Legal

Strtalk - Privacy notice

Back to legal

PRIVACY NOTICE

1. Introduction

1.1 Description STRTALK’s privacy core

STRTALK app is a secure instant messaging application that uses the proprietary Voice Over Blockchain Protocol (VOBP) to enable encrypted, private communication. Designed and developed by CryptoDATA, STRTALK ensures that all messages, voice calls, and file transfers are protected with advanced encryption standards.

Unlike traditional encryption methods where keys may be exchanged or stored on centralized servers, VOBP establishes a direct encrypted channel between users without exchanging encryption keys via a server. This eliminates the risk of key interception or unauthorized access. Communication remains entirely private and tamper-proof, as STRTALK itself cannot access the content of messages, calls, or file transfers. The result is a decentralized, censorship-resistant environment that prioritizes user privacy at its core.

To this effect, STRTALK will only have access to the account information that you will provide (e.g. telephone number and user ID), limited metadata, such as the time a message was sent or the user IDs involved in a conversation, but it does not have access to the content of the communication itself. All conversations remain private and protected against unauthorized access, even from STRTALK.

1.2. Who we are and how to contact us

For the purposes of this Privacy Policy:

● The terms “STRTALK”, “MATRIX ID”, and “VOBP” refer collectively to features and functionalities made available through the STRTALK chat application.

● The term “Service” refers to the STRTALK application and all communication services provided through it by SOURCELESS INC.

● References to “we”, “us”, or “STRTALK” throughout this document shall be understood as referring to SOURCELESS INC., which operates under the trading name STRTALK.

STRTALK is the Data Controller for your data. We can be contacted at support@strtalk.net.

Should you have other questions or concerns about this document, please send us an email to support@strtalk.net.

1.3 Scope of this document

This document explains how we process personal data, as it relates to:

● STRTALK chat app regular users: individuals who download, install, and use the STRTALK messaging application on a mobile device or desktop, whether by creating an account or interacting with the app’s features, including messaging, voice calls, and file sharing.

● Matrix ID users: individuals who access the STRTALK application using a unique identifier (Matrix ID) assigned by an organization that uses STRTALK as its internal or external communication tool. These users do not register via phone number, but instead log in through a dedicated authentication method provided by their organization. They use STRTALK within the scope of that organizational account, which may involve specific usage settings or privacy controls managed by the organization

This document does not cover:

● Your legal relationship with STRTALK as a communication service provider

This Privacy Policy focuses only on how we handle your personal data. It does not govern the terms under which you use the STRTALK application or any services we provide. For information about your rights, obligations, and the rules that apply to the use of the STRTALK app, please refer to our Terms of Service.

● Services or infrastructure not provided by STRTALK

If you access STRTALK through an account provided by an organization (e.g. using a Matrix-compatible ID), please note that certain elements of your account or communication environment may be managed by that organization. In such cases, that organization may act as an independent data controller and may apply its own privacy terms. Please refer to their privacy documentation where applicable.

● The CCOIN service

This Privacy Policy does not apply to CCOIN, which is a separate service provided by CCOIN FINANCE CORPORATE STRUCTURE CO., LTD, an independent company. Any payment or financial services you access through the STRTALK app interface are provided by CCOIN FINANCE CORPORATE STRUCTURE CO., LTD under its own terms and conditions and privacy policy. These will be displayed in the app via API but originate from CCOIN FINANCE CORPORATE STRUCTURE CO., LTD. All questions or matters relating to payments and financial services should be addressed in accordance with those terms and not this Privacy Policy.

1.4 Changes to this document

We may update this Privacy Policy from time to time. The updated version will always be available within the STRTALK app or on our website and will include the date it becomes effective.

By continuing to use the STRTALK app or its services after any changes take effect, you agree to be bound by the updated Privacy Notice. Your access to and use of STRTALK will always be subject to the most recent version of this document.

2. Access to Your Data

2.1 What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)?

2.1.1 Purpose and legal basis for processing

Purpose Legal Basis (Art. 6 GDPR)

1. To create and manage your STRTALK account (phone number-based or organization-based MATRIX ID) Art. 6(1)(b) – Processing is necessary for the performance of a contract (i.e. provision of the STRTALK service).

2. To enable core app functions, such as messaging, voice calls, and file sharing Art. 6(1)(b) – Processing is necessary for the performance of a contract.

3. To maintain the security and integrity of the communication infrastructure (e.g. encryption, prevention of abuse, spam detection) Art. 6(1)(f) – Legitimate interest in ensuring the security and reliability of our services.

4. To transmit encrypted message content and metadata necessary for delivery Art. 6(1)(b) – Necessary for the performance of a contract.

