ExpatPhone ExpatPhone ← Back to home

Privacy Policy

Last updated: April 9, 2026

1. Introduction

Welcome to ExpatPhone. We are a Germany-based company providing a SaaS web application that enables real-time AI-powered voice call translation across 50+ languages.

This Privacy Policy explains what personal data we collect when you use our service at https://expatphone.app, why we collect it, how we use and protect it, and what rights you have over your data.

Because we are based in the European Union (Germany), this policy is designed to comply with the General Data Protection Regulation (GDPR). We also comply with applicable US telecom requirements (including CTIA guidelines) for SMS communications.

By using ExpatPhone, you confirm that you have read and understood this policy.

2. Data We Collect

We collect only what is necessary to provide and improve our service:

  • Phone number — collected during account registration and used to verify your identity via one-time passcode (OTP) SMS.
  • Account data — information you provide when setting up or managing your account (e.g., language preferences, plan details).
  • Usage data — records of calls made through the service, including call duration, languages used, and other service interaction logs. We do not record or store the content of your conversations unless you explicitly opt in to a feature that requires it.
  • Device and technical data — IP address, browser type, operating system, and other standard technical identifiers collected automatically when you access our platform. This data helps us maintain security and diagnose technical issues.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Account authentication — to verify your phone number and issue a secure one-time passcode (OTP) via SMS so you can sign in safely.
  • Providing our core service — to enable real-time voice call translation and all related features of the ExpatPhone platform.
  • Improving the service — to analyse usage patterns, fix bugs, and develop new features. Any analysis for improvement purposes is performed on aggregated or anonymised data wherever possible.
  • Security and fraud prevention — to detect and respond to suspicious activity, abuse, or unauthorised access attempts.
  • Legal obligations — to comply with applicable laws, regulations, or lawful government requests.

The legal basis for processing your data under GDPR is:

  • Contract performance (Art. 6(1)(b)) — processing necessary to deliver the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c)) — where required by law.

4. SMS Communications

By registering with ExpatPhone and providing your phone number, you consent to receive transactional SMS messages from us. These messages are strictly operational in nature and include:

  • One-time verification codes (OTP) for account sign-in and authentication
  • Service notifications directly related to your account or active calls

We do not send marketing or promotional SMS messages.

📱 Message frequency may vary depending on your account activity.

💰 Message and data rates may apply based on your mobile carrier plan.

🛑 To opt out, reply STOP to any SMS we send. You will receive a confirmation and no further messages will be sent, except as required for account security.

For help, reply HELP to any SMS, or contact us at support@expatphone.app.

5. Data Sharing

We do not share, sell, or rent your mobile information with third parties for marketing or promotional purposes.

We may share your data with trusted infrastructure providers who help us operate the service. These include:

  • SMS delivery providers — to send OTP and service notifications to your phone number.
  • Cloud hosting and infrastructure providers — to host and operate our platform securely.
  • Payment processors — if applicable, to handle subscription billing.

All third-party providers are contractually bound to handle your data only as instructed by us and in compliance with applicable data protection laws. Where required by GDPR, we have signed Data Processing Agreements (DPAs) with these providers.

We may also disclose data when required by law, court order, or to protect the rights and safety of our users or the public.

6. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes described in this policy, or as required by applicable law.

  • Account data is retained for the duration of your account and deleted within 30 days of account closure upon your request.
  • Usage logs are retained for up to 12 months for security and operational purposes, then anonymised or deleted.
  • Technical and device data may be retained for up to 6 months for fraud prevention and debugging.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right to access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — you can request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing — you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability — you can request your data in a structured, machine-readable format.
  • Right to object — you can object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@expatphone.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Security

We implement reasonable technical and organisational safeguards to protect your personal data against unauthorised access, loss, or misuse. These include encryption in transit (TLS), access controls, and regular security reviews.

While we take data security seriously, no system is completely immune to risk. In the unlikely event of a data breach that affects your rights, we will notify you and the relevant supervisory authorities as required by GDPR.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our service or legal requirements. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via email or an in-app notice.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out to us:

ExpatPhone

Germany

Email: support@expatphone.app

Privacy policy URL: https://expatphone.app/privacy