Who we are
Call Vault is a product of Sage Mode, LLC, a software company based in the United States. Sage Mode, LLC owns and operates the Call Vault app and the getcallvault.app website. References to "we," "our," or "us" in this policy refer to Sage Mode, LLC.
The short version
Call Vault does all call and text filtering entirely on your device. Your call history, contacts, and block lists never leave your phone to our servers.
The limited exceptions are: (1) purchase verification — when you subscribe to Premium, your device identifier and purchase receipt are sent to our subscription verification provider; (2) monthly Spam Shield Database updates are downloaded to your device; and (3) community spam reporting — when you manually block a phone number that is not in your contacts, Call Vault automatically and anonymously reports that phone number to our community spam database (on by default, opt-out in Settings → Privacy & Data → Community Protection). Manual reports via the flag icon also send an anonymous report with your selected category. Only phone number digits are ever transmitted — never message content, contact names, or any identifying information. All three are described in detail below.
✓No account or sign-up required.
✓Your call history, contacts, and block list are never uploaded to any server.
✓No third-party trackers, ads, or behavioral profiling — only anonymous, aggregate usage stats.
✓No advertising.
✓Purchases processed securely via a third-party provider.
What phone functionality the app uses
To block calls and texts, Call Vault needs access to certain phone capabilities. Here is what each one is used for — and what we never do with any of it.
Used for: The app intercepts incoming calls so it can silently stop calls from blocked numbers before your phone rings.
Never: Your call history is never read retroactively, analyzed, or sent anywhere.
Used for: The app checks incoming text messages against your block list and keyword filters, silencing matches before they reach your notifications.
Never: Message content is stored on your device only and never transmitted.
Used for: The app intercepts MMS from blocked senders to suppress their notifications. MMS viewing within the app is planned for a future release.
Never: MMS content is stored locally only. Nothing is uploaded.
Used for: Used to send messages from within the app — specifically, to reply to a blocked sender without unblocking them (Premium feature, requires Call Vault to be set as your default SMS app). This lets you respond to a message without restoring full contact from that sender.
Never: No messages are sent on your behalf without your explicit action. The app sends an SMS only when you compose and send a reply to a blocked sender yourself from within the app.
Used for: Used only when "Contacts Only" mode is active — calls from people in your address book are allowed through automatically.
Never: Your contacts are never copied, modified, synced, or uploaded.
Used for: Shows an optional on-screen alert when a call or text is blocked. You can turn this off in Settings.
Never: No personal data is attached to or derived from notifications.
Note: This policy currently describes the Android version of the app. The iPhone version uses equivalent iOS-native features to achieve the same functionality. This policy will be updated when the iPhone app launches.
Anonymous app analytics
To improve the app's setup experience, Call Vault records a small number of anonymous, aggregate events — for example, which onboarding step a user reaches, and whether setup is completed. These counts help us find and fix the points where people get stuck. There is no third-party analytics SDK.
What is sent: only which setup step was reached, plus a few non-identifying values (such as the selected protection mode), tagged with a temporary, randomly-generated session id that is not stored and resets every time the app launches.
Never: no phone numbers, message or call content, contacts, location, email, advertising id, or any identifier that could point to you. The data is aggregated, so no individual profile of you exists.
Data storage
All data — your block list, call history, text logs, PIN, and settings — is stored exclusively in your phone's local storage. It is never backed up to our servers. If your phone's own backup service (such as Google Backup) is enabled, it may include app data in its system backup; that is outside our control and governed by Google's privacy policy.
You can export and delete all app data at any time from within the app (Settings → Backup & Restore → Reset).
Deletion on uninstall: All app data stored in local storage is automatically and permanently deleted when you uninstall Call Vault. For an immediate manual reset without uninstalling, go to Settings → Danger Zone → Reset App.
How to delete your data
Because Call Vault stores all data locally on your device, you are always in full control — no need to email us or submit a request. You can delete your data entirely from within the app in seconds.
- 1. Open Call Vault on your phone
- 2. Tap the Settings tab (bottom right)
- 3. Scroll to the bottom and tap Reset App
- 4. Confirm the reset — all local data is permanently deleted immediately
This deletes your block list, call logs, text logs, PIN, settings, and all other app data from your device. It cannot be undone.
Uninstalling Call Vault automatically and permanently deletes all locally stored data — your block list, logs, PIN, and settings — from your device.
If you subscribed to Call Vault Premium, RevenueCat stores an anonymous device identifier and your purchase receipt to verify your subscription. To request deletion of this data, contact RevenueCat directly at revenuecat.com/privacy or email [email protected].
Anonymous spam reports you submitted cannot be individually traced back to your device. If you have a specific deletion request, contact us via our contact page.
Subscription and billing
Subscription billing is processed by Google Play and RevenueCat. We receive confirmation of your subscription status (active or inactive) only — no payment card details, bank information, or billing address is shared with us. See Google's Privacy Policy and RevenueCat's Privacy Policy for details on how they handle your payment data.
When you subscribe to Premium, Call Vault uses RevenueCat to confirm and manage your entitlement. RevenueCat receives:
- An anonymous device identifier
- Your purchase receipt from the app store
- Your subscription status (active or inactive)
RevenueCat does not receive your name, email, phone number, call history, or any content from your messages. Their privacy policy is available at revenuecat.com/privacy.
