Solved.

Privacy Policy

iOS & Android Mobile Application · Effective Date: April 1, 2026 · Version 1.0

your conundrum solved

This Privacy Policy describes how Conundrum Solutions, LLC ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use Solved — our AI-powered CRM mobile application available on iOS and Android. By using Solved, you agree to the practices described in this Policy. Please read it carefully.

Solved is built on a single principle: your sales data is processed on your hardware, under your control. The AI that analyzes your calls, emails, and meetings runs locally on your own machine. We do not operate cloud AI servers that store or process your relationship data.

1. About Solved

Solved is an intelligent, privacy-first contact relationship management (CRM) application designed for sales professionals. Solved automatically captures relationship data — including phone calls, emails, text messages, and meetings — and uses a locally-running AI ("Apache") to help you manage relationships, draft communications, and understand your pipeline.

Solved is operated by Conundrum Solutions, LLC and is intended for individual professional use. Our architecture is designed to keep your data under your control at all times.

2. Information We Collect

2.1 Information You Provide Directly

Account registration details (name, email address)
Contact information you manually enter or import
Notes, tags, and annotations you create within the app
Preferences and settings you configure
Communications you send to Conundrum Solutions support

2.2 Communication Data Automatically Captured

With your explicit permission, Solved captures communication activity to build your relationship timeline. This includes:

Phone call metadata (duration, timestamp, caller/recipient) and call transcripts
Email metadata, content, and thread history from connected email accounts
SMS and iMessage metadata (iOS only, where permitted)
Calendar event titles, attendees, and timestamps
Meeting notes and summaries generated by Apache AI

2.3 Device & Technical Data

Device identifiers (iOS IDFV, Android ID) — never advertising identifiers
Operating system version and device model
App version and crash diagnostics
Push notification tokens
Network connectivity status (not your IP address or precise network)

2.4 Data We Do Not Collect

We do not collect advertising identifiers (IDFA/GAID). We do not sell your data to third parties. We do not run behavioral advertising. We do not collect biometric data. We do not continuously record audio in the background. We do not access your microphone except when you explicitly initiate call recording.

3. Email Access & Gmail Integration

3.1 Scope of Email Access

Solved requests access to your email account(s) to automatically log email communications with your contacts. We use OAuth 2.0 authorization flows — we never store your email password.

Permission	Purpose
Gmail Read Access	Read email headers, subject lines, body content, and attachments to identify communications with CRM contacts and build relationship timelines.
Gmail Send (Optional)	Draft and send emails on your behalf when you approve AI-drafted messages within the app.
Gmail Labels/Folders	Read folder structure to organize synced communications; optionally create Solved-specific labels.
Gmail Metadata	Access timestamps, recipient lists, and thread IDs to reconstruct conversation history.
Email Forwarding Setup	If you enable the forwarding integration, Solved configures a forwarding filter to route copies of designated emails to a secure inbound address for processing. You may revoke this at any time.
Other Email Providers	IMAP/SMTP access with OAuth or app-specific passwords for Outlook, Yahoo Mail, Apple Mail, and other providers. Same data scope applies.

3.2 Gmail OAuth Compliance

Our use of Gmail data complies with Google's API Services User Data Policy, including the Limited Use requirements. Specifically:

We only access Gmail data to provide features directly visible and useful to you within Solved.
We do not use Gmail data to serve advertisements or for any purpose unrelated to providing the Solved application.
We do not allow humans to read your emails except with your explicit permission or as required by law.
We do not transfer Gmail data to third parties except as necessary to provide the Solved service, and never for advertising purposes.
You can revoke Gmail access at any time via your Google Account settings or within the Solved app.

3.3 Email Processing Architecture

Emails fetched from Gmail or other providers are transmitted over an encrypted connection to your designated Solved server — hardware you own and operate. They are then processed by the locally-running Apache AI model. Raw email content is deleted from the processing pipeline within 24 hours of ingestion. Structured summaries (sender, recipient, subject, summary, timestamp) are retained per your retention settings.

If you enable automatic email capture via forwarding, Solved establishes a filter in your email client that forwards copies of relevant emails to a secure inbound processing address. Forwarded emails are processed for contact matching and stored in your account's encrypted data store. Raw email content is deleted from our inbound processing pipeline within 24 hours of ingestion. You may disable forwarding at any time.

4. Phone Call Recording (iOS 18.1+)

📞 Recording telephone conversations may be subject to federal and state laws. You are solely responsible for complying with all applicable recording laws in your jurisdiction before using this feature. In many jurisdictions, including Colorado (a one-party consent state), only one party to a call must consent to recording. In two-party (all-party) consent states and countries, ALL parties must be informed and consent before a call is recorded. Solved does not provide legal advice. Consult an attorney if you are uncertain about your obligations.

