Legal

Privacy Policy

Effective date: June 1, 2026

Last updated: June 11, 2026

NumBan ("we," "us," or "our") operates the NumBan mobile application and the numban.com website (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address or mobile phone number for authentication. You may also choose a display handle (username). If you sign in with Apple, we receive your Apple-provided user identifier and, if you choose to share it, your email address.

1.2 Report Data

When you submit a scam voicemail report, we collect:

• The voicemail audio file you share from your device
• Transcript metadata provided by iOS (the visual voicemail transcript)
• An independent audio transcription generated on your device
• The callback phone number you confirm for the report
• The scam type classification
• Timestamps associated with the report

1.3 Device Information

If you enable push notifications, we collect your APNs device token to deliver notifications about report status, kill confirmations, and service updates. We do not collect device identifiers for advertising or tracking.

1.4 Automatically Collected Information

Our servers log standard request metadata (IP address, user agent, timestamps) for security, abuse prevention, and rate limiting. We do not use third-party analytics SDKs or advertising trackers in the app.

2. How We Use Your Information

We use the information we collect to:

• Authenticate your account — verify your identity via email or SMS one-time codes
• Process reports — verify callback numbers by cross-referencing transcript metadata against audio transcription, identify the responsible carrier via number lookup, and generate abuse complaints
• Route abuse complaints — send carrier abuse reports through a NumBan-managed relay email address on your behalf
• Track number status — periodically re-check reported numbers to determine whether they have been disconnected (kill confirmation)
• Deliver notifications — inform you about report status changes and kill confirmations via push notifications
• Maintain public number pages — publish aggregate, redacted report data for public interest and search engine indexing
• Operate the leaderboard — rank users by confirmed kills using their chosen display handle
• Prevent abuse — enforce rate limits, detect false reports, and maintain service integrity

3. Information We Share

3.1 Carrier Abuse Reports

When you approve a report, we send an abuse complaint to the carrier or Responsible Organization (RespOrg) that controls the callback number. These complaints are sent from a NumBan-managed relay email address (e.g., report-xxxx@relay.numban.com). Your personal email address, phone number, and name are never included in carrier communications.

3.2 Public Number Pages

Reported numbers that meet our publication threshold may appear on public pages at numban.com/numbers/[number]. Public pages display only aggregate, redacted data: the callback number, report count, carrier name, scam type classification, evidence confidence level, and current status. No voicemail audio, transcripts, personal recordings, or user identifiers are ever published.

3.3 Leaderboard

Your display handle and confirmed kill count may appear on the public leaderboard. No other account information is displayed. You can change your handle at any time.

3.4 Service Providers

We use the following third-party services to operate NumBan:

• Cloudflare — hosting, database (D1), object storage (R2), key-value store (KV), and edge compute (Workers)
• Twilio — SMS delivery for authentication codes
• Resend — email delivery for authentication codes and carrier abuse reports
• Apple Push Notification service (APNs) — push notification delivery

These providers process data only as necessary to provide their services and are bound by their respective privacy policies and data processing agreements.

3.5 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of NumBan, our users, or the public.

4. Data Storage and Security

Account data, report metadata, and number records are stored in Cloudflare D1 (SQLite). Voicemail audio evidence is stored in Cloudflare R2 object storage. Session tokens are stored as SHA-256 hashes; we never store plaintext session tokens. Authentication codes are similarly hashed and expire after 10 minutes.

All data is transmitted over HTTPS/TLS. We use Cloudflare's global edge network for DDoS protection and request filtering.

5. Data Retention

• Account data — retained until you delete your account
• Voicemail audio evidence — retained while your account is active; deleted upon account deletion
• Report metadata — personal associations (transcripts, evidence keys) are removed upon account deletion; aggregate report statistics (counts, carrier, scam type) are retained for public interest
• Sessions — expire after 90 days; all sessions are deleted upon account deletion
• Authentication codes — expire after 10 minutes
• Server logs — retained for up to 30 days for security and debugging

6. Your Rights and Choices

6.1 Account Deletion

You can delete your account at any time from the app settings. Account deletion permanently removes your personal data, all voicemail evidence files, session records, and device tokens. Your display handle is replaced with "deleted-user." Aggregate, anonymized report statistics (contribution to report counts on numbers) are retained.

6.2 Notifications

You can disable push notifications at any time through your device's notification settings.

6.3 Display Handle

You can change your display handle at any time. Your previous handle will no longer appear on the leaderboard or in any public context.

7. Children's Privacy

NumBan is not directed to children under 13. We do not knowingly collect information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

8. International Users

NumBan currently supports US phone numbers only. Data is processed on Cloudflare's global edge network. By using the Service, you consent to the transfer and processing of your data in the United States and other jurisdictions where Cloudflare operates.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at privacy@numban.com.