If you subscribe via getcallvault.app rather than through Google Play, your payment is processed by Stripe. We never receive your card number or full payment details.
When you activate a web subscription, the app stores your email address and a secure access token locally on your device. The app sends these to the getcallvault.app server solely to verify that your subscription is still active. Your email is used only for this purpose — it is never sold, shared, or used for marketing.
Your call logs, text history, block list, and contacts are never included in subscription verification requests.
Payment card details are handled exclusively by Google Play or Stripe — Call Vault never receives your payment card information.
Community spam reporting
Call Vault uses two mechanisms to contribute to the community spam database:
When you manually block a phone number that is not already in your contacts, Call Vault automatically submits an anonymous report containing only the phone number digits to our community spam database. This helps protect other users from the same numbers without any extra steps on your part.
- Only the phone number digits are reported — never message content, contact names, or any identifying information
- Reports are submitted anonymously via an encrypted Cloudflare Worker
- Numbers already in your contacts are never auto-reported
- Pattern blocks (e.g. 1800*) and keyword blocks are never reported
To opt out: Go to Settings → Privacy & Data → Community Protection and toggle it off. You can do this at any time.
You can also tap the flag icon on any blocked call or message to manually report a number with a specific category (e.g. robocall, scam, telemarketer) and an optional note (max 100 characters). Manual reports include the phone number, the category you selected, and your optional note.
What is never included in any report: Call history, message content, contact names, device identifiers, or IP addresses (beyond standard rate limiting).
All reports are stored anonymously in a community database and cannot be traced back to your device. Numbers that receive three or more independent reports may be added to the Spam Shield Database for all users.
This website
This marketing website (getcallvault.app) may collect your email address if you submit a contact or waitlist form. It is used only to respond to your inquiry or notify you about the app. We do not sell or share your email with third parties.
This website does not use advertising trackers, behavioral analytics, or fingerprinting scripts.
GDPR (UK, EEA, and Ireland users)
If you are located in the United Kingdom, European Economic Area, or Ireland, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the right to access, correct, or delete personal data held about you.
Lawful basis for processing: We process your personal data on two lawful bases: (1) your consent — by installing and using Call Vault, you consent to on-device call and text filtering; and (2) legitimate interest — protecting you from spam, scam, and nuisance communications. All processing occurs on your device; no personal data is transmitted to our servers in the normal course of app use.
The personal data we process externally is limited to: (1) your email address if submitted via a contact form; (2) for app store subscribers, the anonymous device identifier and purchase receipt processed by RevenueCat under Standard Contractual Clauses; (3) for web subscribers, your email address used to verify your subscription status with our getcallvault.app server (hosted in the United States); and (4) anonymous community spam reports (phone number digits only) processed by our report service — auto-reporting is on by default with clear disclosure and easy opt-out (Settings → Privacy & Data → Community Protection); lawful basis is legitimate interest in community spam protection combined with the opt-out mechanism provided.
To exercise your GDPR rights (access, rectification, erasure, restriction, portability, or objection), contact us via our contact page.
Canada (PIPEDA)
If you are located in Canada, your privacy rights are governed by the Personal Information Protection and Electronic Documents Act (PIPEDA).
No personal data transmitted off-device: All call and text filtering occurs on your device. Your call history, contact list, block rules, and message content are never transmitted to our servers. The only exception is community reporting — when you manually block a non-contact number, only that phone number's digits are submitted anonymously. You can opt out in Settings → Privacy & Data → Community Protection. No personal data is included in these reports.
The only data shared with a third party is limited to purchase verification via RevenueCat (an anonymous device identifier and purchase receipt) when you subscribe to Premium. No name, email, phone number, or communications data is included. To exercise your rights under PIPEDA, contact us via our contact page.
CCPA (California users)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected about you and to request deletion.
Call Vault does not sell personal information to any third party. The only data shared externally is for purchase processing (not sold) and anonymous community spam reports (phone number digits only — auto-reported by default when you manually block a non-contact number, with opt-out available in Settings → Privacy & Data → Community Protection; not personal information under CCPA). To exercise your CCPA rights, contact us via our contact page.
Australia and New Zealand users
Australian and New Zealand telecommunications interception laws (including the Telecommunications (Interception and Access) Act 1979 (AU) and the Telecommunications (Interception Capability and Security) Act 2013 (NZ)) apply to the interception of communications in transit. Call Vault does not intercept communications in transit. All text message processing occurs after delivery to your device — the message has already been received by your phone before Call Vault reads or filters it. This is equivalent to reading your own received mail and is fully lawful.
Under the Privacy Act 1988 (AU) and the Privacy Act 2020 (NZ), individuals have the right to access and correct personal information held about them. The only personal information we hold about you is your email address (if submitted via a contact form). All other data — your block lists, call history, and settings — exists solely on your device and is never transmitted to us.
To exercise your rights under Australian or New Zealand privacy law, contact us via our contact page.
Children's privacy
Call Vault is not directed at children under 13. We do not knowingly collect any information from children. If you believe a child has provided personal information through our contact form, please reach out and we will promptly delete it.
Changes to this policy
If this policy changes materially, we will update the "Last updated" date at the top of this page. Continued use of the app constitutes acceptance of the updated policy.
Contact
Questions about this policy? Reach us at our contact page.