2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide, including:

• First and last name
• Email address
• Phone number
• Age range (not exact date of birth)
• Caregiver linkage details
• Messages or inquiries sent to us
• Account credentials (encrypted)

2.2 Communication and Activity Metadata

When you enable fraud protection features, we may process limited communication metadata,
such as:

• Message metadata (sender, timing, structure – not content unless explicitly authorized)
• Call metadata and logs (number, time, duration, country code and MMI/activation codes for the purpose of detecting unauthorized call forwarding)
• Interaction patterns across apps and channels
• Links detected or clicked (for fraud analysis)

We do not use this data for advertising, profiling unrelated to fraud prevention, or resale.

2.3 Technical and Device Information

We may automatically collect:

• Device type, OS, and app version
• IP address (general location only)
• Log files and crash diagnostics
• Usage events and performance metrics

2.4 Cookies and Similar Technologies

Our Site and App may use cookies, SDKs, or similar technologies for:

• Core functionality
• Security
• Analytics and performance monitoring

These technologies may include third-party software development kits (SDKs), such as analytics and attribution tools provided by service providers and advertising platforms.

You may control cookies through browser or device settings.

2.5 Sensitive Permissions (Call Logs)

To provide our core financial protection services, the DotzLink App specifically requests access to your device’s Call Logs (android.permission.READ_CALL_LOG).

• Purpose: This permission is used solely to monitor and detect unauthorized call forwarding activation patterns (such as MMI codes).

• Fraud Prevention: These patterns are often used by bad actors in “OTP Kidnapping” schemes to intercept voice-based One-Time Passwords from your financial institutions.

• Data Protection: This metadata is processed to generate real-time security alerts.

• Restrictions: We do not use call log data for advertising, marketing, or any purpose unrelated to your financial safety, and the data is not shared with third parties for their own use.

2.6 Meta (Facebook) SDK and Analytics

Our Services use technologies provided by Meta Platforms, Inc., including the Facebook SDK, to support analytics, application performance monitoring, and marketing attribution. Through the Facebook SDK, Meta may collect or receive certain information from your device and interactions with the Services, including:

• Device identifiers and advertising identifiers (such as Google Advertising ID / GAID, where permitted by applicable law)

• App installation, activation, and launch events

• Device type, operating system, and application version

• General location information derived from IP address

• Usage, engagement, and performance events within the Services

• Attribution information related to your discovery of our marketing campaigns

We use this information to measure the effectiveness of marketing and user acquisition campaigns, understand how users discover and interact with our Services, improve application performance, and analyze aggregated usage trends.

Data Isolation & Safeguards: We do not use information collected through the Facebook SDK to make decisions regarding fraud risk, financial eligibility, or financial services, and we do not sell personal information to Meta. Information collected through the Facebook SDK is strictly isolated and is never combined with Google email content, call log data, or fraud detection signals for advertising purposes.

Third-Party Processing & Privacy Options: Information transmitted via the Facebook SDK is subject to Meta’s privacy practices, where Meta acts as an independent or joint data controller. For additional information, please review Meta’s Privacy Policy: https://www.facebook.com/privacy/policy/.

Where required by applicable law, we obtain user consent before enabling non-essential analytics or attribution technologies. Users may manage their tracking preferences via their Meta account settings or directly through their mobile device settings (e.g., Settings > Privacy > Ads on Android to reset or opt out of personalized advertising identifiers).

Data Accessed (Depending on Permissions Granted):

• Basic Google account information (name, email, profile image)
• Email metadata or content (solely for scam or fraud detection)
• Contacts data (to identify trusted senders)

How We Use Google Data:

• Fraud detection and scam prevention
• Identifying impersonation or malicious activity
• Improving protection accuracy

Restrictions:

• No advertising use
• No data resale
• No sharing with third parties except as required for core service delivery or by law

Google Workspace APIs are not used to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.

Security:

• Encrypted in transit and at rest
• Access restricted to authorized systems

User Control:

You may revoke Google access at any time via your Google Account permissions.