RotaTalk Privacy Policy

Last Updated: October 3, 2025

1. Introduction

RotaTalk ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service"). RotaTalk is the data controller responsible for your personal data.

2. Age Restriction

You must be at least the minimum age of digital consent in your country, or the age specified by the app's local rating on your device's app store (such as the App Store or Google Play), whichever is higher, to use the Service. We do not knowingly collect or process personal data from individuals under this age.

2.1. Child Safety Standards

RotaTalk is committed to maintaining a safe and respectful environment for all users, including minors.

  • We strictly prohibit any content related to child sexual abuse material (CSAM).
  • Users can report any child safety concerns directly within the app.
  • All reports are reviewed promptly, and appropriate actions are taken in compliance with applicable laws.
  • We cooperate with regional and national authorities when necessary to ensure child safety.

For any concerns or reports related to child safety, please contact us at: support@rotatalk.com.

3. Information We Collect and Legal Basis

3.1. Information You Provide

  • Username: Required to ensure unique identification within channels and prevent impersonation (Legal basis: Contractual necessity)
  • First and Last Name: Required to verify real person usage and maintain platform integrity (Legal basis: Legitimate interest)
  • Profile Picture: Optional, allows users to present themselves professionally (Legal basis: Consent)
  • Email Address: Required for account management and essential communications (Legal basis: Contractual necessity)
  • Phone Number: Required for alternative contact method and account verification (Legal basis: Contractual necessity)
  • Voice Messages: Required for Voice Chat communication (Legal basis: Contractual necessity)
  • Customer Support Communications: Processed when you contact us (Legal basis: Legitimate interest)
  • User Blocking Data: We store blocking relationships (blocker user ID, blocked user ID, and timestamp) to enforce user-to-user blocking for safety and user control. This data enables mutual blocking functionality where blocked users cannot see, hear, or interact with each other (Legal basis: Legitimate interest in providing safety features)

3.2. Automatically Collected Information

  • Device Information: Basic device type and operating system for service optimization (Legal basis: Legitimate interest)
  • Device Identifiers: Android SSAID and generated device IDs for security, analytics, and cross-device ban enforcement (Legal basis: Legitimate interest)
  • Location Data: Required for service functionality and user safety (Legal basis: Contractual necessity)
  • Performance Data: App crashes and technical issues for service improvement (Legal basis: Legitimate interest)
  • Analytics Data: User interaction patterns, feature usage, and behavioral analytics for service improvement (Legal basis: Legitimate interest)

3.3. Third-Party Analytics and Services

We use the following third-party services that may collect and process your data:

  • Amplitude Analytics: Collects usage analytics including device identifiers, user interactions, session data, and behavioral patterns to improve our service
  • Sentry: Collects crash reports and error logs including device information and application state for service improvement
  • OneSignal: Manages push notifications and collects device tokens, user preferences, and notification interaction data
  • Resend: Handles authentication emails including verification codes, password resets, and account notifications. Processes email addresses and delivery status information
  • Firebase Test Lab Detector: Used to detect Google Play Store testing interactions to filter them from analytics data
  • Google Maps: Displays location data and may collect map interaction statistics

Each service operates under their respective privacy policies and may use data for their own analytics purposes.

4. Data Retention

  • Account and profile information: Retained as long as your account is active
  • Location data: Only last known location is stored
  • Voice messages: Deleted immediately after successful delivery
  • Performance data (crash logs): Retained for 90 days
  • Device identifiers (SSAID): Retained indefinitely for security and ban enforcement
  • Analytics data: Retained for 2 years for service improvement
  • Push notification tokens: Retained until user opts out or app is uninstalled
  • Upon account deletion request: All personal data is permanently deleted within 30 days

You can request account deletion through Menu β†’ Account β†’ Account Deletion. Once requested, your account and associated data will be permanently deleted after a 30-day grace period.

5. Location Services

5.1. Manual Location Sharing ("Go Live")

Complete Control: Location sharing is fully manual and under your control. You must actively tap "Go Live" to share your location with others in your channel. This sharing is session-based and temporary.

  • Manual Action Required: Location sharing only happens when you tap "Go Live"
  • Session-Based: Sharing automatically stops when you leave a channel or close the app
  • Mutual Benefit: To see others on the map, you must first share your own location by going "Live"
  • Always Controllable: You can manually stop sharing at any time with the "Stop" button

5.2. Location Permission vs. Location Sharing

There's an important distinction between having location permission and sharing your location:

  • Location Permission: Allows the app to show your own position on the map and provide safety features
  • Location Sharing ("Go Live"): Makes your location visible to other users in your channel - this requires your explicit action
  • Last Known Location: For safety and emergency purposes, the app may retain your last known location, but this is NOT shared with other users unless you are "Live"

6. Device Permissions

Our application requires the following device permissions:

  • Microphone Access: Required for push-to-talk voice communication
  • Location Access: Required for service functionality and user safety as detailed in Section 5
  • Notification Access: Required for push notifications and service updates

You can manage these permissions through your device settings, though some features may not function without required permissions.

7. Voice Communication Security

  • Voice transmissions are secured using Transport Layer Security (TLS) 1.3
  • No voice data is permanently stored on our servers
  • Voice transmission security is regularly audited and updated

Important Notice - Microphone Usage: While your microphone is active, everything you say can be heard by other users in the channel. RotaTalk does not record, monitor, or supervise any content spoken through your microphone when it is active. You are entirely responsible for when your microphone is turned on and off. Always exercise caution to ensure your microphone is not unintentionally left on. Users are solely responsible for all content spoken or heard during voice communication sessions.

8. International Data Transfers

Our services are hosted on servers located within the European Union. We ensure compliance with GDPR and other applicable data protection laws through:

  • Use of EU-based infrastructure
  • Standard Contractual Clauses with service providers
  • Regular security assessments
  • Appropriate technical and organizational measures

9. Data Security and Breach Notification

We implement appropriate technical and organizational measures to protect your personal data. In the event of a personal data breach, we will:

  • Notify relevant supervisory authorities within 72 hours
  • Inform affected users promptly if the breach is likely to result in a high risk to their rights and freedoms
  • Provide information about the breach and steps taken to mitigate risks
  • Document all breaches and remedial actions taken

10. Tracking Technologies

Our mobile application does not use cookies but does use analytics and error tracking services as described in Section 3.3. Device identifiers and analytics data are collected for service functionality, security, and improvement purposes as outlined in Section 3.2.

11. Your Rights and How to Exercise Them

Under GDPR and KVKK, you have the following rights:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Object to data processing
  • Request manual export of your profile and account information

To exercise these rights, contact us at support@rotatalk.com. We will respond to your request within 30 days. For account deletion, use Menu β†’ Account β†’ Account Deletion.

12. Changes to Privacy Policy

  • We will notify you of any significant changes to this policy
  • Changes will be communicated through in-app notifications
  • 30-day notice will be provided when possible
  • Continued use of the service after changes constitutes acceptance

13. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

support@rotatalk.com

14. Change Log

October 3, 2025

  • Updated account deletion path: Changed from "Menu β†’ Privacy & Safety β†’ Account Management β†’ Account Deletion" to "Menu β†’ Account β†’ Account Deletion" for improved discoverability and compliance with App Store guidelines

September 29, 2025

  • Initial version published

Β© 2025 RotaTalk. All rights reserved.