5. To provide customer support and respond to inquiries Art. 6(1)(b) – Necessary for the performance of a contract; and/or Art. 6(1)(f) – Legitimate interest in user support.

6. To comply with legal obligations (e.g. anti-abuse measures, responding to lawful requests) Art. 6(1)(c) – Necessary for compliance with a legal obligation.

7. To send important service-related notices (e.g. updates to terms, critical technical issues) Art. 6(1)(c) – Legal obligation; and/or Art. 6(1)(f) – Legitimate interest in informing users.

8. To analyze app usage for improving performance and security (on an anonymized or aggregated basis) Art. 6(1)(f) – Legitimate interest in improving and maintaining our service.

9. To manage relationships with enterprise clients or organizations providing user access Art. 6(1)(f) – Legitimate interest in delivering services under enterprise contracts.

10. To sync contact information from your device with your explicit consent. This functionality is optional. Art. 6(1)(a) – Consent.

2.1.2 Data ownership - messaging and file data within STRTALK

STRTALK is designed with privacy and user autonomy in mind. All messages, voice calls, and file transfers that take place through the STRTALK app are exclusively owned and controlled by the individual users who send or receive them. STRTALK does not claim any ownership over your communication data, nor does it store, access, or back up the content of your chats.

All data transmitted through the STRTALK app is end-to-end encrypted and stored only locally on the user’s device. This design ensures that users retain full control over their own communication data but also means that STRTALK has no technical ability to retrieve, access, or restore any lost or deleted content.

This means that if you log out, uninstall the app, or reset your device, that data will be permanently deleted from that specific device, and STRTALK cannot restore it. However, if you have connected your STRTALK account to another device—such as a desktop app—some of your messages and files may still exist locally on that desktop device, even if you log out from your phone. This is because each device maintains its own copy of the data locally.

As a result, the responsibility for preserving and managing communication data rests solely with the user. Users should take care to export or secure any information they wish to retain before signing out of the app, uninstalling the app or performing a device reset.

2.1.3 Your rights as data subject

You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:

1. The right to be informed

2. The right of access

3. The right to rectification

4. The right to erasure

5. The right to restrict processing

6. The right to data portability

7. The right to object

8. Rights in relation to automated decision making and profiling.

2.2 What information do you collect about me and why?

The information we collect is for the purpose of supporting your management of hosted homeservers, or to support operational maintenance of the STRTALK apps. We do not profile homeserver Users or their data, but we might profile metadata pertaining to the configuration and management of hosted homeservers so that we can improve our products and services.

2.2.1 Information you provide to us:

We collect information about you when you input it to the STRTALK app or otherwise provide it directly to us.

Customer account information

We collect information when you register for an account. This information is kept to a minimum on purpose, and is restricted to:

● Email address

● Matrix ID

● User name that you wish to be displayed within the STRTALK App

● Profile picture that you upload

To make it easier for others to recognize you and connect with you, certain basic profile elements in STRTALK may be visible to other users. This includes your screen name, profile picture (if you choose to set one), and username (where applicable). These elements are intended to help identify you within the STRTALK network, but you are not required to use your real name.

STRTALK does not request or process information such as your real name, gender, age, or personal preferences. What you choose to share is entirely up to you.

If someone has saved your contact details in their device, STRTALK will display you using the name they have assigned in their own contacts — not necessarily your chosen screen name. This means your identity remains flexible and context-sensitive: for example, your friend might see you as “Bestie,” while a coworker sees “Project Lead,” regardless of what your public screen name is.

This approach gives you control over how you're seen publicly, while preserving familiarity and privacy in personal communications.

STRTALK can optionally discover which contacts in your address book are STRTALK users, using a service designed to protect the privacy of your contacts. Information from the contacts on your device may be cryptographically hashed and transmitted to the server in order to determine which of your contacts are registered. We ask your permission before syncing your contacts.

2.2.2 Information we collect automatically as you use the service:

When you use the STRTALK app, certain types of information are collected automatically to help us operate, secure, and improve our services. This data is limited to what is necessary and is not used to profile or track users beyond what is required for legitimate technical and security purposes.

Connection information

Technical information is stored on our servers, including randomly generated authentication tokens, keys, push tokens, and other material that is necessary to establish calls and transmit messages. STRTALK limits this additional technical information to the minimum required to operate the services.

STRTALK does not use cookies or device identifiers for advertising or user profiling purposes. Only strictly necessary session cookies or tokens may be used for authentication and secure access.

Usage information

STRTALK collects minimal usage data, strictly limited to what is necessary to ensure the reliability and technical functionality of the application. This may include:

● Basic system events such as successful login or logout;

● Error reports and minimal crash data when a technical issue occurs.

