Indirect End User Phone Contact Information (Personal Identifiable Information)

KCTC acts as a data processor with regard to indirect end user personal identifiable information and our Clients act as the data controller of such data. In the course of processing and protection of such data, all use will be in conformity with the data controller’s instructions.

Specifically, only when enabled via system permission on KCTC Mobile Android and KCTC Mobile iOS, KCTC shows personal contacts within the respective application. When the user sends an SMS message to one of his/her phone contacts, or when the user initiates a call to one of his/her phone contacts, the phone number is sent securely through KCTC API. KCTC does not store this number with any other PII, and it cannot be directly or indirectly attributed to any person or persons; KCTC stores only the phone number and pertinent metadata so as to be compliant with all applicable state and federal laws, and KCTC does not share this data with any advertisers or third parties under any circumstances. A user can revoke phone contact access on his/her mobile device at any time, and his/her app experience is not hindered or interrupted.

KCTC Mobile Android and iOS also uses Gravatar, only when enabled via Settings and UI Configs, which is a service that provides avatar images linked to the MD5 hash of the user’s email address. This means that, only when Gravatar use is enabled, we hash each contact’s email address and send it to Gravatar to try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly attributed to any person or persons, and we only send the MD5 hash to Gravatar, never the email address in plain text. As with phone contacts, a user can revoke Gravatar access at any time in Settings or via UI Config, and his/her app experience is not hindered or interrupted.