This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our service. By choosing to use our service, you agree to the collection and use of information in relation to this policy. The personal information that we collect is used for providing and improving the service for our users. We will not use or share any of your information with anyone except as described in this document.
As the company dSTAR Lab takes the matters of information security and sustaining privacy of the users very seriously, it aims to collect as little data as possible from the users. Your data belongs only to your device. The dSTAR Lab services are secure by design to ensure the minimization of the data that is collected about dSTAR users. We do not store a record of users contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars.
At the same time, when a user decides to register at our website, purchase/order products or services, subscribe to our newsletter, submit a feedback, fill out a survey, or get in touch with us through any available option, we do collect necessary details like: name, address, company name, email address and phone number. Processing of personal data is in line with General Data Protection Regulation (GDPR) and in accordance with other data protection regulations applicable to dSTARLab ltd.
As the data controller and data processor, dSTARLab has implemented several technical and organizational standards and techniques to ensure personal data protection at all times through the website. However since internet-based data transmission, especially via public networks, may have potential security gaps, absolute protection is not guaranteed. Due to that any data subject is free to transfer personal data to us via all available means, e.g. email or phone support or via dSTAR iCommunicator.
By this data protection declaration, we are informing the general public of the nature, range, and purpose of collecting personal data. Furthermore, you are considered informed, by this data protection declaration, of the rights to which you are entitled.
What kind of information does dSTAR collect?
Our company’s policy is to collect as little user information as possible to ensure a completely private and anonymous user experience when using the Service. We also have no technical means to access your encrypted message contents.
The service’s user data collection is limited to the following:
- Visiting our website
- Account creation
- Using dSTAR’s applications
- Communicating with dSTAR Lab
- Payment information
Account Information. You register a phone number when you create a dSTAR iCommunicator account. Phone numbers are used to provide our Services to you and other dSTAR users. You may optionally add other information to your account, such as a profile name and profile picture. This information is end-to-end encrypted.
Payment information. The Company relies on third parties to process credit card or PayPal transactions. These 3rd parties might include PayPal, MasterCard or Visa. The payment information is used by the 3rd parties’ integrated service. dSTAR Lab company doesn’t store the payment information.
Messages. dSTAR Lab cannot decrypt or otherwise access the content of your messages or calls. dSTAR queues end-to-end encrypted messages on its servers for delivery to devices that are temporarily offline (e.g. a phone whose battery has died). Your message history is stored on your own devices.
Additional technical information is stored on our servers, including randomly generated authentication tokens, keys, push tokens, and other material that is necessary to establish calls and transmit messages. dSTAR limits this additional technical information to the minimum required to operate the Services.
Contacts. dSTAR periodically sends shorten cryptographically hashed phone numbers for contact discovery. Names are never sent. The server responds with the contacts that are using dSTAR, immediately after that information is discarded. Your phone now knows which of your contacts is a Signal user and notifies you if your contact just started using Signal. The server only knows the hash values of the phone numbers and not the numbers themselves or the names of contacts.
dSTAR in a Box and dSTAR for AWS registration information. These paid platforms require certain information during the registration procedure in order for dSTAR to create an environment for new clients and to assist in providing technical support. This information might include the client’s IP address, company name, admin name, email and phone number (for sales team contact). Only personnel who need this info can access it within dSTAR Lab.
dSTAR Emails. When a user creates a dSTAR email account, that user will need to provide dSTAR with an address name.
User Support. If you contact dSTAR User Support, any personal data you may share with us is kept only for the purposes of researching the issue and contacting you about your case. Only personnel who need this info can access it within dSTARLab.
Managing your information. You can manage your personal information in dSTAR’s application Settings. For example, you can update your profile information or choose to enable additional privacy features like a Registration Lock PIN.
Do other users see when I join dSTAR?
Your friends, who already know your number and have it in their contacts, may see that you have joined dSTAR. Nothing is sent to them by your dSTAR app, or service. They only see the number that has been registered. If someone knows how to send you an SMS, we want them to know that they may send you a message through dSTAR instead.
Why do I see that my contact joined dSTAR?
That is done to inform you that your friends are available via dSTAR, and you can start a conversation right in the dSTAR app. This notification feature could be disable in the Environment settings > Notifications>Events>Contact join dSTAR, move the switch to disable.
How do we convene personal data?
Users may be required to provide us with certain personally identifiable information. Specifically, phone number (during sign up) and, optionally, personal photo for Avatar(Avatar photo is stored encrypted in a dedicated bucket), profile name(profile name is stored as a text on server and could be anything),we do not collect contact lists, we only get Numbers of contacts hash them and only then check the hashes toward hashed numbers of registered users of dSTAR via SaS service, to show who is using dSTAR already, and PIN code or password. dSTAR iCommunicator does use the 3rd party services of Google Translate. The text for translation is first sent to our translation server, if an equivalent translation is not found, the raw text is sent to Google translation server without any info of who has sent it, to whom or at what time, after that translation is received, it gets to our server and only after that forwarded to the user. For user registration we are using Twilio for OTP(one time password). Google Translate only receives the raw text content of messages, and Twilio receives the user’s phone number to send an sms.
How does dSTAR utilize personal information?
dSTAR uses the information to create a unique account with a single identifier for each and every signed-up user. Other information is used either to allow the user to build up and improve their personal profile or for integrated 3rd party software (namely Google Translate, Google Maps/Earth and Twilio).
Does dSTAR disclose any user’s personal information?
The only information disclosed by dSTAR is the user profile information, i.e. the user’s phone number, profile name, and personal photo, which can be seen by other dSTAR users.
When do we disclose user’s personal information?
After sign-up, the user’s phone number will be the users main identifying attribute. If desired by the user, he can then add to his profile the rest of the information (photo and profile name). Other users can only see another user’s number if it's already in their contact list, profile name and avatar is also shown only after the number is added to the contact list, a user may choose to not share that info with another user.
For what period of time do we store users’ personal information?
For as long as the user still has the application installed and the encrypted backup file.
What measures are applied to ensure security of personal data?
The main security measures utilized in our products include End-to-End Communication, Encryption of stored files both locally and on cloud (attachments, backup files, etc.), 3 Factor authentication, OS hardening, hashing of users’ phone numbers and dSTAR email addresses, and specially designed secure message types.
Is there a way for a user to access and manage personal data?
No. Stored files are encrypted, and any change made to them can be done only as a result of using the app.
How do we use personal data for marketing purposes?
dSTAR Lab highly values its users’ privacy and doesn’t use any user information for marketing or marketing related purposes.
You must be at least 13 years old to use our Services. The minimum age to use our Services without parental approval may be higher in your home country.
dSTAR Lab provides its products free of charge for a trial period of 1 month. After one month, the user can choose whether or not they wish to purchase the product. Once a user purchases the product, refunds will not be allowed. If the user paid for a monthly subscription (dSTAR AWS, for example), their license will be terminated at the end of the term, unless the user decides to prolong the subscription, and no further charges will ensue from that point onwards. If the user paid for an annual license (dSTAR In A Box, for example), license will be terminated at the end of the term, the payment will not be refunded even if the user chooses to stop using the platform or its services during the year.
How do I know if communication on dSTAR is private? Can I trust it?
dSTAR iCommunicator conversations are always end-to-end encrypted, which means that they can only be read or heard by your intended recipients. Privacy isn’t an optional mode — it’s just the way that dSTAR iCommunicator works. Every message, every call, every time. You can confirm that the server is operating correctly and that you are communicating with the right person using safety numbers.
What is Safety number and why do I need it?
Each dSTAR conversation has a unique safety number that allows you to verify the security of your messages and calls with specific contacts.
Verification of safety numbers is a good security practice for sensitive communication. If a safety number has been marked as verified, any change must be manually approved before sending a new message. To view the safety number, open a conversation thread with a contact, navigate to conversation settings, and select view safety number.
dSTAR iCommunicator advises you whenever a safety number has changed. This allows users to check the privacy of their communication with a contact and helps protect against any attempted man-in-the-middle attacks. The most common scenarios where a safety number advisory is displayed are when a contact switches to a new phone or re-installs dSTAR iCommunicator. However, if a safety number changes frequently or unexpectedly it may be a sign that something is wrong.
You can verify the status of the safety number. The easiest way to compare safety numbers is to scan your contact's QR code while viewing their safety number. You can also visually or audibly compare the numeric code or use the share icon to copy it to your clipboard. If the safety number is identical then you can be sure that you are communicating with the right person.
How can I report an abuse or security vulnerability?
Please report any vulnerabilities, bugs or flaws to firstname.lastname@example.org
Does dSTAR send my phone number to my contacts?
dSTAR does not send your phone number to anyone unless you send them a message. The dSTAR service does not have any knowledge of your contacts. Data is all owned by your phone. Registration notifications are never transmitted by anyone in any direction at all; these notifications are created by your phone.
When you send us a message through the dSTAR Lab website, we use your email address to thank you for your comment and/or reply to your question, and we might store for any future correspondence. Beyond our initial reply, and unless you chose to register that email address to our newsletter, we will never use your email address to send any unsolicited message or information, nor will we share it with or sell it to anyone else for such use. Emails sent from a dSTAR email address to another dSTAR email address will have their content end-to-end encrypted. Emails sent from dSTAR addresses to other email service providers (for example, Gmail or Yahoo! Mail) or vice versa, will not be end-to-end encrypted. In both cases, the email content will not be stored on dSTAR Lab servers.