Your Privacy is our Priority
Truecaller’s mission is to build trust in communication. Data privacy is one of Truecaller’s highest priorities. Consequently, we have taken the utmost care when designing and implementing our privacy policies. All our users have the power to control and protect how their personal information is displayed for others.
We ask for permissions only when necessary
The world of communication is getting more complex day by day. At Truecaller, we are committed to making communication safer, smarter, and more efficient. We want to make sure that you fully understand the permissions we need to make Truecaller function how you want.
You can choose to provide a few optional permissions (such as location, camera, and microphone) depending on the features you intend to use. Also, you can deactivate these permissions in the app or on your device anytime. Read more about this in the permissions section.
We do not sell phone numbers
Building a leading global platform for verifying contacts and blocking unwanted communications also means that we are responsible for keeping your data safe. We do not sell our users’ names or phone numbers to third parties. In order to maintain our freemium subscription service, we collaborate with advertising partners but would never sell your personal data.
We’re committed to complying with applicable data protection laws
Truecaller is a truly global company and consequently subject to many different data protection regulations in the countries where we are present. We closely track the data privacy regulations to make sure that we proactively adopt good practices and are ready to comply with them. We also allocate significant resources to take the necessary steps to remain compliant.
Users can easily exercise their rights and get support
Users can edit their profile in the application at any time, access the personal information associated with their account, rectify it if it is inaccurate or incomplete, or deactivate their account via our Privacy Centre. We have also built a data portability feature that allows users to download a copy of all their information in a readable digital format. We have a dedicated team to address any questions or complaints related to our application or the processing of personal information.
Key Product Principles
Privacy by Design and Default
We seek implications at an early stage in ideation, and embed privacy into the design and architecture of IT systems and business practices. Privacy is integral to the system and all components of Truecaller are proactive in looking at the privacy implications of any new features.
We seek to deliver the maximum degree of privacy by ensuring that personal data is automatically protected in any given IT system or business practice and that no action is required on the part of the individual to protect their privacy — it is built into the system, by default.
For example, when users register, by default the profile details are private to users who search by name. Users cannot access the phone number by looking up a name unless a user approves this contact request. This enables us to show data in a way that is compliant, ethical, and trusted. It is also easy to un-list if a person does not want their information to be on Truecaller unless identified as a spammer.
We are committed to limiting the collection, storage and usage of personal data to only data that is relevant to carry out the function for which it is processed. Further, we ensure that this necessary and adequate data is collected and processed in the shortest period of time to achieve the desired function.
Security and Response
We have stringent measures in place and a strong DNA in the company to do what is best for our users. Truecaller data is safe and has the highest levels of protection. All software developed to operate its core services has been developed in-house primarily using open-source technologies. We protect our assets against unintentional or unauthorized access, alteration or destruction during storage, transmission, and dissemination. For example,
- All data we hold is encrypted at rest and we maintain strong encryption methods to avoid and reduce the surface of any attacks.
- We do not store any credentials and apply a one-time password (OTP) for logging on to our application.
- We encrypt communication when transmitting data via Transport Layer Security (TLS).
- We adhere to industry leading standards, such as NIST Cybersecurity Framework, ISO-27000 Series and SANS CIS.
Incident response plan
We have adopted a well-established incident response plan, making it clear for all our employees how to recognize and deal with a cybersecurity incident like a data breach or cyber-attack. For example, incident management, continuity planning, procurement and development, and external operations and service.
We make relevant training documents such as Employee Handbook, Group Data Governance Policy, Data Breach Response Policy, Cyber Security and Code of Conduct available via company intranet to ensure that employees have access to such documents in a simple and accessible way. We continuously hold awareness activities across the company to make sure that Truecallers receive continuous training on data protection and security.