Information Not Collected
When you make calls using OSTel, we don't know who you are and there is no way to tie any conversations together after you hang up. During a call we have to tie you together, that's what secure voice and video chat is all about, connecting one person to another.
Because this information could be used to link you to your calls, we do not log (store) it at all. This is a very unusual and rare practice, but we feel it is an important step to protect your privacy. It is unusual for a few reasons:
- Most server software auto-stores this information, so you have to go out of your way not to store it.
- Most businesses want to keep as much information as possible because they don't know when it will be useful.
- Many companies actively use this information, for example to show you more targeted advertising.
We use browser cookies for session data when you log in or sign up for the service. At OSTel, we do not use persistent ID cookies on the site. We use secure session cookies on certain portions of the website and those session cookies expire when you close your browser tab.
When you use OSTel.co (or any VOIP system), the server knows information about your phone and account. This is called registration and it is required for two parties to locate each other to make a call. This information is dynamic and each "user location" expires after 300 seconds unless the client sends another registration request. This registration update is automated and is used for example when your phone changes Internet connections from 3G to Wifi.
Because this information could be used to link you to your calls, we do not log it after clients are no longer registered. In response to efforts by the Electronic Frontier Foundation and others, the major US carriers have been urged to "anonymize" their log data. Recent studies show that even anonymized mobile phone location data produces a GPS fingerprint that can be easily used to identify a user based on little more than tracking the pings a phone makes to cell towers. “Mobility data is among the most sensitive data currently being collected,” the researchers write in their study, published in Scientific Reports.
Carriers can either provide the location information that resides in the cellular network (triangulation of location based on the distance of the cell phone's signal to nearby cellular towers), or they can rely on satellite data from global positioning system (GPS) chips embedded in the handsets of their customers. OSTel is a VOIP system so we do not have access to any of this information.
OSTel uses industry standard security measures to protect the loss, misuse, and alteration of the information under our control. Although we make good faith efforts to store information collected by OSTel in a secure operating environment, we cannot guarantee complete security.
OSTel collects your email address as a way to authenticate you as a new user. Since we don’t track usage activities, this is currently an effective way for us to make sure our users are ‘real’ and not just robots.
Signaling data for calls in progress is negotiated in memory and never saved to disk. User information is minimal, limiting the ability to track who has been speaking with whom. We’re currently exploring other options for ease of sign up and increased anonymity.
Passwords are stored using bcrypt before storage. Usernames and emails are stored in plaintext.
OSTel uses SSL certificates to encrypt all communication between you and our site and turns on HTTPS by default. This prevents a network observer from tracking what your client communicates with our servers in transit. However, someone could still track your IP address, even if we don’t store it. Your web usage on this site is not anonymous unless you’re using an anonymization service like Tor. Due to the design of all VoIP systems, it is not possible to make calls while connected through the Tor network.
If you choose to subscribe to our users mailing list, our free electronic newsletter or any of our other mailing lists, we collect your email address, and, if you choose to provide it, a zip code or country.
If you call our testing number, we may ask for your location, purely for anecdotal evidence of use. Feel free to say no. This service is beta, reports from different parts of the world are extremely helpful.
Sharing your data with others without permission is just plain rude. We will never resell or give the info to anyone. We don’t have your explicit permission and we don’t assume your permission to do it. Your info is safe with us. Since you’re an early adopter of the service, we might use it to ask you to answer some questions or to fill out a survey. Of course, even then you can opt out.
Like anyone else, we will comply with court ordered legal requests. However, in our case, we don't expect any because there is nothing useful to give them since we don't collect any personal information. We will be transparent about any such inquiries (unless we are prohibited).
If this policy is substantively updated, we will update the text of this page and provide notice to you here by writing '(Updated)' in red next to the link to this page (in the footer) for a period of at least 30 days.