Video Call — Privacy Policy

Last updated: 2026-05-29

Short version. Video Call is a random video chat app for adults (18+). When you start a call, your camera and microphone are active and your video stream is routed over a peer-to-peer WebRTC connection through our media servers — we do not record, watch or store the contents of your calls. We do hold a small server-side account on your behalf (a random user id, your chosen display name, optional bio + interests, a coin balance, and a streak counter) so that you can be matched, blocked, reported on, and rewarded. We use Google Firebase for sign-in, crash reports and analytics; AdMob and Meta Audience Network for ads; OneSignal for optional push notifications; LiveKit for the call media transport; and Cloudflare for the backend. You can delete your account in one tap from Profile → Delete account — see §10.

1. Who we are

This privacy policy applies to the Android application listed on the Google Play store as Video Call (Google Play package: com.dopetech.videocall), referred to below as "the app", "Video Call", "we", "us" or "our". Inside the app the product is branded as WINK — the two names refer to the same product.

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA / CPRA), and India's Digital Personal Data Protection Act 2023 (DPDP Act), the data controller is the publisher of the app as listed on the Google Play store page. Contact details are at the bottom of this policy.

2. What the app does, in privacy terms

Video Call is a random video chat service for adults (18+). When you tap Start a call you are connected to another consenting user who is also looking for a call. The call uses your device camera and microphone. Calls are time-boxed (3 minutes for free users, 10 minutes for WINK Pro subscribers).

To make matching, safety and rewards possible we maintain a small server-side record for each user — referred to below as your "account". Your account does not require an email address or phone number unless you sign in with Google. By default a guest account is created the first time you open the app.

3. Data we collect, and why

The table below lists every category of personal data the app processes, why it is processed, where it goes, and how to opt out or delete it.

Category	What	Why	Where it goes	Opt-out / delete
Account record	A random user id (UUID), a display name (you choose; defaults to a generated guest name), an optional 160-character bio, up to 5 interest tags, an avatar URL (auto-generated portrait by default), gender (optional), country (derived from the IP address you connect from, ISO-2 code), a coin balance, and a daily-streak counter.	To match you with peers, enforce the gender / region filters you choose, surface the right Pro features, and run the in-app coin economy.	Cloudflare D1 (SQL database). Hosted in Cloudflare's global network. See cloudflare.com/privacypolicy.	Tap Profile → Delete account. See §10 for full details.
Sign-in identity	If you sign in with Google: your Google display name, email address, profile photo, and a Firebase user id (UID). If you stay as a guest: only a Firebase anonymous UID.	To let you keep the same account across reinstalls and devices, and to attach a name + photo to your in-app profile.	Google Firebase Authentication. See firebase.google.com/support/privacy.	Sign out from Profile, then delete the account; or, on the Google side, revoke the app under myaccount.google.com → Security → Your connections.
Live video & audio (during calls)	The camera and microphone feeds from your device while a call is in progress.	To carry the call to the peer you're connected with.	The media stream is routed in real-time via LiveKit's WebRTC infrastructure (a Cloudflare-hosted, end-to-end-encrypted SFU). We do not record, transcribe or store the call. LiveKit operates the media servers as our processor. See livekit.io/privacy.	Camera and microphone permissions are required to start a call. Revoke under Settings → Apps → Video Call → Permissions. End any call by tapping the end-call button; the streams stop instantly.
Match history (audit)	For each call: the two user ids involved, the room identifier, the start time, the end time. Not the video, not the audio, not any chat content.	So that reports (see below) can be tied to a specific match, and so that blocks honor mutual history.	Cloudflare D1.	Cleared when you delete your account, except where retained for an open moderation investigation.
Reports & blocks	If you report or block another user: the reporter's user id, the target user id, the timestamp, the report category, and any free-text reason you write.	To keep the community safe and to action repeat-offender bans.	Cloudflare D1. Reviewed by our moderation team.	Reports cannot be unilaterally retracted because we use them for safety. To request review of a report you submitted, email us.
App interactions (analytics)	Screens viewed, taps on key buttons (Start, Next, Report, Rate), session length, in-app events such as `match_found`, `call_ended`, `daily_bonus_claimed`.	To understand which features are used so we can improve the app.	Google Firebase Analytics (aggregated to a Google Analytics property we own).	Decline analytics in the in-app consent dialog (EEA/UK users), or revoke under Settings → Apps → Video Call → Storage → Clear data.
Crash & error reports	Stack traces, device model, Android version, app version, free memory at time of crash, the previous handful of user actions (no message content).	To diagnose and fix bugs.	Google Firebase Crashlytics.	Decline analytics in the in-app consent dialog (this also disables Crashlytics).
Push notification token	A randomly assigned device token, plus the country your device's locale reports, plus your time zone (for delivery scheduling).	To deliver daily-bonus reminders, streak nudges, low-coin notices, and rate-the-app prompts (only if you grant the system notification permission).	OneSignal Inc. See onesignal.com/privacy_policy.	Deny the system notification permission on first launch, or revoke under Settings → Apps → Video Call → Notifications.
Advertising identifiers	Your Google Advertising ID (resettable from Android settings), coarse IP-derived location, and ad-interaction events (impression, click, rewarded-ad completion).	To show ads inside the app and to measure how those ads perform. Ads pay for the development of the free tier; WINK Pro removes them.	Google AdMob (Google LLC) and Meta Audience Network (Meta Platforms, Inc.) via the AdMob mediation layer.	Reset your advertising ID under Settings → Privacy → Ads, or turn off ad personalisation; you'll still see ads but they will be less relevant. EEA/UK users see a UMP consent prompt on first launch where you can refuse personalised ads entirely.
In-app purchases	The Google Play purchase token for any WINK Pro subscription, the product id you purchased, the expiry date, the verified-at timestamp.	To unlock Pro features (longer calls, no ads, profile views, interest filter, bigger daily bonus) and to honor restore-purchase.	Google Play Billing (Google) handles the payment. We verify the receipt server-side and store only the token + status — no card numbers ever reach us.	Cancel the subscription under Google Play → Subscriptions. The Pro feature flag flips back to free at the end of the current billing period.
Device and technical info	Android version, device model, locale, screen size, time zone, network connection type, IP address (resolved server-side to a country code).	To render the app correctly, route to the nearest LiveKit edge, and attribute analytics events.	Cloudflare, Firebase, AdMob.	Same controls as analytics / advertising above.

