EVICAM® Privacy Policy

Introduction

Welcome to EVICAM®, a secure, verified media sharing application owned and operated by ZDTech LLC, a Delaware corporation located at 16192 Coastal Hwy, Lewes, Delaware US 19985 (“Company,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the EVICAM® mobile application and website (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy, our Terms & Conditions, and our End User License Agreement. If you do not agree with our policies and practices, do not use our Service.

Our Zero-Knowledge Privacy Architecture

EVICAM® is designed with privacy-first principles using a zero-knowledge architecture. This means:

• Local Storage by Default: All verified media files are stored locally on your device and are never transmitted to our servers unless you explicitly choose to share them
• Device-Only Private Keys: Your encryption private keys are generated and stored exclusively on your device and never transmitted to or accessible by our servers
• In-Memory Contact Processing: When you grant contact access, contact information is processed only in device memory for synchronization purposes and is never stored on our servers
• End-to-End Encryption: All shared content is encrypted with keys only you control

Information We Collect

Personal Information

We collect minimal personal information necessary to provide our Service:

• Account Information: Phone number for account creation and authentication, and optional email address for account recovery
• Contact Synchronization: With your explicit permission, we access your device contacts to facilitate secure sharing. Contact information is processed in-memory only and never stored on our servers
• Payment Information: Transaction details for token purchases are processed by Apple App Store or Google Play Store. We only receive confirmation of successful purchases, not your payment details

Verified Media and Metadata (Local by Default)

When you capture verified media in the app:

• Local Media Files: Photos and videos (up to 10 seconds) are stored locally on your device with cryptographic verification
• Verification Metadata: GPS location, timestamp, device information, resolution, and GPS accuracy are embedded locally in media files for authenticity verification
• Shared Media Only: Media files are only uploaded to AWS S3 with end-to-end encryption when you explicitly choose to share them via chat or web link

Communications Data (Encrypted)

For shared content and communications:

• Encrypted Messages: Chat messages are stored in Firebase Firestore with AES-256-GCM encryption using ECDH-derived session keys
• Sharing Records: Minimal metadata about shared content (recipient IDs, share timestamps) for delivery and access control
• Token Usage: Records of token transactions and balances for billing and service limits

Technical and Usage Data

We collect limited technical information to maintain and improve our Service:

• Device Information: Device model, operating system version, app version for compatibility and support
• Usage Analytics: Aggregated, anonymized usage patterns to improve app performance and features
• Error Reports: Crash reports and error logs to identify and fix technical issues (no personal content included)

How We Use Your Information

We use your information solely to provide and improve our Service:

• Service Provision: Account creation, authentication, media verification, and secure sharing functionality
• Security and Verification: Cryptographic verification of media authenticity using embedded metadata and digital signatures
• Payment Processing: Managing token purchases, usage limits, and sharing quotas
• Communication: Facilitating end-to-end encrypted messaging between users
• Technical Support: Responding to your inquiries and providing customer support
• Service Improvement: Analyzing aggregated usage patterns to enhance app functionality and user experience
• Legal Compliance: Meeting legal obligations and protecting our rights and users’ safety

Information Security and Protection

We implement industry-leading security measures to protect your information:

• End-to-End Encryption: All shared media and messages are encrypted with AES-256-GCM using ECDH-derived keys that only you control
• Local Key Management: Private encryption keys are generated and stored exclusively on your device using secure device storage (iOS Keychain, Android EncryptedSharedPreferences)
• Secure Transmission: All data in transit is protected using TLS 1.3 encryption
• Access Controls: Shared media is accessible only to authorized recipients via unique user IDs or password-protected links
• Screenshot Protection: Implementation of platform-specific screenshot deterrence (Android FLAG_SECURE, iOS screenshot detection)
• Secure Cloud Storage: Shared media stored in AWS S3 with server-side encryption and time-limited access URLs
• Data Minimization: We collect and retain only the minimum data necessary to provide our Service

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

• With Your Consent: When you explicitly choose to share media with specific users or via web links
• Service Providers: With trusted third-party services (AWS, Firebase, Apple/Google) under strict contractual data protection obligations
• Legal Requirements: When required by law, court order, or to protect our rights, property, or safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification and consent options)
• Safety and Security: To prevent fraud, abuse, or illegal activities (only when necessary and in accordance with applicable law)

Your Rights and Choices

You have significant control over your information and privacy:

• Permission Controls: Manage camera, location, storage, and contact permissions in your device settings
• Data Deletion: Delete individual chats, media, or your entire account through the app settings
• Key Export: Export your private key backup file (evicam_[phonenumber]_secret.txt) for safekeeping
• Sharing Control: Revoke access to shared media and web links at any time
• Contact Access: Revoke contact permissions without affecting core app functionality
• Account Deletion: Permanently delete your account and associated data from our systems

Data Retention and Deletion

Our data retention practices prioritize user privacy:

• Local Media: Remains on your device until you delete it
• Shared Content: Stored encrypted on our servers only while actively shared; deleted when sharing is revoked
• Account Data: Retained while your account is active and for a reasonable period after deletion for legal and security purposes
• Analytics Data: Aggregated, anonymized data may be retained for service improvement
• Legal Retention: Some data may be retained longer to comply with legal obligations or protect our rights

International Data Transfers and Compliance

EVICAM® operates globally with privacy law compliance:

• Data Processing Locations: Data may be processed in the United States (AWS, Firebase) with appropriate safeguards
• GDPR Compliance: For EU users, we provide enhanced rights including data portability, erasure, and consent management
• Transfer Safeguards: Standard contractual clauses and encryption protect international data transfers
• Local Data Laws: Compliance with applicable privacy laws in your jurisdiction

Children’s Privacy

EVICAM® is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy with a new “Last Updated” date
• Sending an in-app notification or email notice for significant changes
• Requesting renewed consent where required by law

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: