Privacy Policy — Egidio
1. About us
Egidio is an Android anti-fraud protection application developed and maintained by Gilles FABER, a French sole proprietor (entrepreneur individuel) trading as The Pistachio Lab, referred to as "we" or "the publisher."
Contact: contact@egidio.app
Privacy: privacy@egidio.app
Registered address: 7 Rue d'Eschau, 67540 Ostwald, France
Registration: SIREN 105 960 389, R.C.S. Strasbourg
2. Core principle: your communications never leave your device
The content of your communications — numbers, SMS body text, contacts, calls — is analyzed exclusively on your device and is never transmitted, sold, or shared. There is no user account, no server processing your communications, and no advertising network. The protection functions (call and SMS filtering) depend on no network connection.
The only data that leaves the device is anonymous, aggregated usage statistics (detailed in §3.5), used solely to measure feature adoption and improve the product. It contains no personal data, no message content, no phone numbers, and no contacts. You can disable it at any time in the app's privacy settings.
3. Data processed locally on your device
Egidio stores the following information in a local encrypted database on your device (SQLite via Room). This data never has internet access.
3.1 Protection data (retained until deleted by user)
| Data | Purpose | Access |
|---|---|---|
| Blocked phone numbers | Display in history screen | You only |
| Blocked SMS body text | Display in history screen | You only |
| Whitelist and blacklist entries | Applying your rules | You only |
3.2 Behavioral analysis data (automatic purge)
| Data | Purpose | Retention |
|---|---|---|
| Anonymized risk scores | Calibration of the detection engine | 30 days maximum |
| Event signals (type, timestamp) | Temporal pattern detection | 30 days maximum |
| Internal engine calibration history | Internal engine improvement | 7 days maximum |
| Adversarial patterns (no content) | Spoofing attack detection | 30 days maximum |
3.3 Cognitive engine state (persistent, non-identifiable)
The decision engine maintains a floating-point state vector of 4 values (scores between 0 and 1). This vector contains no personally identifiable information. It represents a statistical estimate of the device's threat environment.
3.4 What is never stored
- Content of voice calls
- Phone numbers of allowed contacts (point-in-time lookup only for matching)
- Biometric data
- Location data
- Advertising identifiers
3.5 Anonymous usage statistics (transmitted off device)
To measure feature adoption and improve the application, Egidio transmits anonymous, aggregated usage statistics via PostHog, whose servers are located in the European Union. Transmission is encrypted (HTTPS).
| Transmitted | Never transmitted |
|---|---|
| Event type (e.g. "call blocked", "paywall shown") | Phone numbers |
| Detected country, language, app version | SMS and call content |
| Subscription tier (FREE / PREMIUM…) | Contacts |
| A random, resettable install identifier (UUID) | Device identifier (IMEI, ANDROID_ID, advertising ID) |
This install identifier is randomly generated, stored locally, not tied to any identity, and can be reset (which severs any link to prior measurement history).
You stay in control: you can fully disable these statistics in the app's privacy settings. Collection then stops immediately.
Legal basis (GDPR, art. 6.1.f): legitimate interest in improving the service, limited to non-identifying data. You have a right to object, exercisable via the setting above.
4. Required permissions and justification
In accordance with Google Play policy and GDPR (Recital 39), we justify each requested permission:
READ_PHONE_STATE
Why: detect incoming calls in real time to analyze their risk before they reach the user.
Use: reads call state (RINGING, IDLE). No data is transmitted.
RECEIVE_SMS
Why: analyze incoming SMS to detect phishing, malicious links, and financial fraud attempts.
Use: local content reading. Temporary local storage in history. No transmission.
READ_CONTACTS
Why: identify calls from your contacts to automatically allow them (implicit whitelist).
Use: local matching only. Contact phone numbers are never stored by the application.
CallScreeningService role (caller ID / spam blocking)
Why: enable active blocking of incoming calls via the Android CallScreeningService API (Android 10+), without which Egidio cannot identify or filter any call.
Use: silent reject or accept only. No audio content is accessible or recorded.
