This Privacy Policy explains how UltraCaller collects, uses, shares, and protects information about you when you use the UltraCaller mobile application or visit ultra-caller.com (together, the "Service"). It is an integral part of our Terms of Service and should be read together with them. A Hebrew translation may be made available for convenience; in the event of any inconsistency, the English version prevails.
The "controller" of your personal data, in the sense of the GDPR and equivalent Israeli law, is:
Za Marketing Ltd.
Email: ultracallerapp@gmail.com
Opt-out form (no registration required): https://ultra-caller.com/opt-out.html
For purposes of Israeli law we are the operator of the database underlying the Service and the entity responsible for it.
This policy applies to information processed by UltraCaller through the Service. It does not apply to:
The following items are collected only after you grant the corresponding Android permission. You can revoke any permission at any time in your device settings.
We do not collect your geographic location through device location services, your microphone audio, the contents of your text messages, or recordings of your phone calls. We do not request the corresponding Android permissions.
The Service operates a directory of phone numbers and associated names ("Caller ID Directory"). It is built primarily from contact data that users of the Service voluntarily contribute from their device address books, and is supplemented by publicly available information and lawful third-party sources. Functionally it is equivalent to a digital telephone directory.
Under Israeli law, we operate the Caller ID Directory in reliance on Amendment 13 to the Israeli Privacy Protection Law, 5741-1981 (תיקון 13 לחוק הגנת הפרטיות, התשמ"א-1981), effective as of August 14, 2025, and on the consent of contributing users together with our legitimate interest in operating a caller-identification service. Under Amendment 13, displaying a name next to a phone number where that pairing is sourced from third-party contact data does not, on its own, render the displayed pairing "personal information" requiring registration of a database, provided we comply with the safeguards set out in Section 4.3 below.
For users and data subjects in the European Union, the United Kingdom, and other jurisdictions where the GDPR applies, our legal bases are:
We operate the following safeguards, which are essential to the lawful basis described above:
The table below summarizes our processing purposes and the legal bases on which we rely.
| Purpose | Categories of data | Israeli law basis | GDPR legal basis (where applicable) |
|---|---|---|---|
| Operating the Caller ID Directory and identifying callers | Contributed contact lists, phone numbers, names, business profile data | Amendment 13; consent of contributors; legitimate interest | Art. 6(1)(a) consent (uploaders); Art. 6(1)(f) legitimate interests (non-users) |
| Creating and administering your account | Phone number, email, Google or Telegram identifier, profile data | Performance of a contract (Section 17 of the Contracts (General Part) Law) | Art. 6(1)(b) performance of a contract |
| Providing in-call features and call history | Phone state, call log, contacts, push tokens | Performance of a contract; consent (per permission) | Art. 6(1)(b) performance of a contract; Art. 6(1)(a) consent for permissions |
| Detecting and labeling spam and fraud | Call metadata, user reports, call screening events | Legitimate interest in protecting users | Art. 6(1)(f) legitimate interests |
| Showing personalized and non-personalized advertising on the free tier | Advertising ID, device and network information, app events | Consent where required (advertising); legitimate interest for non-personalized ads | Art. 6(1)(a) consent for personalized ads; Art. 6(1)(f) for non-personalized |
| Processing subscriptions and payments | Subscription status, product, transaction identifiers | Performance of a contract | Art. 6(1)(b) performance of a contract |
| Analytics, troubleshooting, and product improvement | App usage events, crash logs, device and network information, session recordings (Clarity) | Legitimate interest; consent for non-essential analytics where required | Art. 6(1)(f) legitimate interests; Art. 6(1)(a) where consent is required |
| Security, abuse prevention, and enforcement of our Terms | Account, usage, network, and device data | Legitimate interest; legal obligation | Art. 6(1)(f) legitimate interests; Art. 6(1)(c) legal obligations |
| Compliance with law and response to legal process | As applicable | Legal obligation | Art. 6(1)(c) legal obligations |
| Corporate transactions (mergers, acquisitions, asset sales) | As applicable | Legitimate interest | Art. 6(1)(f) legitimate interests |
We do not sell personal data to third parties for monetary or other valuable consideration. We do not share personal data with third parties for their own direct-marketing purposes. The third parties listed in Section 8 act as our service providers (processors) under written contracts that restrict their use of the data to providing the relevant service to us.
The Caller ID Directory is, by design, a service where information you contribute can be displayed to other users when they look up a phone number for which you have provided a label, and where information about you, contributed by other users, can be displayed to users searching for your number, subject to the safeguards in Section 4.3. Where you have a profile (including a business profile), the information you publish to that profile may be shown to users who view it.
