Legal

Privacy Policy

Effective date: 2026-04-29 · Version 1.0 · Operator: LIGHTHOUSE 27 LLC, a Delaware limited liability company, operating the Ringdocket mobile app and web dashboard at ringdocket.com.

Scope of this Policy
Information We Collect
Information We Do Not Collect
How We Use Information
Legal Bases and Purposes of Processing
Your Rights — Federal and State-Specific
Third-Party Service Providers (Subprocessors)
Data Retention
Account Deletion and the Anonymization Cascade
The Block List — What It Contains and What It Does Not
Data from Public Government Sources (FTC, FCC)
Cookies, Analytics, and Tracking
Children's Privacy
Security
International Users
Changes to This Policy
Contact Information

1. Scope of this Policy

This Privacy Policy describes how Ringdocket ("we," "us," "our," or the "Service") collects, uses, discloses, and retains information when you install our iOS app, visit ringdocket.com, create an account, submit a spam report, subscribe to a paid plan, or receive email from us.

This policy applies to the Ringdocket iOS app, the Ringdocket web dashboard, the ringdocket.com marketing site, and all emails we send you. It does not cover third-party services you reach through links we publish (for example, the FTC Do Not Call Registry or carrier websites).

2. Information We Collect

2.1 Information you provide directly

Email address — required to create an account and verify that you are a real person. We send product emails and account notices to this address.
Phone numbers you report — when you submit a spam report, you provide the number you are reporting (in E.164 format).
Report metadata — the category you select (robocall, scam, spoof, telemarketer, debt collector, other) and the timestamp of the report.
Optional report notes — a free-text field capped at 280 characters. Notes are used only internally for moderation and fraud-signal review. Notes are never displayed on public-facing pages.
Display name — optional and used only if you opt in to public first-flag attribution.
Payment information — if you subscribe, your payment credentials are collected and processed directly by Stripe. We never see or store your full card number. We store a Stripe customer identifier and subscription status.
Delist / appeal submissions — if you submit the public form at ringdocket.com/report-an-error, we collect your name, email, phone number in question, and whatever evidence you attach.

2.2 Information collected automatically

Device install identifier — a UUID generated by our iOS app at first launch and stored in your device Keychain. This is not Apple's IDFA. It is scoped to our app only. Reinstalling the app generates a new UUID.
Subscription status — active, past-due, cancelled, or lifetime-locked (Founding Flagger).
IP address at report time — used for abuse detection (specifically, the /24 subnet is recorded alongside a report to prevent coordinated fake reporting from a single network). The full IP is not retained beyond 30 days.
Usage events — page views, feature use, and interaction events processed by PostHog. After you log in, these events are linked to your account identifier. Before login, they are anonymous.
Crash and error data — processed by Sentry for reliability work. Phone numbers and account identifiers are scrubbed from crash reports before transmission.

2.3 Information we derive from your activity

Reputation signals — our systems compute aggregate signals about reported numbers (for example, how many independent users have reported the number and within what time window). These signals power the block list and campaign clustering.
Gamification state — badges, first-flag credit, and impact score, derived from your report history.

3. Information We Do Not Collect

We want to be explicit about this because call-blocking apps have a poor reputation for over-collection.

We do not record your calls. Audio never leaves your device. There is no call recording feature in this Service.
We do not inspect call content. Apple's Call Directory Extension does not give us access to call audio, transcripts, or metadata beyond the inbound number match.
We do not collect your contacts. The block list is stored locally on your device and checked against incoming numbers by iOS itself.
We do not use Apple's IDFA (Advertising Identifier). No cross-app tracking occurs and no App Tracking Transparency prompt is shown because none is required.
We do not collect precise location. No GPS, no continuous location, no geofencing.
We do not sell personal information to any third party for advertising or any other purpose. See §6 for state-specific confirmation.

4. How We Use Information

We use the information described in §2 to:

Operate the block list — aggregate enough independent reports about a phone number to include it on the distributed block list (minimum three independent accounts, within a 14-day rolling window, from distinct devices and /24 subnets).
Run your account — authenticate logins, manage your subscription, send transactional email (receipts, password resets, auth confirmations).
Send product communications you have opted into — weekly Scam of the Week digest, monthly personal impact report, quarterly Takedown Report, and Founding Flagger launch communications. See §12 and the CAN-SPAM footer policy for details on opt-in defaults and unsubscribe mechanics.
Improve the Service — crash analysis, product analytics, performance monitoring. These activities use pseudonymous identifiers, not email addresses.
Detect and prevent abuse — block coordinated false reporting, throwaway accounts, and griefing. Device fingerprint and IP /24 subnet are the primary signals.
Comply with law — respond to lawful requests, protect our rights and safety and those of our users.

