Messagram

Privacy Policy

Last Updated: February 18, 2026

This Privacy Policy describes how Messagram processes personal data in accordance with the EU General Data Protection Regulation (GDPR / DSGVO), the German Federal Data Protection Act (BDSG), and applicable German telecommunications and digital-services privacy rules.

1) Controller (Art. 4(7), 13 GDPR)

Code Hospital
Messagram (Android app and website)
Email: privacy@messagram.org
Support: support@messagram.org

Data Protection Officer (if appointed): Please add name and contact details here if your organization is required to appoint a DPO under Art. 37 GDPR and Section 38 BDSG.

Important: Please add your full legal postal address here before publishing this policy. Under Art. 13 GDPR and German transparency duties, users must be able to identify and contact the controller by full legal identity and address.

2) Scope

This policy applies to:

• The Messagram Android app (org.messagram.app)
• The website at www.messagram.org

3) Categories of personal data we process

• SMS data: sender number, sender display name (if available), message text, SIM context.
• Call event data: missed-call details and caller number/name for forwarding.
• Contacts data (optional permission): name lookup for better readability.
• Phone/SIM data (optional permission): SIM slot, subscription context, phone-state context.
• Connection data: connection code, Telegram-linked identifiers, connection status, local message history and status.
• Technical/diagnostic data: app version, Android version, device model/manufacturer, crash and error diagnostics.
• Website access data: server log data (for example IP address, timestamp, user agent, requested URL) where processed by hosting infrastructure.

4) Purposes and legal bases (Art. 6 GDPR)

• Provide core service (SMS/call forwarding to Telegram): Art. 6(1)(b) GDPR (performance of contract / user-requested service).
• Optional contact names and SIM identification features: Art. 6(1)(a) GDPR (consent via Android runtime permissions; revocable at any time in Android settings).
• Security, anti-abuse, reliability, troubleshooting: Art. 6(1)(f) GDPR (legitimate interests in secure and stable operation).
• Legal compliance duties (if applicable): Art. 6(1)(c) GDPR.

5) Android permissions used by the app

• RECEIVE_SMS (required): to detect incoming SMS for forwarding.
• READ_CALL_LOG (required for missed-call notifications): to detect/report missed calls.
• READ_CONTACTS (optional): to display contact names instead of raw numbers.
• READ_PHONE_NUMBERS / READ_PHONE_STATE (optional): to improve SIM attribution, especially on dual-SIM devices.

If required permissions are denied, related features cannot function. Optional permissions can be skipped without blocking the core app setup.

6) Recipients and processors

• Telegram: forwarded content is delivered to your Telegram account/channel according to your setup. Telegram acts as an independent controller for data processed in Telegram.
• Backend/API infrastructure: used to validate and manage app-to-Telegram connection state and service operations.
• Error monitoring providers: crash and diagnostic events may be processed to keep the app stable.
• Google services used by app components: Firebase Installation identifiers, Google App Set ID, and Google Play services where technically required.
• Authorities/law enforcement: only where legally required.

We do not sell personal data.

7) International data transfers (Chapter V GDPR)

Some recipients may be located outside the EU/EEA. Where required, transfers are based on one or more of the following mechanisms:

• EU adequacy decisions (Art. 45 GDPR), where available
• Standard Contractual Clauses (Art. 46 GDPR), where applicable
• Derogations for user-requested transfers (Art. 49 GDPR), where strictly necessary for the service you requested

For US transfers, safeguards may include participation in the EU-US Data Privacy Framework where a provider is certified.

8) Storage periods

• Local app database: message/call forwarding records remain on your device until deleted by app logic, app data reset, or uninstall.
• Connection and service metadata: retained only as long as needed for active service operation, abuse prevention, and legal obligations.
• Diagnostics/log data: retained for the minimum period needed for security and debugging.

Where exact retention periods cannot be fixed in advance, we use necessity, data minimization, and legal retention criteria.

9) Your rights under GDPR

You can exercise your rights at any time by emailing privacy@messagram.org. Subject to legal conditions, you have the right to:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)
• Withdraw consent at any time (Art. 7(3) GDPR), without affecting prior lawful processing

10) Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority in the EU/EEA, especially in your habitual residence, place of work, or place of the alleged infringement.

For most private organizations in Germany, the competent authority is usually the data protection authority of the relevant German federal state (Land). Guidance on competent authority selection is available via the BfDI information pages: German supervisory authorities overview.

11) Automated decision-making

We do not use automated decision-making, including profiling, that produces legal or similarly significant effects under Art. 22 GDPR.

12) Children

Messagram is not intended for children. We do not knowingly process children's data for independent marketing purposes.

13) Website cookies and similar technologies

The website currently uses only basic functionality scripts and does not intentionally set non-essential tracking cookies through first-party code. If this changes, a consent mechanism and updated cookie information will be provided in line with GDPR and German law.

14) Security measures

We apply technical and organizational measures to protect confidentiality, integrity, and availability of personal data. No internet transmission or storage method is absolutely secure, but we continuously improve safeguards.

15) Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The "Last Updated" date will always show the latest revision date.

16) Contact

For privacy requests, objections, or questions:

Email: privacy@messagram.org
Website: www.messagram.org

17) Key legal references

• GDPR (Regulation (EU) 2016/679)
• German Federal Data Protection Act (BDSG)
• EU-US Data Privacy Framework adequacy decision (where applicable)