Privacy Policy

Effective: May 20, 2026

LeetLink is built so that your conversations and your data stay yours. This policy explains exactly what the app collects, what we do with it, and the things we deliberately don't do.

Data we collect

Data we do NOT collect

How calls work

LeetLink uses WebRTC for direct peer-to-peer connections. When you call a friend:

  1. Our server sends an Apple push notification to wake their device.
  2. Both devices exchange connection information ("signaling") through our server. This is encrypted in transit (TLS).
  3. Once connected, the audio and video flow directly between your two devices, never through us.
  4. When a direct connection isn't possible (typically due to firewalls or strict NAT), the call routes through a relay server (TURN). Even then, the media is encrypted end-to-end and we cannot decode it.

Permissions

LeetLink requests these permissions only:

We do not request access to your contacts, photos, location, or any other data.

Data sharing

We do not sell, rent, share, or trade your data with anyone. No advertisers, no analytics companies, no third parties. Our infrastructure runs on Cloudflare (workers, KV storage, durable objects) and Resend (for sending sign-up verification emails). These vendors process data on our behalf under their own data processing agreements.

Data retention and deletion

Your account data is kept as long as your account exists. You can delete your account at any time from within the app:

  1. Sign in
  2. Tap the menu (⋯) in the top-right corner
  3. Choose "Delete account"
  4. Confirm

Deletion is immediate and permanent. It removes your user record, email, username (returned to the available pool), friend list, friend requests, and push token. Your friends will see you disappear from their friends list. There is no recovery after deletion.

Children's privacy

LeetLink is not directed at children under 13. We do not knowingly collect data from anyone under 13. If we learn we have collected such data, we will delete it.

Security

Passwords are stored as salted PBKDF2-SHA256 hashes with 100,000 iterations. All API traffic is over HTTPS. WebRTC media is encrypted with DTLS-SRTP. We do not have access to your call audio or video at any point.

Changes to this policy

If we change this policy, we will update the "Effective" date at the top and notify users through the app for material changes.

Contact

Questions, deletion requests, or anything else:

Email: privacy@leet.ae