4.1 How Call Recording Works in Solved

On iOS 18.1 and later, Apple provides a native call recording capability accessible through the Phone app. Solved integrates with this capability as follows:

Call recordings are initiated and stored by iOS in the Notes application, per Apple's design.
Solved does not directly intercept live audio streams. We do not use VoIP or call interception APIs.
After a call, an iOS Shortcut you install during onboarding automatically sends the transcript to Solved for processing.
Solved transcribes audio locally on your designated local AI server using faster-whisper (a CUDA-accelerated transcription engine). Audio is not transmitted to Conundrum Solutions cloud servers.
Transcripts are processed by Apache AI and the results are returned to your app. Raw audio files are deleted from the processing pipeline immediately after transcription.

4.2 iOS Permissions Required

Permission	Purpose
Microphone Access	Required by iOS for any application that processes audio. Solved only accesses the microphone when you explicitly share a recording — not during background operation.
Contacts Access	To match caller/recipient phone numbers with your CRM contacts for automatic association.
Shortcuts Automation	To enable the iOS Shortcuts integration that automates the workflow after calls complete.
Calendar Access	To read calendar events and correlate meetings with your sales activity.
Notifications	To deliver draft-ready alerts and follow-up reminders.

4.3 Caller Notification Best Practices

Regardless of local law, Conundrum Solutions strongly recommends:

Verbally informing the other party at the start of any call that the call may be recorded.
Obtaining explicit consent from business contacts before recording professional conversations.
Disabling call recording for personal calls unless you are certain of the applicable consent requirements.

5. Android Permissions

Permission	Purpose
READ_CONTACTS / WRITE_CONTACTS	Read and update your Contacts to match communications with CRM records and sync contact details.
READ_CALL_LOG	Read call history to automatically log inbound and outbound calls with matched contacts.
PROCESS_OUTGOING_CALLS	Detect when calls are placed to CRM contacts to initiate automatic call logging.
READ_SMS	Read SMS messages from CRM contacts to include in relationship timeline (optional; user-controlled).
RECEIVE_BOOT_COMPLETED	Restart background sync services when the device reboots so no communications are missed.
CAMERA	Scan business cards to create new contacts (optional feature).
RECORD_AUDIO	Process call audio files you explicitly share with Solved for transcription. Not used for background recording.
FOREGROUND_SERVICE	Run background sync tasks as a visible foreground service per Android requirements.
POST_NOTIFICATIONS	Send reminders, follow-up prompts, and Apache AI suggestions.
USE_BIOMETRIC	Protect access to Solved with Face ID, fingerprint, or device PIN.
INTERNET / ACCESS_NETWORK_STATE	Communicate with your designated Solved AI server over encrypted connections.
SCHEDULE_EXACT_ALARM	Schedule precise reminder and follow-up notifications.

Android call recording capabilities vary by device manufacturer, Android version, and region. Solved supports Android call recording where permitted by the device and applicable law. A persistent notification is displayed whenever Solved is recording audio, as required by Android policy. Audio processing and transcription follow the same local-first architecture described in Section 4. Solved complies with Google Play's Sensitive Permissions policy and Call Recording API guidelines.

6. Apache AI — Local Inference Architecture

Solved's AI assistant, Apache, is designed with a local-first architecture that prioritizes your data privacy. This is a core architectural decision, not merely a feature.

6.1 How Apache Processes Your Data

AI inference runs on your designated local server — your personal RTX-equipped desktop on your local network.
Your relationship data, emails, call transcripts, and notes are transmitted to your server for processing and are never sent to Conundrum Solutions' servers for AI analysis.
Apache uses open-source models served via Ollama or llama.cpp.
Communication between the Solved app and your Apache server occurs over your local network or via Tailscale, encrypted in transit.
If your Apache server is unreachable, AI features degrade gracefully — the app continues to queue communications but AI suggestions are paused until the server is available.

6.2 Vector Memory (ChromaDB)

Apache uses a local ChromaDB vector database to maintain relationship memory across sessions. This database resides exclusively on your local server, is never transmitted to or replicated by Conundrum Solutions, and can be fully deleted by the user at any time via the app's data management settings.

7. Data Storage & Security

7.1 Encryption

What	How
Data in Transit	All communication between the Solved app and your server uses TLS. Tailscale Funnel provides end-to-end encrypted transport for remote access.
Data at Rest (Device)	Sensitive data on your device is encrypted using iOS Data Protection (NSFileProtectionComplete) or Android Keystore-backed AES-256 encryption.
Data at Rest (Server)	Account credentials are stored as bcrypt hashes in a local SQLite database on your server. You control the hardware and its security.
Call Transcripts	Processed on your local server. Raw audio deleted immediately after transcription. Transcript text stored per your retention settings.
Email Content	Raw email content processed locally on your Apache server. Raw content deleted within 24 hours. Structured summaries retained per your settings.
Authentication	JWT tokens with 30-day expiry, signed with a secret key that lives only on your server.

