Last updated: [YYYY-MM-DD]

This Privacy Policy explains how CalmaR (“CalmaR”, “we”, “us”) collects, uses, discloses, and protects information when you use the CalmaR mobile application (the “App”).

CalmaR is a communication and collaboration app based on Element Classic and the Matrix open standard. Depending on how your organization configures CalmaR, your messages and files may be stored and processed by a Matrix homeserver operated by your organization or a third-party service provider.

Data Controller (if we operate the service):

[ShariX LLC] Address: [199155, Russia, St Petersburg, Zheleznovodskaya Str, 32 lit D, p.22-N, office 1-8] Contact email: info@sharix-app.org

If your organization operates the server:

When CalmaR is used with a Matrix homeserver operated by your employer/organization, that organization may be the Data Controller for content and account data processed on its servers. In that case, please also review your organization’s privacy policy and internal rules.

CalmaR may process the following categories of data, depending on how the App is configured and used:

• Username, display name
• Email address and/or phone number (if used for login or account recovery)
• Profile picture/avatar (if set)
• Organization/workspace identifiers (e.g., server, tenant, or workspace ID)

• Messages you send and receive
• Files and media you upload or download (attachments)
• Room / channel membership and room names
• Reactions, edits, read receipts, and similar collaboration signals (if enabled)

• Device and app information (device model, OS version, app version, language)
• Log data needed for troubleshooting (e.g., error logs)
• IP address and approximate network information may be processed by the server you connect to

• Push token(s) needed to deliver notifications (e.g., Apple Push Notification service token)
• Notification settings and delivery metadata

If you enable features that integrate with your device contacts or calendar, the App may process:

• Contact identifiers (names, phone numbers, email addresses)
• Calendar event metadata (titles, times)

These features are optional and depend on your configuration and permissions you grant.

CalmaR supports end-to-end encrypted messaging when enabled by you and/or your organization’s configuration.

If E2EE is enabled: message content is encrypted on your device and can only be decrypted by authorized devices. The homeserver generally cannot read the message content. If E2EE is not enabled: message content may be readable by the homeserver operator and stored on the server according to its configuration.

Important: Even with E2EE, certain metadata (for example: who is communicating with whom, room membership, timestamps, and device identifiers) may still be processed by the homeserver to provide the service.

We use (or the homeserver operator uses) data to:

• Provide and operate the App (login, messaging, file sharing, collaboration features)
• Synchronize messages and settings across your devices
• Deliver push notifications (if enabled)
• Prevent abuse, spam, and fraud; maintain security
• Troubleshoot issues, debug errors, and improve reliability
• Comply with legal obligations where applicable

Depending on your jurisdiction, processing may be based on:

• Performance of a contract (providing the service you request)
• Legitimate interests (security, fraud prevention, service improvement)
• Consent (optional permissions such as contacts/calendar or notifications, where required)
• Legal obligations (compliance requests)

If your organization operates the homeserver, their legal bases may apply; consult their policy.

We do not sell your personal data.

Data may be shared in the following circumstances:

CalmaR connects to a Matrix homeserver. The homeserver operator (your organization or a service provider) processes data necessary to provide the service, including message synchronization and user management.

We may use service providers for:

• Push notification delivery (e.g., Apple Push Notification service)
• Crash reporting or diagnostics (if enabled by your organization)

These providers process data only to provide their services and under appropriate safeguards.

We may disclose information if required by law or to protect rights, safety, and security.

If servers or service providers are located outside your country/region, data may be transferred internationally. Where required, we use appropriate safeguards (for example, contractual protections).

Retention depends on server configuration and organizational policies:

• Message and file retention is typically controlled by the homeserver operator (your organization/service provider).
• Diagnostic logs (if collected) are retained for a limited time necessary for troubleshooting and security.

For exact retention settings, contact your organization or the service operator.

Depending on your location, you may have rights to:

• Access your data
• Correct or update your data
• Delete your account or request deletion (subject to organizational policies and legal requirements)
• Restrict or object to certain processing
• Data portability (where applicable)

How to exercise rights:

If you use CalmaR with an organization-managed server: contact your organization’s administrator or privacy contact.

Otherwise: contact us at [info@sharix-app.org ].

You can also control certain data via device permissions (notifications, contacts, calendar) in iOS Settings.

CalmaR is intended for professional/workplace use and is not directed to children. If you believe a child has provided personal data, contact info@sharix-app.org.

We use administrative, technical, and organizational measures to protect information. No method of transmission or storage is 100% secure; you are responsible for safeguarding your account credentials and device security.

For best security:

• Use a device passcode/biometrics
• Keep iOS and the App updated
• Verify encryption and device verification settings when using E2EE

CalmaR may allow integrations or links to third-party services (depending on your organization’s configuration). Use of such services is governed by their own policies.

We may update this Privacy Policy from time to time. We will update the “Last updated” date above. Material changes may be communicated through the App or via your organization, where applicable.

Privacy questions or requests:

• Email: info@sharix-app.org
• Company: [ShariX LLC]
• Address: [199155, Russia, St Petersburg, Zheleznovodskaya Str, 32 lit D, p.22-N, office 1-8]