Privacy Policy

Your privacy is fundamental to everything we do at Froorio. This policy explains how we protect your data and respect your rights.

Last updated: January 2025
Contents

Introduction

Froorio ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use the Froorio messaging application ("the App").

Our Core Principle: We cannot read your messages, listen to your calls, or access your files. Everything is encrypted end-to-end using post-quantum cryptography. We collect the absolute minimum data necessary to provide our service.

By using Froorio, you agree to this Privacy Policy. If you do not agree with our practices, please do not use the App.

What We Collect

We collect only what is strictly necessary to operate the service:

Data Type Purpose Retention
Phone Number Account registration and verification Until account deletion
Profile Information Display name and optional avatar (encrypted) Until account deletion
Device Tokens Push notifications delivery Until logout or app uninstall
Connection Metadata Message routing (timestamps, recipient IDs) Minimum necessary, rolling deletion

Technical Information

To ensure service quality and security, we may collect:

  • App version and operating system
  • General geographic region (country level)
  • Crash reports and performance data (anonymised)

What We Don't Collect

We are technically unable to access the following due to end-to-end encryption:

Message content, images, videos, voice notes, or files

Voice and video call audio/video streams

Vault contents (encrypted documents and files)

Group membership lists (encrypted)

Your contacts or address book

Even if compelled by legal process, we cannot provide data we do not have and cannot decrypt.

Encryption & Security

Froorio employs state-of-the-art post-quantum cryptography to protect your communications:

Kyber768 (ML-KEM)

A NIST-standardised post-quantum key encapsulation mechanism that provides secure key exchange resistant to both classical and quantum computer attacks.

Dilithium (ML-DSA)

A NIST-standardised post-quantum digital signature scheme that ensures message authenticity and integrity.

AES-256-GCM

Industry-standard symmetric encryption with authenticated encryption for message content.

Why Post-Quantum? Traditional encryption could be broken by future quantum computers. By implementing post-quantum cryptography today, we protect your messages from "harvest now, decrypt later" attacks.

Data Storage

Your data is stored and processed with the following safeguards:

Message Storage

Messages are stored on your device. For message delivery when you're offline, encrypted messages are temporarily queued on our servers and deleted upon successful delivery.

Server Infrastructure

Our servers are located in secure data centres within the European Economic Area (EEA), compliant with GDPR requirements. All server-to-server communication is encrypted using TLS 1.3.

Backup

Message backups, if enabled, are stored encrypted on your device or your chosen cloud provider. We do not have access to backup encryption keys.

Third Parties

We minimise third-party involvement:

Push Notifications

We use Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) for notifications. Notification payloads contain minimal metadata; message content is never included.

Analytics

We may use privacy-respecting analytics to improve app performance. All analytics data is anonymised and aggregated.

TURN Servers

For voice and video calls, we operate TURN servers to facilitate peer-to-peer connections. These servers relay encrypted data—we cannot access call content.

No Advertising

We do not sell, rent, or share your personal information with advertisers. Froorio contains no advertising.

Your Rights

Under applicable data protection laws (including GDPR and UK GDPR), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing

Account Deletion

You may delete your account at any time through the App settings. Upon deletion:

  • Your profile information is immediately removed
  • Your phone number is disassociated from our records
  • Any queued encrypted messages are deleted
  • Deletion is irreversible

To exercise your rights, please contact us at info@froorio.com.

Children's Privacy

Froorio is not intended for use by individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us immediately.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Displaying a notice within the App
  • Updating the "Last updated" date at the top of this policy
  • Sending a notification through the App for significant changes

Continued use of Froorio after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: info@froorio.com
Data Protection Officer: info@froorio.com

We aim to respond to all enquiries within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.