Privacy Policy
Effective: May 20, 2026
LeetLink is built so that your conversations and your data stay yours. This policy explains exactly what the app collects, what we do with it, and the things we deliberately don't do.
Data we collect
- Email address. Used as your sign-in identifier and for sending verification codes during sign-up.
- Username. A handle you pick during sign-up so friends can find you. Public to anyone who searches for it.
- Password. Stored as a salted PBKDF2 hash (we never store the plaintext password). Used only for sign-in verification.
- Friend list. The usernames you've added as friends, so we can deliver call signaling between you.
- Apple push notification token. Required to wake your device when someone calls you.
- A random user ID. Used internally to identify your account.
Data we do NOT collect
- Your phone number
- Your iPhone contacts (the app does not request contacts access)
- Your call audio or video — these never touch our servers
- Your location
- Your call history or any logs of who you called or when
- Any advertising or analytics identifiers
- Photos, files, or other content
How calls work
LeetLink uses WebRTC for direct peer-to-peer connections. When you call a friend:
- Our server sends an Apple push notification to wake their device.
- Both devices exchange connection information ("signaling") through our server. This is encrypted in transit (TLS).
- Once connected, the audio and video flow directly between your two devices, never through us.
- When a direct connection isn't possible (typically due to firewalls or strict NAT), the call routes through a relay server (TURN). Even then, the media is encrypted end-to-end and we cannot decode it.
Permissions
LeetLink requests these permissions only:
- Microphone — to send your voice during calls.
- Camera — to send your video during video calls.
- Local Network — to enable faster direct connections when calling someone on the same Wi-Fi.
- Notifications — to alert you of incoming calls when the app is closed.
We do not request access to your contacts, photos, location, or any other data.
Data sharing
We do not sell, rent, share, or trade your data with anyone. No advertisers, no analytics companies, no third parties. Our infrastructure runs on Cloudflare (workers, KV storage, durable objects) and Resend (for sending sign-up verification emails). These vendors process data on our behalf under their own data processing agreements.
Data retention and deletion
Your account data is kept as long as your account exists. You can delete your account at any time from within the app:
- Sign in
- Tap the menu (⋯) in the top-right corner
- Choose "Delete account"
- Confirm
Deletion is immediate and permanent. It removes your user record, email, username (returned to the available pool), friend list, friend requests, and push token. Your friends will see you disappear from their friends list. There is no recovery after deletion.
Children's privacy
LeetLink is not directed at children under 13. We do not knowingly collect data from anyone under 13. If we learn we have collected such data, we will delete it.
Security
Passwords are stored as salted PBKDF2-SHA256 hashes with 100,000 iterations. All API traffic is over HTTPS. WebRTC media is encrypted with DTLS-SRTP. We do not have access to your call audio or video at any point.
Changes to this policy
If we change this policy, we will update the "Effective" date at the top and notify users through the app for material changes.
Contact
Questions, deletion requests, or anything else:
Email: privacy@leet.ae