We use the following service providers to deliver the Service. Each acts as a data processor under a written agreement that restricts their use of data to providing the relevant service to us. Their privacy policies govern their own processing.
| Provider | Purpose | Privacy policy |
|---|---|---|
| Google Firebase (Firestore, Cloud Storage, Cloud Messaging, Analytics, Crashlytics) operated by Google LLC and its affiliates | Cloud database, file storage, push notifications, product analytics, crash reporting | https://firebase.google.com/support/privacy |
| Google AdMob and related Google advertising services operated by Google LLC and its affiliates | Display and measurement of advertising on the free tier | https://policies.google.com/technologies/ads |
| Google Sign-In and Google Identity Services | Authentication using your Google account | https://policies.google.com/privacy |
| Google Play Billing operated by Google LLC | Processing of subscription purchases and renewals | https://policies.google.com/privacy |
| RevenueCat, Inc. | Subscription management and entitlement enforcement | https://www.revenuecat.com/privacy |
| Microsoft Clarity (Microsoft Corporation) | Session recordings, taps and gestures, heatmaps, used to understand and improve the Service. Clarity is configured with masking of input fields where supported. | https://privacy.microsoft.com/privacystatement |
| Telegram (Telegram FZ-LLC) | Where you choose to use Telegram-based one-time-password verification as an alternative to SMS, Telegram delivers our verification code to you and processes the associated message. | https://telegram.org/privacy |
We may also disclose information without your consent where we believe in good faith that disclosure is necessary to (a) comply with a legal obligation, court order, or lawful request from a public authority, (b) enforce our Terms of Service, (c) protect the rights, property, or safety of UltraCaller, our users, or others, or (d) in connection with a corporate transaction such as a merger, acquisition, financing, or sale of all or part of our assets, in which case we will notify you and ensure the recipient is bound by privacy commitments at least equivalent to those in this Policy.
The service providers listed in Section 8 are located in or operate from multiple countries, including the United States and other jurisdictions outside Israel and the European Economic Area. As a result, your data may be transferred to and stored in those countries. Where such transfers involve personal data of EEA, UK, or Swiss data subjects, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) or, where available, adequacy decisions and equivalent mechanisms under UK and Swiss law. You can request a copy of the relevant transfer mechanism by writing to ultracallerapp@gmail.com.
Israeli law permits transfer of personal data abroad subject to the conditions of the Privacy Protection (Transfer of Data to Databases Abroad) Regulations, 5761-2001. Our cross-border transfers are made in compliance with those conditions.
We retain personal data only for as long as necessary for the purposes described in this Policy and to comply with our legal obligations. Specifically:
Subject to applicable law, you may exercise the following rights regarding your personal data:
To exercise any of these rights, write to ultracallerapp@gmail.com. We will respond within the timeframes required by applicable law and in any event without undue delay. We do not charge a fee for these requests except where they are repetitive, excessive, or manifestly unfounded.
If your name appears next to a phone number in the Service because someone else contributed that pairing from their contacts, you have the right to ask us to remove or correct that information, even if you are not a registered user of the Service. You do not need to register an account, and there is no fee. To make such a request, fill in the form at https://ultra-caller.com/opt-out.html or email ultracallerapp@gmail.com. We will verify the request reasonably (typically by confirming control of the phone number) and act on it within the timeframes required by applicable law.
The Service is not directed to children under 18 and we do not knowingly collect personal data from children under 18. If you are a parent or guardian and you believe your child has provided personal data to us, contact ultracallerapp@gmail.com and we will take steps to delete the information.
From time to time we may, with your consent where required by law (including the Israeli Spam Law (סעיף 30א לחוק התקשורת (בזק ושידורים), התשמ"ב-1982)), send you product updates, promotional offers, or news about features that we believe will interest you, by email or push notification. You can opt out at any time by following the unsubscribe instructions in the message, by changing your in-app notification settings, or by writing to ultracallerapp@gmail.com. We do not use the Caller ID Directory for direct marketing and we do not enable third parties to do so.
The mobile application does not use HTTP cookies in the traditional browser sense, but it uses similar technologies, including local storage on your device, mobile advertising identifiers, and SDKs from the providers listed in Section 8, to deliver and measure the Service and its advertising. The website at ultra-caller.com may use a small number of cookies for basic functionality and analytics. Where consent is required, we will request it through an in-app or in-site banner before non-essential technologies are activated.
We apply technical and organizational security measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with the Israeli Privacy Protection (Information Security) Regulations, 5777-2017 (תקנות הגנת הפרטיות (אבטחת מידע), התשע"ז-2017) and good industry practice. These measures include encryption of data in transit, access controls, segregation of environments, periodic review of access privileges, and procedures for the management of security incidents. No system is fully secure, and we cannot guarantee absolute security; in the event of a security incident likely to result in risk to your rights, we will notify you and the competent authorities to the extent required by law.
We may update this Privacy Policy from time to time. If a change is material, we will provide reasonable advance notice (for example, by in-app notice, by email to your registered address, or by updating the "Last updated" date and prominently posting the change). Your continued use of the Service after the effective date of a change constitutes acceptance of the updated Policy.
If you believe that we have not handled your personal data in accordance with applicable law, please first contact us at ultracallerapp@gmail.com so we can try to resolve the matter directly.
You also have the right to file a complaint with the competent supervisory authority. In Israel, this is the Privacy Protection Authority (רשות הגנת הפרטיות) of the Ministry of Justice; information is available at gov.il. In the European Union, you may file a complaint with the supervisory authority of the country where you reside, work, or where the alleged infringement took place. In the United Kingdom, the Information Commissioner's Office (ICO) is the competent authority.
For all privacy-related questions, requests, and complaints: