DarkTrafficIQ Privacy Policy

Effective Date: May 5, 2026

Data Safety Summary

The following table summarizes how DarkTrafficIQ collects, uses, and shares your data. This is provided in plain language to meet Google Play Data Safety and Apple App Privacy disclosure requirements.

Data Type Collected / Purpose Shared / Retained
Email address Account creation & verification Not sold; retained while account active
Phone numbers you protect Core risk-analysis service Not sold; deleted on account deletion
Call Detail Records (metadata only — no audio) Risk scoring & alerts Not sold; retained up to 24 months
Device identifiers & push tokens Push notifications & diagnostics Shared with APNs/FCM only; rotated on reinstall
IP address / login logs Security & fraud prevention Not sold; retained up to 12 months
Subscription status Entitlement management Shared with RevenueCat, Apple, Google
Crash & performance data App improvement Shared with diagnostics provider
Support communications Customer support Not sold; retained up to 36 months

This Privacy Policy explains how The HACC Group, Inc. ("HACC", "we", "us", or "our") collects, uses, discloses, and protects information when you use the DarkTrafficIQ mobile application and any related websites or services (collectively, the "Service"). This policy is specific to DarkTrafficIQ; for other HACC products please see the relevant product policy.

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: email address, password (stored as a salted hash), display name, and—if you choose Apple Sign-In—your Apple user identifier and the email address Apple shares with us.
  • Phone numbers you protect: the phone number(s) you add to DarkTrafficIQ for risk monitoring.
  • Profile and preferences: notification settings, language, and other preferences you set in the app.
  • Support communications: the content of support tickets, emails, and any attachments or screenshots you send us.
  • Verification data: 6-digit codes we send to your email for sign-up, password reset, account-deletion cancellation, and similar flows.

1.2 Information Collected Automatically

  • Call Detail Records (CDRs): for the phone number(s) you protect, our network analyzes inbound traffic and produces metadata records (e.g., calling number, time, duration, network route, geo-IP/ASN of the originating carrier, risk score). DarkTrafficIQ does not record, listen to, or store the audio content of your calls.
  • Device information: device model, operating system version, app version, language/region, push-notification token (APNs/FCM), and a device identifier we generate.
  • Login and security logs: IP address, approximate location derived from IP, login timestamps, session identifiers, and authentication events (sign-in, sign-out, password change, MFA).
  • Usage data: in-app actions such as alerts viewed, alerts acknowledged, screens visited, and feature interactions, used to operate and improve the Service.
  • Diagnostic data: crash reports and performance traces.

1.3 Information from Third Parties

  • Apple Sign-In: if you sign in with Apple, Apple provides us with your user identifier and an email address (which may be a private relay address). We do not receive your Apple ID password.
  • Subscription platforms: Apple App Store, Google Play, and RevenueCat send us subscription events (purchase, renewal, cancellation, refund, billing issue). We do not receive your full payment-card or banking details.
  • GeoIP / ASN providers: we resolve IP addresses present in CDRs to country, region, ASN, and carrier information.

2. How We Use Information

  • Provide the core risk-analysis and alerting features of DarkTrafficIQ.
  • Authenticate you, secure your account, and detect fraud or abuse.
  • Send you push notifications, in-app alerts, and transactional emails (verification codes, security alerts, deletion confirmations).
  • Operate, maintain, and improve the Service, including diagnostics and performance tuning.
  • Process subscriptions and entitlements through Apple, Google, and RevenueCat.
  • Respond to your support requests.
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use your CDRs or phone-number content for advertising.

3. Legal Bases (EEA / UK Users)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing are: (a) contract—to deliver the Service you signed up for; (b) legitimate interests—to secure the Service, prevent abuse, and improve our products; (c) consent—where you have opted in (e.g., certain push notifications); and (d) legal obligation—to comply with applicable law.

4. How We Share Information

We share information only as described below:

  • Service providers (processors) who help us run the Service, under contracts that restrict their use of the data, including:
    • Cloud infrastructure and storage (AWS, Cloudflare R2/Workers/KV)
    • Email delivery (SendGrid)
    • Push notifications (Apple APNs, Google FCM)
    • Subscription management (RevenueCat)
    • GeoIP / ASN resolution providers
    • Crash and performance diagnostics
  • App stores and payment processors: Apple and Google process your purchase and share with us only the limited subscription metadata we need.
  • Legal and safety: we may disclose information when required by law, subpoena, or court order, or to protect rights, safety, or the integrity of the Service.
  • Business transfers: if HACC is involved in a merger, acquisition, or asset sale, information may be transferred subject to standard confidentiality protections; we will notify you of any material change in handling.

5. International Data Transfers

HACC is based in the United States, and the Service may be operated from data centers in the U.S. and other countries. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other jurisdictions that may have different data-protection laws. Where required, we use appropriate transfer mechanisms (such as the EU Standard Contractual Clauses).

6. Data Retention

  • Account data is retained for as long as your account is active.
  • CDRs and risk events are retained for the period necessary to provide history and trend analysis to you, typically up to 24 months, after which they are aggregated or deleted.
  • Login and security logs are retained up to 12 months for security-investigation purposes.
  • Support communications are retained up to 36 months.
  • Backups may persist for an additional limited period after deletion from primary systems.

We may retain limited information longer where required by law, to resolve disputes, or to enforce our agreements.

7. Account Deletion

You can request account deletion from inside the app (Settings → Account → Delete Account) or via our web page at /dti/account-deletion. Deletion requires password re-authentication and triggers a 60-day grace period during which you can cancel the deletion by signing in and confirming a 6-digit email code. After the grace period, your personal account data is deleted from active systems; residual copies in encrypted backups are purged on the standard backup-rotation schedule.

Some records (such as financial/tax records related to subscriptions, and abuse-prevention records) may be retained as required by law.

8. Your Rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your account and personal information;
  • Object to or restrict certain processing;
  • Receive a portable copy of your data;
  • Withdraw consent at any time (without affecting prior lawful processing); and
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email [email protected]. We will verify your identity before fulfilling the request.

8.1 California Residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, to delete it, to correct it, and to opt out of "sale" or "sharing" (as those terms are defined under California law). HACC does not sell personal information and does not share it for cross-context behavioral advertising. You will not be discriminated against for exercising your rights.

9. Security

We use industry-standard safeguards including TLS in transit, encryption at rest for sensitive fields, hashed passwords, scoped access tokens, principle-of-least-privilege access controls, and audit logging. No system is 100% secure; if we become aware of a breach affecting your information, we will notify you as required by law.

10. Children

DarkTrafficIQ is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from such children. If you believe a child has provided us information, contact [email protected] and we will delete it.

11. Third-Party Links and Services

The Service may link to or integrate with third-party services (e.g., the Apple App Store, Google Play). Their use of your information is governed by their own privacy policies, not this one.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you in-app, by email, or by other reasonable means before the change takes effect. The "Effective Date" above will reflect the latest version.

13. Contact Us

Questions or requests concerning this Privacy Policy:

  • Email: [email protected]
  • Postal: The HACC Group, Inc. — Privacy Office, 7950 Legacy Dr, Suite 431, Plano TX 75024