TrustCase is an application of F24 AG, a messenger for secure corporate communication (end-to-end encrypted).


Responsible body

F24 AG
Ridlerstraße 57
80339 München
Phone +49 89 2323638-0
e-mail info@24.com
www.f24.comwww.fact24.com

Processing of user data by TrustCase

Registration and usage data

When creating a user account in the app, TrustCase collects personal data, the so-called « registration data ». TrustCase uses the data to implement the TrustCase service.

In addition to the registration data, TrustCase automatically collects further participant data via the app in connection with the use of the app. Without the participant being informed separately or having to actively participate in this. This collection includes data, the so-called « usage data ». We use your usage data to enable and improve the use of the app and to ensure the security and stability of the application. After expiry of a storage period of 7 days, the usage data is automatically deleted.


Recipients of data/ data categories

Within our company, we ensure that only those who absolutely need your data to fulfil their contractual and legal obligations receive it.


Data protection

We guarantee that we have taken all necessary technical and organisational precautions to protect your data from unauthorised access and misuse. Our security levels are continuously monitored in collaboration with security experts, and updated to incorporate new security standards. TrustCase encrypts your data before it leaves your device and uses asymmetric end-to-end encryption for all messages, data and tasks. Even the metadata about whom you are communicating with is protected. Your messages and data can only be decrypted by the trusted recipient’s device. It cannot be read while in transit. Not even by us.

Security is not only a question of encryption for us but also one of the location of our servers. That´s why we have chosen Germany as location for our servers which are subject to the strict German Data Protection laws.

All information transferred to TrustCase over the Internet is additionally SSL encrypted. Our systems are protected by continuously updated virus scanners and firewalls. Compliance with applicable data protection regulations is integral to the way we work.

In Detail

The TrustCase server is used to transmit messages and data. Temporary storage of the data on the servers is necessary during the period required to transmit the message. External interception of data during transmission is futile because all messages and media are end-to-end encrypted and can thus only be decrypted by the recipient with the appropriate key.

No data in plain text format is stored. Telephone numbers are stored in anonymised (hashed) form, while content, profile names and profile images are exclusively stored in encrypted form. The keys are not known to TrustCase.

Contacts are managed individually on users’ own personal devices. When TrustCase contacts are synchronised with a smartphone’s contact list, this data is transmitted in anonymised form to the TrustCase servers and subsequently deleted.

Each user ID is assigned a pair of keys (private and public key; see FAQ “What’s the user ID for?”). The keys are generated locally on individual devices, so that the private keys – the counterparts essential for encryption – are not known to TrustCase.

The user IDs and public keys generated by TrustCase itself are not encrypted as they are used for the actual end-to-end encrypted message exchange.


Functions

The “Share location” function in the TrustCase app settings is only activated in connection with FACT24 Notification, Alerting and Crisis Management Service (editions FACT24 premium and FACT24 ultimate PLUS). FACT24 users only receive this specific alert when a location-based alarm is in progress and the “Share location” function is activated. If the function is activated in the app but no location-based alarms are currently in use, nothing will happen.


Managing access in the app

The TrustCase app offers the option of denying all forms of access from the beginning, or of withdrawing or limiting access subsequently. 


a) Contacts

Access to contacts in a contact list can be denied if not desired. In this case, no matching contacts from the user’s contact list will be displayed. 

Users can add contacts manually by scanning the QR code of other TrustCase users, who then scan the user’s code in return.

FACT24 TrustBroker can also be used to add contacts to the TrustCase app.


b) Location

Users can share their own location if desired, irrespective of the “Share location” function (for FACT24) in the TrustCase app settings. If users have allowed location access from their first use of the app or subsequently changed their smartphone settings to allow access, they can share their current location by tapping the “Location” symbol in the message field.


c) Photos

Access to photos must be allowed to select photos from the gallery and send them using TrustCase.


d) Camera

Access to the camera is essential for taking and sending photos directly in the app.


e) Microphone

Access to the microphone is essential for recording and sending voice messages.


f) Memory (Android)

Permission is requested before photos, files etc. received from TrustCase can be saved on a device.


Changes to the above TrustCase authorisations on an iOS device can be made as follows: Settings -> TrustCase

Access management in Android can be found under: Settings -> Apps & Messages -> App Authorisations


If saving biometric identifiers on a smartphone is not desired, iOS allows a QR code to be generated without the need to save a fingerprint. Although a brief message prompts the user to touch the sensor, the process continues without requiring this action. Android devices, which use touch ID less frequently, display the QR code directly.

Your rights as a data subject

As a data subject, you have the right to information, deletion, correction, data transferability, restriction of processing and objection. Please feel free to contact our data protection officer at any time. They may also have a right of appeal to a data protection supervisory authority. We do not make purely automated decisions to bring about a decision that affects a person.


Data protection officer

If required, you can also contact our data protection officer directly, who will be happy to answer your questions: dataprotection@trustcase.com

F24 AG
Ridlerstraße 57
80339 Munich
Germany

Phone: +49 89 23236380
e-mail: dataprotection@trustcase.com