Notification access (BIND_NOTIFICATION_LISTENER_SERVICE)
Why: detect fraud attempts received through your messaging apps (WhatsApp, Telegram, Messenger, rich SMS, etc.), whose content is not exposed through standard Android permissions.
Use: Egidio reads only the text of incoming messaging notifications, on-device, for immediate local analysis. This text is never transmitted, never stored beyond the time needed for that analysis, and never shared. You can revoke this access at any time in Android Settings (Apps → Special access → Notification access).
INTERNET and ACCESS_NETWORK_STATE
Why: transmit the anonymous usage statistics described in §3.5, verify your subscription status with Google Play, and fetch encrypted detection database updates.
Use: no communication data (call, SMS, message) ever travels over the network. Only the data listed in §3.5 is transmitted.
POST_NOTIFICATIONS
Why: inform the user of blocked calls and SMS.
Use: local notifications only.
FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE
Why: maintain the protection service active in the background, required by Android 12+ for communication protection applications.
SYSTEM_ALERT_WINDOW
Why: display a visual alert during a suspicious incoming call (warning overlay).
Use: local display only. No screen capture, no reading of other applications.
RECEIVE_BOOT_COMPLETED
Why: automatically restart the protection service when the device boots.
5. No audio recording
Egidio does not record calls, does not request microphone access, and does not store audio files. Call protection uses Android call-screening metadata only.
6. In-app purchases and billing
Purchases are processed exclusively by Google Play Billing. Egidio does not collect, store, or process any payment information. Please consult Google's Privacy Policy for applicable terms.
Subscription status (FREE / PREMIUM / PRO / FAMILY / LIFETIME) is verified with Google Play and stored locally in the application's encrypted preferences.
7. Your rights (GDPR — EU Regulation 2016/679)
As a user residing in the European Economic Area, you have the following rights:
Art. 15 — Right of access
All your data is viewable directly in the application: History screen for blocked calls and SMS, Settings screen for lists.
Art. 16 — Right to rectification
You can modify or delete any entry individually from history, whitelist, or blacklist.
Art. 17 — Right to erasure
Settings → Clear all data immediately and permanently deletes:
- All blocked calls
- All blocked SMS (including their content)
- All decision logs
- All behavioral signals
- Engine calibration history
- Adversarial pattern history
Data not deleted by this action: your whitelist and blacklist (data you voluntarily created), and application settings.
Art. 18 — Right to restriction of processing
Disabling protection in settings immediately stops all processing of incoming calls and SMS.
Art. 20 — Right to data portability
Settings → Export CSV generates a local file containing your blocking history in CSV format, which you can share or back up.
Art. 21 — Right to object
The application can be uninstalled at any time, which deletes the entire local database.
8. DSA compliance (Digital Services Act — EU Regulation 2022/2065)
Egidio makes automated decisions that affect the reception of communications. In accordance with Article 17 of the DSA:
- Every blocking decision is explained: the user sees why a call or SMS was blocked (natural language explanation generated by the ExplanationEngine).
- Decisions are reversible: the user can unblock any number from the history screen.
- The system is not a black box: the decision logic follows a deterministic 4-layer policy graph, documented in the application's technical metadata.
- No discrimination: blocking rules are based exclusively on behavioral patterns and publicly available regulatory data, without any consideration of origin, language, or personal characteristics.
9. Data security
- Room database protected by Android default encryption (AES-256)
- User preferences stored in DataStore (Android Keystore encryption)
- No network communication for protection functions (call/SMS filtering is 100% local)
- Sole network exception: anonymous usage statistics (§3.5), sent over HTTPS, can be disabled
- Code reviewed before each update release
10. Children
Egidio is not intended for children under 16 and collects no data concerning them. If you believe a child has used the application, contact us for data deletion.
11. Changes to this policy
Any material changes will be notified in the application's update notes on Google Play. The last updated date is indicated at the top of this document. Continued use of the application after modification constitutes acceptance of the new version.
12. Contact
For any questions regarding this policy or your data:
Email: privacy@egidio.app
Address: Gilles FABER (The Pistachio Lab), 7 Rue d'Eschau, 67540 Ostwald, France
For EU users, you may also contact your national data protection authority. In France: CNIL. In Germany: BfDI. In the UK: ICO.