7.2 Data Retention

Active account data is retained for the duration of your subscription plus 30 days following account deletion.
Communication metadata (call logs, email headers) defaults to a 2-year rolling retention window, configurable in Settings.
Call transcripts default to a 1-year retention window, configurable.
Raw email content processed via forwarding is deleted within 24 hours of ingestion.
Crash logs and diagnostics are retained for 90 days.
You may delete any or all of your data at any time via Settings > Data Management > Delete My Data.

7.3 Access Controls

Solved enforces biometric or PIN authentication on app launch (configurable timeout).
API access to your server requires a signed JWT token that expires after 30 days.
No Conundrum Solutions employee has access to your server or the data stored on it.

8. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only as follows:

8.1 Service Providers

We use limited third-party service providers to operate Solved. These providers are contractually bound to handle data only as instructed:

Push notification delivery (Apple APNs, Google FCM, Expo)
Crash analytics — no personally identifiable information in crash reports
Payment processors for subscription billing — we never store your full card number

8.2 Legal Requirements

We may disclose your information if required by law, subpoena, or court order, or to protect the rights, property, or safety of Conundrum Solutions, our users, or the public. We will notify you of such requests to the extent legally permitted.

8.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. You will be notified prior to any such transfer, and the successor will be bound by this Privacy Policy.

8.4 With Your Consent

We may share data for purposes not described here if you provide explicit, informed consent at the time of sharing.

9. Your Privacy Rights

Right	How to Exercise
Right to Access	Request a copy of all personal data Solved holds about you. Export available via Settings > Export My Data.
Right to Correction	Request correction of inaccurate personal data.
Right to Deletion	Request deletion of your account and all associated data. Processed within 30 days.
Right to Portability	Export your CRM data in standard formats (JSON, CSV) at any time.
Right to Restrict Processing	Request that we limit how we process your data in certain circumstances.
Right to Object	Object to processing of your data for specific purposes.
Right to Withdraw Consent	Withdraw any consent you have provided at any time without affecting lawfulness of prior processing.
California (CCPA/CPRA)	California residents have additional rights including the right to know, delete, correct, and opt out of sale. We do not sell personal information.
European (GDPR)	EU/EEA/UK residents have rights under GDPR including the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at privacy@conundrumsolved.tech or visit Settings > Privacy > Submit Privacy Request within the app. We will respond within 30 days.

10. Children's Privacy

Solved is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor has provided us with personal information, please contact us immediately at privacy@conundrumsolved.tech.

11. International Data Transfers

Conundrum Solutions is headquartered in the United States. Because your data is processed on hardware you own and operate, international data transfer obligations are primarily yours to manage in relation to your own infrastructure. Account registration data (email, hashed password) is stored on your server. If you use Solved from outside the United States and contact our support team, that communication may be processed in the United States.

12. Platform Compliance

12.1 Apple App Store

Solved complies with Apple's App Store Review Guidelines and App Privacy requirements. Our App Privacy nutrition label accurately reflects all data types collected and their purposes. We comply with Apple's requirements for apps using Call Recording, Contacts, Calendar, Microphone, and Notifications entitlements.

12.2 Google Play

Solved complies with the Google Play Developer Program Policies and User Data Policy. Our Data Safety section accurately reflects data collection, sharing, and security practices. We comply with Google Play's policy on sensitive permissions including RECORD_AUDIO, READ_CALL_LOG, READ_CONTACTS, and READ_SMS, and provide prominent in-app disclosure for all sensitive data access.

12.3 Google API Services

Solved's use of Google APIs (Gmail, Google Contacts, Google Calendar) is subject to the Google API Services User Data Policy. Our use complies with the Limited Use requirements. We do not use Google user data for advertising and do not allow humans to read Google user data without your explicit consent.

13. Push Notifications & Background Processing

Solved uses push notifications to deliver draft-ready alerts, Apache AI suggestions, and follow-up reminders. You may control notification delivery in your device's system settings. Disabling notifications does not disable data collection but will prevent delivery of alerts.

Background processing (email sync, call log refresh) is performed as a scheduled background task. On iOS, this uses BGTaskScheduler. On Android, this uses WorkManager with a persistent foreground service notification when actively syncing. You may disable background sync in Settings > Sync > Background Refresh.

14. Changes to This Privacy Policy

When we make material changes, we will:

Display a prominent notice in the Solved app for at least 30 days prior to the change taking effect,
Send an email notification to your registered email address,
Update the "Effective Date" at the top of this document, and
Maintain an archive of prior versions accessible at conundrumsolved.tech/privacy/archive.

Your continued use of Solved after the effective date of any changes constitutes your acceptance of the updated Policy.

15. Contact

Conundrum Solutions, LLC — Privacy Team
Email: privacy@conundrumsolved.tech
Website: conundrumsolved.tech/privacy.html
In-App: Settings > Privacy > Contact Privacy Team
Response time: within 5 business days.

your conundrum solved