have. We have written it in plain language - if anything is unclear, please contact us.
eave is a mobile application (Android and iOS) that helps you recognise phone scams in real time. The eave app and this website are operated by the eave team at North Lo (contact: support@eaveapp.ca). References to "eave", "we", "us", or "our" in this policy refer to the team operating the eave application and related services at https://www.eaveapp.ca.
When you activate monitoring, eave uses your device microphone to listen to your side of the conversation only. Audio is streamed to our backend solely for real-time transcription and scam-pattern analysis. Audio is never stored, never logged, and never retained after processing. Once a result is returned, the audio stream is discarded immediately.
The text transcribed from your speech during a monitored call is used only to evaluate whether scam-related language is present. Transcription data is not stored by default. If you choose to submit voluntary post-call feedback (see Section 3.4), an anonymised summary of the session may be retained for model improvement purposes only.
We may collect anonymised technical information such as:
This data contains no personally identifiable information and is used solely to maintain and improve the reliability of the service.
After a monitoring session ends, you may optionally tell us whether the call was suspicious. If you choose to submit feedback, we store an anonymised record of whether our detection was accurate. This helps us train better models. You are never required to submit feedback.
To use the eave mobile app, you create an account with your email address and password, or sign in with Google or Apple. Authentication is handled by Firebase Authentication (Google). We receive your email address and a unique account identifier from Firebase. We use this information solely to authenticate you, manage your account, and provide the service. We do not use your email for marketing and do not sell or share it with third parties for their own marketing.
If you choose to add family or trusted contacts for scam SMS alerts, the app stores contact names and phone numbers on your device and syncs them to our backend so alerts can be sent when high-confidence scam language is detected. This data is linked to an anonymous household identifier on our servers, not to your email address in alert delivery logs. You can remove contacts at any time in the app; synced server copies are updated or deleted when you change or delete contacts locally.
The eave app may request access to:
We use trusted infrastructure and processing providers to operate eave. They process data only on our instructions and for the purposes described in this policy:
Each provider’s handling of data is also governed by their own privacy policies. We do not sell your personal information to data brokers or advertisers.
We use the limited information we collect to:
We do not use your information for advertising. We do not build user profiles. We do not sell data to any third party.
We do not sell, rent, or trade your personal information. We may share limited anonymised technical data with infrastructure providers (such as cloud hosting services) solely for the purpose of operating the service. Any such providers are contractually required to keep data confidential and use it only to provide services to us.
All communication between the eave app and our backend is encrypted in transit using TLS. We use API key authentication to prevent unauthorised access. Given that we do not store audio or transcription data, the scope of any potential breach is materially limited.
Audio data: not retained by eave (discarded in real time after processing).
Transcription text: not retained by default; optional anonymised feedback may be stored up to 12 months for model improvement.
Account email and authentication data: deleted when you delete your account (see Section 9).
Family alert contact names and phone numbers: removed from our servers when you delete them in the app or delete your account.
Technical/diagnostic data: retained for up to 90 days, then deleted.
eave is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
eave holds a minimal amount of personal data about you: your email address used for authentication. You have the right to access, correct, and delete this data at any time.
To delete your account and all associated data, open the eave app, go to Settings > Delete Account, and follow the prompts. You may also request deletion by emailing support@eaveapp.ca from the email address on your account. Deletion is permanent; associated data (including synced family contacts) is removed within 30 days. Full instructions: https://www.eaveapp.ca/delete-account
If you have submitted voluntary feedback and wish to have it removed without deleting your account, please contact us at support@eaveapp.ca.
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised date. We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
support@eaveapp.ca