4. What we do not collect

The contents of any video call (audio, video, screen).
Your real name, phone number, address, or government ID.
Your contacts, your call history, your SMS messages (we do not request READ_CONTACTS, READ_CALL_LOG or READ_SMS).
Files or photos from your device storage outside the camera frames captured during an active call.
Your precise GPS location (we do not request location permissions; country is inferred from IP only).
Payment card information of any kind (Google Play Billing handles payments end-to-end).
Biometric data, health data, or any "special category" data under GDPR Art. 9.

5. Third-party SDKs and services

SDK / service	Provider	Purpose	Their privacy policy
Firebase Authentication	Google LLC	Sign-in (anonymous + Google)	firebase.google.com/support/privacy
Firebase Analytics	Google LLC	Anonymous usage measurement	firebase.google.com/support/privacy
Firebase Crashlytics	Google LLC	Crash reporting	firebase.google.com/support/privacy
Cloudflare Workers + D1	Cloudflare, Inc.	Backend (account record, matchmaking, coin ledger, notifications)	cloudflare.com/privacypolicy
LiveKit Cloud	LiveKit, Inc.	WebRTC media transport for video calls (we operate via our own LiveKit Cloud project)	livekit.io/privacy
OneSignal	OneSignal Inc.	Push notifications	onesignal.com/privacy_policy
Google AdMob	Google LLC	In-app advertising (banner, interstitial, rewarded, native)	policies.google.com/privacy
Meta Audience Network	Meta Platforms, Inc.	Ad mediation partner via AdMob	facebook.com/about/privacy
Google Play Billing	Google LLC	WINK Pro subscription processing	policies.google.com/privacy
Google Play In-App Review	Google LLC	Native rating prompt	policies.google.com/privacy
Coil / Media3 / OkHttp / Retrofit / AndroidX	Various open-source	Local image loading, video playback (Shorts feed), networking, UI. Do not transmit personal data to third parties.	n/a

6. Legal basis for processing (EU / UK users)

Operating your account, matching, blocks, reports, in-call media routing: performance of the contract between you and us (Art. 6(1)(b) GDPR). Without this processing the service cannot function.
Crash reports and aggregate analytics: our legitimate interest in keeping the service working (Art. 6(1)(f) GDPR), provided we offer a meaningful opt-out — which we do via the in-app consent dialog on first launch.
Personalised ads: your explicit consent (Art. 6(1)(a) GDPR). EEA and UK users see a Google UMP / IAB TCF prompt on first launch. You may withdraw consent at any time by clearing app data.
Non-personalised ads (when consent is declined): our legitimate interest in monetising a free app, balanced against the limited privacy impact of contextual ads.
Push notifications: consent (the Android 13+ system permission you grant on first launch).
Camera & microphone: consent (the Android runtime permission you grant before your first call).
Safety processing (review of reports, ban enforcement): legitimate interest in maintaining a safe community, recognised as compatible with GDPR's protection-of-vital-interests carve-outs.

7. Data retention

Account record: until you delete your account. After deletion, see §10.
Match history: 12 months from the call end, then deleted. Earlier if you delete your account, except for matches that are the subject of an active investigation.
Reports & blocks: 24 months from submission, then anonymised. Required for repeat-offender enforcement.
Coin ledger (audit trail for paid coins / IAP): 7 years per typical financial-audit retention. Anonymised after account deletion (the user id is replaced with a tombstone reference).
Firebase Analytics: 14 months by default for event-level data, then aggregated.
Firebase Crashlytics: 90 days for individual crash records.
LiveKit call media: not retained — the SFU forwards packets in real-time without writing them to disk.
OneSignal push tokens: until you uninstall the app or revoke notifications.
AdMob / Meta Audience Network event records: per those providers' own retention schedules (linked above).

8. International transfers

Our processors are based outside some users' countries (notably the United States and the European Economic Area). Cloudflare runs a global edge network; data may be processed wherever the nearest edge is. Transfers happen under the relevant safeguards each processor provides — for Google and AdMob, the EU Standard Contractual Clauses and the EU–US Data Privacy Framework; for Meta and AppLovin, the same combination; for OneSignal and LiveKit, the EU Standard Contractual Clauses. You can review each processor's transfer mechanism in their privacy policy.

9. Your rights

Depending on where you live, you have one or more of the following rights:

Access: request a copy of the data we and our processors hold about you.
Correction: have inaccurate data corrected. The display name, bio, interests, gender, and region preferences are editable directly inside the app under Profile → Edit.
Deletion: have your data deleted. See §10 for the one-tap in-app path.
Objection / opt-out: object to processing for direct marketing (we do no direct marketing) or to legitimate-interest processing.
Portability: receive a copy of data you provided in a machine-readable format.
Withdraw consent: at any time, without affecting prior lawful processing.
Complaint: lodge a complaint with your national supervisory authority. In the EU, find your authority at edpb.europa.eu. In the UK, the ICO at ico.org.uk. In India, contact the Data Protection Board once operational under the DPDP Act.

10. How to delete your account and data

You can delete your Video Call account directly from inside the app:

Open the app and sign in.
Tap the Profile tab in the bottom navigation.
Scroll to the bottom of the settings list and tap Delete account.
Confirm in the bottom sheet that appears (one-tap confirmation, irreversible).

When you confirm, we immediately:

Anonymise your account record on Cloudflare D1 (we null your display name, email, avatar URL, bio, interests, country; we keep an opaque tombstone identifier so coin-ledger and match-history rows that reference the row can stay foreign-key-valid for the retention periods listed in §7).
Purge your push-notification record on OneSignal.
Purge your in-app notifications, profile-view records, follow relationships, Shorts likes / view records, and any blocks you have placed on other users.
Anonymise any Shorts clips you authored (the clip stays in the feed for other viewers, but no longer credits you).
Anonymise your Firebase Analytics user id so future events are not joined to your historical record.
Sign you out of Firebase Authentication on the device.

If you previously signed in with Google, you may additionally revoke the app's access to your Google account under myaccount.google.com → Security → Your connections.

A duplicate public-facing copy of these steps is also published at /account-deletion.html so the Google Play store-listing's deletion-URL field can point at a persistent web page.

If you cannot reach the in-app flow (for example because you are locked out or the app crashes on launch), email us at the contact address below with the subject line "Privacy Request — Video Call" and include either the email address you signed in with or the Firebase Installation ID from the Google Play console. We respond to verified requests within 30 days (45 in California), free of charge.

11. Children's privacy & age requirement

Video Call is strictly for users aged 18 or older. The product surfaces random adult-to-adult video calls and is not suitable for minors. We do not knowingly collect personal data from anyone under 18. If you believe a minor has used the app, contact us at the email below and we will delete the related account.

See also our separate Child Safety Standards page for our zero-tolerance position on child sexual abuse and exploitation, and our reporting workflow.

12. Security

Network requests use HTTPS / WSS exclusively. Video and audio in calls use DTLS-SRTP encryption as standardised by the WebRTC specification. Sign-in tokens are short-lived (1 hour) Firebase JWTs verified on every backend request. Account-deletion is irreversible and rate-limited per Firebase UID. Reports are actionable within 72 hours by a human moderator. We do not store payment-card data — Google Play Billing handles the transaction end-to-end. Our backend is hosted on Cloudflare with managed DDoS protection and per-route rate limits.

13. Changes to this policy

We may update this policy when we add features, when a new SDK is integrated, or to reflect regulatory changes. The "Last updated" date at the top of this page will always reflect the most recent revision. Material changes will be summarised at the top for at least 30 days after publication, and we will surface an in-app notice asking you to acknowledge the change.

Contact

Email: dopetech.support@gmail.com
Publisher: Dopetech (developer account associated with Google Play package com.dopetech.videocall).
For data subject requests, please put "Privacy Request — Video Call" in the subject line and include the country you are writing from so we can apply the right legal regime.