We do not use your information for profiling decisions that produce legal or similarly significant effects on you.

5. Legal Bases and Purposes of Processing

For users in jurisdictions that require a stated legal basis:

Contract — processing necessary to deliver the Service you signed up for (account, subscription, block list).
Legitimate interest — abuse detection, service security, aggregate analytics, crash reporting.
Consent — marketing email beyond transactional messages, any optional public attribution of your reports.
Legal obligation — responses to valid legal process, breach notification.

You can withdraw consent for marketing email at any time by unsubscribing or by adjusting email preferences in your account.

6. Your Rights — Federal and State-Specific

6.1 Rights available to all users

Regardless of where you live, you can:

Request a copy of the personal information we hold about you.
Request correction of inaccurate personal information.
Request deletion of your account and personal data.
Opt out of marketing email at any time, one category at a time, via SendGrid unsubscribe groups.

To exercise any right, email [email protected] from the address on your account. We respond within 45 days. If we need more time, we will tell you why and when to expect a response.

6.2 California residents (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

Right to know — what categories of personal information we have collected about you, the sources, the purposes, and the categories of third parties we shared it with.
Right to delete — we will delete your personal information subject to the exceptions in Cal. Civ. Code §1798.105(d).
Right to correct — we will correct inaccurate personal information on request.
Right to opt out of sale or sharing — we do not sell your personal information and we do not share it for cross-context behavioral advertising. There is nothing to opt out of. We state this explicitly to satisfy disclosure requirements.
Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right.
Right to non-discrimination — we will not deny, charge different prices for, or provide a different quality of Service because you exercised a privacy right.

To exercise these rights, email [email protected]. You may designate an authorized agent to submit requests on your behalf; the agent must provide written permission and we may verify directly with you.

6.3 Virginia residents (VCDPA)

Under the Virginia Consumer Data Protection Act, you have rights to access, correct, delete, obtain a portable copy of, and opt out of the sale of personal data and of targeted advertising. We do not sell personal data or use it for targeted advertising. Email [email protected] to exercise any right.

6.4 Colorado residents (CPA)

Under the Colorado Privacy Act you have equivalent rights to access, correct, delete, obtain a portable copy of, and opt out of sale or targeted advertising. Same opt-out answer: we do not sell and we do not target. Email [email protected] to exercise any right.

6.5 Connecticut residents (CTDPA)

Under the Connecticut Data Privacy Act you have equivalent rights. Same email address applies.

6.6 Other states with comprehensive privacy laws

We honor equivalent rights for residents of any other US state with a comprehensive consumer privacy statute, including Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Tennessee (TIPA), Iowa (ICDPA), Delaware (DPDPA), New Jersey (NJDPA), New Hampshire (NHDPA), Indiana (INCDPA), and any successor statutes. Requests use the same email address and the same 45-day response target.

6.7 Appeals

If we deny a rights request in whole or in part, you may appeal within 60 days by emailing [email protected]. We respond to appeals within 45 days. If the appeal is denied, we will provide an explanation and, for jurisdictions that require it, contact information for the relevant state attorney general.

7. Third-Party Service Providers (Subprocessors)

We share information with the following service providers strictly as needed to operate the Service. Each acts as a data processor on our behalf and is bound by contractual confidentiality and security obligations.

Provider	Role	Data categories	Region
Supabase	Database, authentication, serverless functions	Email, account metadata, report records, device identifiers, subscription status	United States
Cloudflare	CDN, Workers, R2 object storage, rate limiting, Pages hosting	IP addresses, HTTP request metadata, block list artifacts, Takedown Report PDFs	Global edge network (origin US)
Stripe	Payment processing	Name, email, billing address, card data (collected directly by Stripe; we never see card numbers), Stripe customer ID, subscription status	United States
RevenueCat	Mobile subscription management and receipt validation	Anonymous app user ID, subscription receipts, entitlement status	United States
SendGrid (Twilio)	Transactional and marketing email delivery	Email address, email content, unsubscribe group membership	United States
PostHog	Product analytics, feature flags	Pseudonymous user ID, event properties, page URLs; no phone numbers, no email bodies	United States (Cloud)
Sentry	Crash and error reporting	Pseudonymous user ID, stack traces, device model, OS version; phone numbers and UUIDs are scrubbed before transmission	United States

We do not authorize any of these providers to use your information for their own purposes, to sell it, or to combine it with other data for marketing to you.

