Privacy Policy

Effective date: 30 May 2026.
Last updated: 30 May 2026.

This policy explains what data Red Mutex and its group companies collect, why we collect it, how long we keep it, who we share it with, and the rights you have over it. It is written in plain English; the per-product detail is the part that actually matters, so read those sections for the product you use.

1. Who we are

Red Mutex is an operator-led group company. References to "Red Mutex", "we", "us", or "our" in this policy mean the relevant Red Mutex entity that provides the service you are using:

Red Mutex — parent group, operator of redmutex.com, Dingdong.tel, EyeDSafe, ShootInvoice, the "Ding Dong: Soft Encrypt" Android app, and our consulting and software services.
Payments Central — fintech subsidiary, operator of paymentscentral.com and PCPS.
RiteCloud — infrastructure department of Red Mutex, operator of riteclouds.com.

If you are unsure which entity holds your data, reach out at privacy@redmutex.com and we will tell you.

2. Scope

This policy covers our public websites (redmutex.com, dingdong.tel, eyedsafe.com, shootinvoice.com, paymentscentral.com, riteclouds.com), our hosted product APIs, and the "Ding Dong: Soft Encrypt" Android application (package tel.dingdong.app) on Google Play and Huawei AppGallery.

3. Data we collect, by product

3.1 "Ding Dong: Soft Encrypt" Android app (`tel.dingdong.app`)

The Ding Dong app provides reversible text encoding ("soft encryption") on Android. The flow is: you select text in any app, choose "Encrypt" or "Decrypt with Ding Dong", and the result is returned to your clipboard or the original field.

What is sent to our server: the literal text you selected for encoding or decoding. It is sent over HTTPS to our conversion endpoint and is required for the conversion to happen. The text is processed in memory and is not persisted to disk after the request completes.
What we log about each request: the source IP address, the direction (encrypt or decrypt), the request timestamp, and the response status. This log is used solely for rate-limiting, abuse prevention, and uptime monitoring. Retention: 30 days, after which it is permanently deleted.
What we do NOT collect: no account, no email, no phone number, no advertising ID, no Android ID, no device fingerprint, no contact list, no clipboard contents beyond the text you explicitly submit for conversion, no message history, no analytics SDK, no third-party trackers, no crash reporting that includes message content.
Permissions used: Internet access (to reach the conversion endpoint). The optional Ding Dong Keyboard uses Android's Input Method Framework — all keystrokes you make on that keyboard remain on the device and are only sent to our server if you explicitly tap Encrypt or Decrypt. We do not log keystrokes.
Children: the app is not directed to children under 13 and is rated for general audiences. Do not use it to send the content of others' messages without their consent.

3.2 Dingdong.tel — phone numbers, calls, voice infrastructure

Dingdong.tel provides business phone numbers, call routing, voicemail-to-email, and call-to-text transcripts.

Account data: name, email, billing address, phone number, payment instrument details (held by our payment processor, not by us).
Call metadata: from/to numbers, duration, time, routing decision, billing rate. Retained for the duration of your account plus 7 years for accounting purposes.
Call recordings and voicemails: stored only if you enable recording or voicemail. You control retention from the dashboard. Default retention if you do not change it: 90 days for recordings, indefinite for voicemails until you delete them.
Call transcripts: generated on demand when you enable call-to-text. Stored alongside the corresponding recording.

3.3 EyeDSafe

Account email and password hash for sign-in.
Usage and configuration data needed to provide the service.
No advertising trackers.

3.4 ShootInvoice

Account data (name, business name, email).
Invoice content you create (line items, client details, totals).
Payment processor metadata when you accept payments through an invoice.

3.5 Payments Central & PCPS

Operated by our fintech subsidiary. Payment data is subject to PCI-DSS controls and the Payments Central privacy policy, which takes precedence for those services.

3.6 RiteCloud

Operated by our infrastructure department. Customer database contents are processed on your behalf as your data processor. Account and billing data is handled under this policy.

3.7 redmutex.com and other marketing websites

Standard server access logs (IP, user agent, requested path, response code, timestamp). Retention: 30 days.
Contact-form submissions (name, email, optional company, message). Retained in our CRM until you ask us to delete it.
No third-party analytics, no advertising pixels, no remarketing cookies.

4. Cookies and similar technologies

Our public marketing websites do not set tracking cookies. We may use a strictly necessary session cookie inside product dashboards (after login) to keep you signed in. No cross-site tracking, no advertising cookies, no fingerprinting.

5. How we use your data

To provide the service you signed up for.
To prevent abuse, fraud, and denial-of-service attacks.
To bill you, if you are a paying customer.
To respond to your support requests.
To comply with legal obligations (tax, regulatory reporting).

We do not sell your data, rent it to advertisers, or use it to train models that are sold to third parties.

6. Sharing with third parties

We share data only with:

Infrastructure providers we use to run the service (hosting, email delivery, DNS, observability). These act as data processors and are bound by data processing agreements.
Payment processors, for billing.
Legal authorities, when we are legally compelled, and only for the narrowest data required by the order. We will notify affected users where the order does not prohibit notice.

We do not share data with advertising networks. We do not run ads.

7. Retention

The retention period for each data category is listed in the per-product section above. Where local law requires longer retention (for example, financial records), we retain the minimum required by that law.

8. International transfers

Our infrastructure is primarily in the European Union and the United Arab Emirates. Where data leaves your jurisdiction, we use Standard Contractual Clauses or an equivalent legal mechanism.

9. Your rights

Regardless of where you live, you can ask us to:

Tell you what data we hold about you (access).
Correct data that is inaccurate.
Delete your data (right to erasure). For some categories — for example, billing records — we may keep the minimum required by law.
Export your data in a portable format.
Withdraw any consent you previously gave.
Object to processing on legitimate-interest grounds.
Complain to your local data protection authority.

To exercise any of these rights, email privacy@redmutex.com. We respond within 30 days.

10. Security

We use TLS in transit for all production endpoints, AES-256 at rest for stored content (where applicable), least-privilege access controls, and a documented incident response process. No system is perfectly secure, and we will tell affected users without undue delay if we discover a breach that materially affects their data.

11. Children

Our services are not directed to children under 13 (under 16 in the EEA where local law applies). We do not knowingly collect personal data from such children. If you believe a child has provided data to us, email privacy@redmutex.com and we will delete it.

12. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects on you.

13. Changes to this policy

We will update this policy when the underlying practices change. Material changes are announced on this page and, where you have an account, by email. The "Last updated" date at the top reflects the most recent revision.

14. Contact

Privacy questions and requests: privacy@redmutex.com.
General contact: redmutex.com/contact.
Postal: mailing address available on request via privacy@redmutex.com.