Version française →

Privacy Policy — Egidio

Last updated: July 2026 · App version: 1.4.0

1. About us

Egidio is an Android anti-fraud protection application developed and maintained by Gilles FABER, a French sole proprietor (entrepreneur individuel) trading as The Pistachio Lab, referred to as "we" or "the publisher."

Contact: contact@egidio.app
Privacy: privacy@egidio.app
Registered address: 7 Rue d'Eschau, 67540 Ostwald, France
Registration: SIREN 105 960 389, R.C.S. Strasbourg

2. Core principle: your communications never leave your device

The content of your communications — numbers, SMS body text, contacts, calls — is analyzed exclusively on your device and is never transmitted, sold, or shared. There is no user account, no server processing your communications, and no advertising network. The protection functions (call and SMS filtering) depend on no network connection.

The only data that leaves the device is anonymous, aggregated usage statistics (detailed in §3.5), used solely to measure feature adoption and improve the product. It contains no personal data, no message content, no phone numbers, and no contacts. You can disable it at any time in the app's privacy settings.

3. Data processed locally on your device

Egidio stores the following information in a local encrypted database on your device (SQLite via Room). This data never has internet access.

3.1 Protection data (retained until deleted by user)

DataPurposeAccess
Blocked phone numbersDisplay in history screenYou only
Blocked SMS body textDisplay in history screenYou only
Whitelist and blacklist entriesApplying your rulesYou only

3.2 Behavioral analysis data (automatic purge)

DataPurposeRetention
Anonymized risk scoresCalibration of the detection engine30 days maximum
Event signals (type, timestamp)Temporal pattern detection30 days maximum
Internal engine calibration historyInternal engine improvement7 days maximum
Adversarial patterns (no content)Spoofing attack detection30 days maximum

3.3 Cognitive engine state (persistent, non-identifiable)

The decision engine maintains a floating-point state vector of 4 values (scores between 0 and 1). This vector contains no personally identifiable information. It represents a statistical estimate of the device's threat environment.

3.4 What is never stored

3.5 Anonymous usage statistics (transmitted off device)

To measure feature adoption and improve the application, Egidio transmits anonymous, aggregated usage statistics via PostHog, whose servers are located in the European Union. Transmission is encrypted (HTTPS).

TransmittedNever transmitted
Event type (e.g. "call blocked", "paywall shown")Phone numbers
Detected country, language, app versionSMS and call content
Subscription tier (FREE / PREMIUM…)Contacts
A random, resettable install identifier (UUID)Device identifier (IMEI, ANDROID_ID, advertising ID)

This install identifier is randomly generated, stored locally, not tied to any identity, and can be reset (which severs any link to prior measurement history).

You stay in control: you can fully disable these statistics in the app's privacy settings. Collection then stops immediately.

Legal basis (GDPR, art. 6.1.f): legitimate interest in improving the service, limited to non-identifying data. You have a right to object, exercisable via the setting above.

4. Required permissions and justification

In accordance with Google Play policy and GDPR (Recital 39), we justify each requested permission:

READ_PHONE_STATE

Why: detect incoming calls in real time to analyze their risk before they reach the user.
Use: reads call state (RINGING, IDLE). No data is transmitted.

RECEIVE_SMS

Why: analyze incoming SMS to detect phishing, malicious links, and financial fraud attempts.
Use: local content reading. Temporary local storage in history. No transmission.

READ_CONTACTS

Why: identify calls from your contacts to automatically allow them (implicit whitelist).
Use: local matching only. Contact phone numbers are never stored by the application.

CallScreeningService role (caller ID / spam blocking)

Why: enable active blocking of incoming calls via the Android CallScreeningService API (Android 10+), without which Egidio cannot identify or filter any call.
Use: silent reject or accept only. No audio content is accessible or recorded.

Notification access (BIND_NOTIFICATION_LISTENER_SERVICE)

Why: detect fraud attempts received through your messaging apps (WhatsApp, Telegram, Messenger, rich SMS, etc.), whose content is not exposed through standard Android permissions.
Use: Egidio reads only the text of incoming messaging notifications, on-device, for immediate local analysis. This text is never transmitted, never stored beyond the time needed for that analysis, and never shared. You can revoke this access at any time in Android Settings (Apps → Special access → Notification access).

INTERNET and ACCESS_NETWORK_STATE

Why: transmit the anonymous usage statistics described in §3.5, verify your subscription status with Google Play, and fetch encrypted detection database updates.
Use: no communication data (call, SMS, message) ever travels over the network. Only the data listed in §3.5 is transmitted.

POST_NOTIFICATIONS

Why: inform the user of blocked calls and SMS.
Use: local notifications only.

FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE

Why: maintain the protection service active in the background, required by Android 12+ for communication protection applications.

SYSTEM_ALERT_WINDOW

Why: display a visual alert during a suspicious incoming call (warning overlay).
Use: local display only. No screen capture, no reading of other applications.

RECEIVE_BOOT_COMPLETED

Why: automatically restart the protection service when the device boots.

5. No audio recording

Egidio does not record calls, does not request microphone access, and does not store audio files. Call protection uses Android call-screening metadata only.

6. In-app purchases and billing

Purchases are processed exclusively by Google Play Billing. Egidio does not collect, store, or process any payment information. Please consult Google's Privacy Policy for applicable terms.

Subscription status (FREE / PREMIUM / PRO / FAMILY / LIFETIME) is verified with Google Play and stored locally in the application's encrypted preferences.

7. Your rights (GDPR — EU Regulation 2016/679)

As a user residing in the European Economic Area, you have the following rights:

Art. 15 — Right of access

All your data is viewable directly in the application: History screen for blocked calls and SMS, Settings screen for lists.

Art. 16 — Right to rectification

You can modify or delete any entry individually from history, whitelist, or blacklist.

Art. 17 — Right to erasure

Settings → Clear all data immediately and permanently deletes:

Data not deleted by this action: your whitelist and blacklist (data you voluntarily created), and application settings.

Art. 18 — Right to restriction of processing

Disabling protection in settings immediately stops all processing of incoming calls and SMS.

Art. 20 — Right to data portability

Settings → Export CSV generates a local file containing your blocking history in CSV format, which you can share or back up.

Art. 21 — Right to object

The application can be uninstalled at any time, which deletes the entire local database.

8. DSA compliance (Digital Services Act — EU Regulation 2022/2065)

Egidio makes automated decisions that affect the reception of communications. In accordance with Article 17 of the DSA:

9. Data security

10. Children

Egidio is not intended for children under 16 and collects no data concerning them. If you believe a child has used the application, contact us for data deletion.

11. Changes to this policy

Any material changes will be notified in the application's update notes on Google Play. The last updated date is indicated at the top of this document. Continued use of the application after modification constitutes acceptance of the new version.

12. Contact

For any questions regarding this policy or your data:

Email: privacy@egidio.app
Address: Gilles FABER (The Pistachio Lab), 7 Rue d'Eschau, 67540 Ostwald, France

For EU users, you may also contact your national data protection authority. In France: CNIL. In Germany: BfDI. In the UK: ICO.