We do not track your behavior within the app, such as which features you use or how often you use them. No detailed usage profiling, feature analytics, or behavior monitoring is performed.

Location Information

STRTALK does not collect or process your location information.

While the app may include a feature that allows you to share your location with other users (e.g. in a chat), this information is end-to-end encrypted and shared directly between users. It is stored only on the devices involved in the conversation and is not sent to or accessible by STRTALK.

Even though your general location could technically be inferred from your IP address, we do not use, extract, or store it as location data, and it is not processed for location tracking or profiling.

STRTALK Calls

To provide the STRTALK Call service, including audio and video calls, STRTALK processes network and usage information including IP addresses for the participants. Additionally, STRTALK collects participant usernames as well as timestamps and data associated with the type of call (e.g. audio or video).

STRTALK Call is end-to-end encrypted, therefore no additional data about calls is processed.

2.4 Sharing data in compliance with enforcement requests and applicable laws; Enforcement of our rights

We will also notify users of any legal request concerning their data whenever legally allowed, and we will never voluntarily assist in surveillance or mass data access programs.

STRTALK is committed to respecting user privacy and protecting communication confidentiality. In exceptional circumstances, we may be legally required to share limited information about users with competent authorities or third parties. Even in these circumstances, STRTALK applies a strict data minimization policy and will challenge vague, unlawful, or overly broad data requests to the fullest extent permitted by law. We will not voluntarily disclose user data unless legally compelled to do so.

Even when legally obligated to respond, what we can provide is extremely limited due to the privacy-by-design architecture of STRTALK:

● All user communication is protected with end-to-end encryption based on a peer-to-peer architecture via VOBP.

● Encryption keys are generated locally on each user’s device and are never transmitted to, stored by, or accessible to STRTALK.

● We have no technical capability to decrypt or access any message content, voice call, or file shared between users.

● We do not store communication content on our servers.

3. Information we may share

We work with third parties to provide some of our services. For example, our third-party providers send a verification code to your phone number when you register for our Services. These providers are bound by their privacy policies to safeguard that information.

4. Storage Period

Where we have not explicitly stated a retention period in this privacy policy, the following applies: We will only process your personal data for as long as is necessary to achieve the purpose of the processing. As soon as the purpose of the processing no longer applies, we will delete your data immediately, unless there are legitimate reasons within the meaning of the applicable legal regulations (e.g. Art. 17 sec. 3 GDPR), such as in particular legally prescribed retention periods, to prevent deletion. In this case, the data will be deleted immediately after the retention period has expired.

Data that we process on the basis of your consent will be deleted immediately after you withdraw your consent, unless statutory regulations prevent deletion.

5. Making a complaint

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at support@strtalk.net if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you want to make a complaint about the way we have processed your personal information to the competent supervisory authority.

7. Third-party payment services (CCOIN)

7.1 Payment Information

STRTALK does not process or store any payment-related data. When you choose to use CCOIN to send or receive payments, you are interacting with a separate financial service provided by CCOIN FINANCE CORPORATE STRUCTURE CO., LTD, which operates independently from STRTALK.

All payment data, including credit card and transaction information, is handled directly by CCOIN and its licensed payment processing partners. STRTALK does not have access to your payment credentials or financial data. You should refer to the CCOIN Terms and Conditions and Privacy Policy for full details on how your payment information is handled.

7.2 Shipping and Billing Information

In cases where CCOIN is used for purchasing goods or services, you may be asked to provide shipping or billing details. This information is shared only with the relevant merchant or service provider to complete your order. STRTALK does not access or store this information.

If CCOIN offers you the option to store shipping details for future use, you can opt in explicitly. You may also request deletion of this information at any time, and CCOIN will process such requests promptly.

7.3 Clearing Payment Information

You may remove any saved payment or shipping information linked to your CCOIN account by accessing your CCOIN settings. Upon request, CCOIN will delete:

● All locally stored payment tokens;

● Saved shipping information;

● And will instruct its payment providers to delete your stored card data, where technically possible.

Please refer to CCOIN’s in-app settings or customer support channels for step-by-step guidance.

7.4 Payment Disputes

STRTALK does not mediate or intervene in payment disputes, refunds, chargebacks, or transaction issues processed through CCOIN. Since STRTALK has no access to payment data or transaction records, it is not in a position to investigate or resolve any financial disputes.

For any payment issues, including unauthorized charges, refund requests, or chargebacks, you must contact:

● The merchant or service provider;

● The relevant payment provider;

● Or your issuing bank or financial institution.

CCOIN will cooperate with payment processors and authorities in accordance with applicable law, but the responsibility for payment resolution lies solely with the financial parties involved.