Effective Date: February 25, 2025
Last Updated: February 25, 2025
This Privacy Policy is issued in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
1. Data Controller
F4JGI
Email: F4JGI.cedric@gmail.com
For any data protection inquiries, you may contact us at the address above.
2. Scope of Application
This Privacy Policy applies to the QSOLink mobile application (“Application”) and any related services, including:
- Svxlink connectivity
- WebSDR integration
- APRS functionality (if enabled)
- Callbook lookups
- License validation (if applicable)
3. Principles of Processing
We process personal data in accordance with GDPR Article 5 principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
QSOLink is designed under a strict data minimization architecture.
4. Categories of Personal Data Processed
4.1 Identification Data
- Callsign (amateur radio identifier)
4.2 Technical Data
- IP address (required for network connectivity)
- Device hash (if license validation applies)
- App version
- Android OS version
- Crash diagnostics (if enabled)
4.3 Configuration Data (Stored Locally)
- Server addresses, Ports, Talkgroups
- Audio settings, PTT configuration, Bluetooth settings
4.4 Location Data (Optional)
If APRS is enabled:
- GPS coordinates
- Maidenhead Locator
This data is transmitted to amateur radio networks and becomes publicly accessible within those systems.
5. Legal Basis for Processing (Article 6 GDPR)
| Purpose | Legal Basis |
|---|---|
| Core application functionality | Article 6(1)(b) – Performance of a contract |
| License validation | Article 6(1)(b) – Contractual necessity |
| Security and fraud prevention | Article 6(1)(f) – Legitimate interest |
| Crash reporting (optional) | Article 6(1)(a) – Consent |
| APRS transmission (optional) | Article 6(1)(a) – Consent |
| Regulatory compliance | Article 6(1)(c) – Legal obligation |
6. Audio Communications
QSOLink processes audio strictly in real time.
- Audio is encoded using Opus.
- Audio is transmitted directly to selected reflector networks.
- No voice recordings are stored, archived, or retained by us.
- No audio analytics or profiling is performed.
7. Data Recipients
Your data may be transmitted to:
7.1 Svxlink Reflector Operators
Independent third-party network operators acting as separate Data Controllers.
7.2 Callbook Services (QRZ.com, HamQTH)
Used for callsign lookup functionality.
7.3 WebSDR Providers
When using the integrated WebSDR viewer.
7.4 Payment Processors
If applicable (Google Play Billing or others).
7.5 Hosting Provider (if license validation backend exists)
For API validation services only.
We do not sell personal data. We do not engage in advertising profiling.
8. International Data Transfers
Data may be transferred outside the European Economic Area (EEA) when:
- Connecting to international reflector networks
- Using WebSDR services hosted abroad
- Using U.S.-based infrastructure providers
Where required, transfers rely on Standard Contractual Clauses (SCCs), Adequacy decisions by the European Commission, and Encryption safeguards.
9. Data Retention
| Data Category | Retention Period |
|---|---|
| Local app configuration | Until user deletion |
| Crash logs | Limited diagnostic period |
| Support communications | Reasonable support duration |
10. Data Security Measures
We implement appropriate technical and organizational measures pursuant to Article 32 GDPR:
- TLS encryption for API communication
- Secure hashing of authentication credentials
- Android sandbox isolation
- Access controls for backend systems
- Minimal data architecture
11. Your Rights Under GDPR
If you are located in the EU/EEA, you have the following rights:
- Right of access, rectification, and erasure.
- Right to restriction of processing and data portability.
- Right to object and right not to be subject to automated decision-making.
To exercise your rights, contact: F4JGI.cedric@gmail.com. We will respond within one month as required by GDPR.
12. Supervisory Authority
If you believe your rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority (DPA) within the European Union.
13. Children’s Data
QSOLink is not directed at children under 13 years of age. We do not knowingly process personal data of minors without appropriate legal basis.
14. Changes to This Policy
Material changes will be communicated via website publication or in-app notification.
15. Acceptance
By using QSOLink, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as described herein.
73 DE F4JGI - END OF TRANSMISSION