We review our subprocessor list periodically. If we add or change a subprocessor that materially affects what data is shared or where it is processed, we will update this list before the change takes effect.

8. Data Retention

Active account — we retain your account data, reports, and derived signals for as long as your account is active.
Inactive account — if you have not logged in or reported for 24 consecutive months, we may contact you about deletion. If we receive no response within 30 days, we may anonymize your account using the same cascade described in §9.
Deleted account (user-initiated) — see §9. Personal data is deleted within 30 days of your deletion request. Anonymized report signals persist indefinitely.
Email logs — SendGrid event logs (delivered, opened, bounced) are retained for up to 30 days for deliverability operations.
Sentry crash data — retained for 90 days.
PostHog usage data — retained for up to 24 months.
Cloudflare Logpush (Worker audit logs) — retained for 90 days in R2 for forensic and incident-response purposes.
Backups — database backups are retained for up to 30 days. Point-in-Time Recovery is enabled on our primary database.
Payment records — Stripe retains payment records per their own retention policy and applicable financial-records law (typically seven years).
Public government data — FTC National Do Not Call Registry data we ingest is retained indefinitely because it is public-domain government work product.

9. Account Deletion and the Anonymization Cascade

You can delete your account at any time from the web dashboard under Settings → Delete account. Deletion is confirmed (we will ask you to re-enter your email) and processed within 30 days.

When we process your deletion:

Your users row is deleted. Email address, display name, and any account metadata are removed.
Your user_badges rows are deleted.
Your devices rows are deleted (device install UUIDs).
Your subscriptions row is deleted (Stripe and RevenueCat are also notified to remove the link to your account, though Stripe retains its own payment records per §8).
Your report records (reports rows) are anonymized, not deleted. Specifically:
- The user_id foreign key is set to NULL.
- Any notes you wrote on reports are deleted in full (notes are the field most likely to contain identifying content by your own authorship).
- The report event itself — phone number reported, category, timestamp — persists as an anonymous signal that continues to contribute to the block list.
Your email address is also scrubbed from PostHog and Sentry via their respective data-deletion APIs.

Why we anonymize rather than delete reports

If we deleted every report when a user deleted their account, the block list would degrade whenever long-time contributors left. Numbers with only a few reports could drop below the corroboration threshold and come off the list, making unprotected users more vulnerable to active scam operations. Anonymization preserves the public-safety benefit of the list while removing everything that personally identifies you.

This approach is consistent with how Reddit, Wikipedia, and similar contribution-driven platforms handle deletion requests. We believe this is CCPA and VCDPA compliant because:

No personally identifying information is retained (email, user ID, notes, device identifiers are all removed).
The residual signal (a phone number reported as spam on a given date under a given category) is not reasonably linkable back to you.
The retention serves a clear legitimate interest — operating the block list that protects all users, including the one who deleted their account.

If you believe this approach does not satisfy your specific legal right under applicable law, email [email protected] and we will evaluate your case individually.

10. The Block List — What It Contains and What It Does Not

The Ringdocket block list is a file of phone numbers that have been reported by our users as associated with spam, scams, robocalls, or abusive telemarketing.

The block list contains phone numbers. It does not contain personal information about the owners of those numbers. We do not know who owns a phone number, we do not collect owner identity, and we do not publish any identity information we happen to learn.
Numbers are added only after at least three independent verified accounts have reported the same number within a 14-day window, from distinct devices and distinct /24 IP subnets.
The block list is distributed to subscribed devices through Apple's Call Directory Extension. Matching happens on your device. We do not see what numbers called you.
A number owner may request removal from the block list by submitting the public form at ringdocket.com/report-an-error. We review requests within 10 business days. Decision criteria and appeal rights are described in our Terms of Service.
We do not label any number as "confirmed spam" or "scam." Our public copy uses language like "reported by N users as spam" or "linked by public FTC complaint data to [campaign name]" — and distinguishes reported facts (what users submitted) from inferred signals (activity decay) from enforcement-confirmed facts (public FTC or FCC actions).

11. Data from Public Government Sources (FTC, FCC)

Ringdocket incorporates data from the FTC National Do Not Call Registry complaint feed, an open dataset published by the United States Federal Trade Commission. This data is a government work in the public domain under 17 U.S.C. §105.

We also ingest publicly posted FCC enforcement press releases and Industry Traceback Group public traceback listings for the purpose of attributing takedown events to specific numbers and campaigns.

We do not partner with, endorse, or operate on behalf of the FTC, FCC, ITG, or any government agency. Our use of their published data is that of any member of the public.

Where attribution is required by the terms of a given public dataset, pages displaying derived data carry an attribution footer such as "Includes data from the FTC National Do Not Call Registry."

12. Cookies, Analytics, and Tracking

12.1 Cookies

ringdocket.com uses cookies strictly for session authentication and basic security features (CSRF protection, rate-limit cookies). We do not set advertising cookies. We do not embed third-party advertising or retargeting pixels.

12.2 Product analytics (PostHog)

We use PostHog to understand how users interact with the Service. PostHog collects page views, feature interaction events, and device type. Before you log in, these events are anonymous (a PostHog-assigned anonymous ID). After you log in, we associate the events with your account identifier so we can answer questions like "did Founding Flaggers use the trending view more than monthly subscribers."

We do not enable session replay on any authenticated route. If session replay is ever used for debugging on authenticated pages, all phone numbers and personal identifiers will be masked at the DOM level before recording.

12.3 Crash reporting (Sentry)

Sentry collects stack traces and device metadata when the app or web dashboard crashes. A beforeSend hook scrubs phone numbers (E.164 pattern) and UUIDs from breadcrumbs and extra context before the event is transmitted. We use Sentry data only to fix bugs.

12.4 No cross-site tracking

We do not use Apple's IDFA. We do not participate in any cross-site or cross-app tracking network. We do not sell analytics data to data brokers.

12.5 Do Not Track

We honor browser-level Do Not Track signals and Global Privacy Control (GPC) signals as an opt-out of non-essential analytics. Authentication cookies and security cookies remain active because they are necessary to deliver the Service.

13. Children's Privacy

Ringdocket is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has created an account on the Service, email [email protected] and we will delete the account and any associated data.

14. Security

We take reasonable technical and organizational measures to protect personal information. These include:

Row-level security policies on all application tables in our database.
Runtime-only storage of service-role secrets. Production secrets are never embedded in build artifacts or checked into source control.
Cloudflare rate limiting on abuse-prone endpoints.
Encrypted transport (TLS) for all traffic between your device, our servers, and our subprocessors.
Point-in-Time Recovery on the primary database.
Log retention and audit trails for forensic review.

No system is perfectly secure. If we experience a security incident that compromises your information, we will notify you and the appropriate state attorney(s) general consistent with applicable breach notification law (see §15 of the Terms of Service for our incident-response commitments).

15. International Users

The Service is offered in V1 to users in the United States only. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which has different data protection laws than your home jurisdiction.

We do not currently offer the Service in the European Economic Area, the United Kingdom, or Canada. If we expand to those jurisdictions in the future, we will update this policy to describe additional rights, including GDPR data subject rights and CASL obligations.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change — a change that reduces your rights, expands the categories of data we collect, changes subprocessors in a way that meaningfully affects you, or otherwise changes how your information is used — we will provide at least 30 days' advance notice by email to the address on your account before the change takes effect.

Non-material changes (typos, clarifications, formatting) will be reflected by updating the "Effective date" at the top of this policy.

An archive of prior versions is available on request by emailing [email protected].

17. Contact Information

By email: [email protected]
By appeal: [email protected]
By mail:

Ringdocket
c/o LIGHTHOUSE 27 LLC
[TODO: Add LIGHTHOUSE 27 LLC mailing address before App Store submission]

The governing law for this policy is the law of the State of Delaware, without regard to its conflict-of-laws principles, except where a specific state statute (for example, CCPA, VCDPA, CPA, CTDPA) creates rights under another state's law for residents of that state, in which case the applicable state law governs those specific rights.

End of Privacy Policy. For the Terms of Service governing use of the Service, see /terms.