Privacy Policy — Qualiflow

Last Updated: May 2026

Qualiflow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Qualiflow mobile application and website at qaliflo.com.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our services, we may collect:

Phone number (used as your account identifier)
Email address (for account communications)
Payment information (processed securely by PayPal or Stripe — we do not store card details)
Account preferences and settings

1.2 Information Collected Automatically

When you use Qualiflow, we automatically collect:

Call metadata (duration, destination number, timestamp) for billing purposes
Device information (operating system version, device model)
IP address and approximate location (country/region level)
App usage statistics and crash reports

1.3 Information We Do NOT Collect

We are committed to minimal data collection. We do not collect:

The content of your calls (we do not record or store call audio)
Your device contacts (see Section 3 for full details)
Precise GPS location
Browsing history outside of our app

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Qualiflow service
Process payments and manage your account balance
Send transactional communications (receipts, OTP codes, account alerts)
Detect and prevent fraud and abuse
Comply with legal obligations
Improve and optimise our services
Provide customer support

We do not use your data for advertising purposes and do not sell your personal information to third parties.

3. Contact Storage — Your Contacts Stay on Your Device

This is a core privacy principle of Qualiflow:

Your contacts are stored exclusively on your device. They are never uploaded to, stored on, or processed by our servers.

When you use Qualiflow to call a contact from your phone's address book:

The contact lookup happens entirely on your device
Only the destination phone number is transmitted to our servers to route the call
Contact names, photos, and other metadata remain on your device at all times
We have no access to your contact list

This design ensures that your personal network of contacts remains private and under your full control.

4. Data Security

We implement industry-standard security measures to protect your information:

All data in transit is encrypted using TLS 1.3
Account passwords are hashed using bcrypt with appropriate salt rounds
Payment processing is handled entirely by PCI-DSS compliant providers (PayPal, Stripe)
Regular security audits and penetration testing
Access to user data is restricted to authorised personnel only

While we take reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

5.1 PayPal

When you top up your account via PayPal, you are subject to PayPal's Privacy Policy. We receive confirmation of payment but do not store your PayPal credentials or financial details. Visit paypal.com/privacy for their policy.

5.2 Stripe

Card payments are processed by Stripe. Stripe is PCI-DSS Level 1 certified. We do not store card numbers or CVV codes. Visit stripe.com/privacy for their policy.

5.3 Telecommunications Providers

To route calls, we work with licensed telecommunications carriers. These providers may process call metadata (originating number, destination number, duration) as required for call routing and regulatory compliance.

6. Data Retention

We retain your data for the following periods:

Account information: For the duration of your account plus 12 months after closure
Call records: 24 months (required for billing disputes and regulatory compliance)
Payment records: 7 years (required by financial regulations)
Crash reports and logs: 90 days

After these periods, data is securely deleted or anonymised.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Portability: Request your data in a machine-readable format
Objection: Object to certain types of processing
Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at support@qaliflo.com. We will respond within 30 days.

8. Children's Privacy

Qualiflow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

9. International Data Transfers

Qualiflow operates primarily in the SADC region. Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place for any international transfers, in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: