PRIVACY & SECURITY

Security and Privacy at BluePhone UK

BluePhone UK is operated as a registered Dutch business (KVK 91424399) and processes data in accordance with GDPR. This page explains what data we collect, where it is stored, and how your calls are protected.

What We Do Not Do

No audio recording

BluePhone does not record, store or access the audio content of your calls. We log call metadata (date, time, duration, caller number) but never the conversation itself. Note that UK prison calls are independently recorded by HMPPS — this is separate from BluePhone.

No selling of data

We do not sell, rent or share your personal data with third parties for marketing purposes. Data is shared only with service providers necessary to operate the platform (Firebase, Telnyx, Stripe).

Data Storage

User account data, call logs and subscription information are stored in Firebase (Google Cloud europe-west1), located in Belgium. This region is within the European Union and subject to EU data protection regulation.

Payment data is processed by Stripe. BluePhone does not store full card details — Stripe handles all payment processing under PCI-DSS compliance.

Telephony call signalling is processed by Telnyx, our carrier partner, in accordance with their data processing agreement.

Call Encryption

Voice calls on BluePhone are encrypted using SRTP (Secure Real-Time Transport Protocol), the industry standard for encrypted VoIP audio. This protects your audio in transit between BluePhone's infrastructure and your device.

Signalling (call setup) is protected by TLS (Transport Layer Security).

What Data We Store and Why

We do not collect location data, device fingerprints or behavioural tracking beyond basic analytics (Plausible Analytics — privacy-respecting, no cookies, EU-hosted).

GDPR — Your Rights

As a Dutch registered business serving EU and UK users, BluePhone complies with GDPR (EU 2016/679) as implemented in Dutch law (UAVG) and with UK GDPR post-Brexit. Your rights include:

How to Request Data Deletion

Email support@bluephone.co.uk with the subject line "Data deletion request". Include the email address associated with your account. We will delete your account, call logs and personal data within 30 days and confirm by email.

Note: cancelling your subscription does not automatically delete your data. You must submit a separate deletion request.

Contact

For privacy queries: support@bluephone.co.uk
Registered: KVK 91424399, Netherlands

Frequently Asked Questions

Does BluePhone record my calls?

No. BluePhone does not record or store audio from calls. Call metadata (date, time, duration, caller number) is stored for billing and support purposes, but the content of your conversations is not recorded by BluePhone. Note that UK prison calls are recorded by HMPPS independently of BluePhone.

Where is my data stored?

BluePhone stores user data in Firebase (Google Cloud) in the europe-west1 region (Belgium). This means your data does not leave the European Union and is subject to EU data protection law (GDPR). Telnyx, our telephony carrier, processes call signalling data on their infrastructure.

Is BluePhone GDPR compliant?

Yes. BluePhone is operated by a Dutch registered business (KVK 91424399) and is subject to GDPR as implemented in the Netherlands (UAVG). We process only the minimum data required to provide the service. You can request deletion of your data at any time by emailing support@bluephone.co.uk.

How do I delete my account and data?

Email support@bluephone.co.uk with the subject line 'Data deletion request'. We will delete your account, call logs and personal data within 30 days. Note that cancelling your subscription does not automatically delete your data — you must request deletion separately.