SVXConnect — Privacy Policy
SVXConnect — Privacy Policy
============================
Last updated: 2026-05-19
SVXConnect ("the app") is a voice-communication client for licensed amateur
radio operators. It connects to user-configured SvxLink-compatible reflector
servers. This policy explains what data the app handles, why, and where it
goes.
The developer of the app is RF.Guru (https://rf.guru). Contact for privacy
questions: privacy@rf.guru.
1. Data the app collects on your device
---------------------------------------
a) Identity
- Call sign — typed by the user; used to identify the operator on the
reflector and to request an X.509 client certificate.
- Email address — typed by the user; used as the certificate Subject and
for certificate-related correspondence initiated by the reflector
operator (not by us).
b) Audio
- Microphone audio is captured only while the Push-to-Talk button is
active. Audio is encoded with the Opus codec and transmitted in real
time to the reflector you have configured. Audio is not recorded,
stored, or retained on the device or by the app developer.
c) Location
- When location is enabled, the app uses Google Play services to obtain
your approximate or precise coordinates. If that fails or is denied,
the app may make a one-shot call to ipwho.is to derive an approximate
city-level location from your public IP address.
- You can disable automatic location entirely in Settings and enter a
city/latitude/longitude manually instead.
- Location is sent to the reflector you have configured so that other
operators can see where you are transmitting from. It is not collected
by the app developer.
d) Cryptographic material
- A private key, certificate signing request (CSR), and the certificate
issued by your reflector are generated and stored locally in the app's
private storage. They never leave the device except as part of the
CSR/certificate exchange with your reflector.
e) Application settings
- Reflector host, port, talkgroup lists, audio device choice, and other
user preferences are stored locally in Android DataStore.
The app does not collect device identifiers, advertising IDs, contacts,
photos, files, SMS, or call logs. The app does not contain any third-party
analytics, advertising, or tracking SDKs.
2. Where data goes
------------------
a) Your configured reflector (SvxLink-compatible server)
- Receives: call sign, certificate-related material, real-time audio
during transmission, your location (if enabled), and standard protocol
metadata (selected talkgroup, monitored talkgroups, software version).
- The reflector is chosen and operated by you or a third party you have
selected. Its data-handling practices are governed by that operator,
not by the app developer.
b) ipwho.is
- Used only as a fallback when on-device location is unavailable or
disabled. The request consists of your outbound IP address as seen by
the service. See https://ipwho.is/ for their privacy policy.
c) Reflector portal (https://portal./)
- The app fetches public reference data (talkgroup metadata, call-sign
hints). These are GET requests for static resources and do not include
personally identifying information beyond your IP address (as with any
web request).
d) Google Play services (location)
- On-device location resolution uses Google Play services. Google's
privacy policy applies: https://policies.google.com/privacy.
The app developer (RF.Guru) does not operate a backend that receives your
personal data. Data leaves the device only to the destinations listed above.
3. Android permissions and why they are requested
-------------------------------------------------
- RECORD_AUDIO — to capture microphone audio while Push-to-Talk is active.
- FOREGROUND_SERVICE / FOREGROUND_SERVICE_MICROPHONE — to keep the audio
pipeline running reliably while the app is in the foreground service,
with a visible notification.
- ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION — to determine where you
are transmitting from, for display to other operators on the reflector
map. Foreground use only; the app does not request background-location
access.
- POST_NOTIFICATIONS — to display the foreground-service notification.
- INTERNET / ACCESS_NETWORK_STATE — to connect to the reflector.
- MODIFY_AUDIO_SETTINGS — to configure the audio routing during a call.
- WAKE_LOCK — to keep the radio link active during a transmission.
4. Data retention and deletion
------------------------------
All app data lives on your device:
- Settings: in the app's private storage.
- Keys and certificates: in the app's private storage.
- No audio recordings are kept.
To delete all app data, uninstall the app, or use Android Settings → Apps →
SVXConnect → Storage → Clear data. You can also reset the certificate
material from inside the app: Settings → Certificates → Reset PKI.
5. Children
-----------
The app is intended for licensed amateur radio operators. It is not
directed to children under 13 and does not knowingly collect data from
children.
6. International transfers
--------------------------
Because you choose which reflector to connect to, the destination of your
audio and metadata may be in a different country from where you are.
Choose reflectors whose operators you trust.
7. Security
-----------
Communication with reflector portals uses HTTPS. Reflector authentication
uses an X.509 client certificate issued to your call sign, with the private
key generated and held only on your device. The reflector protocol itself
operates over UDP; some setup messages may transit in cleartext as defined
by the SvxLink protocol.
8. Changes to this policy
-------------------------
If material changes are made, the "Last updated" date at the top will be
revised and the new version will be published at the URL where this
document is hosted.
9. Contact
----------
privacy@rf.guru