Privacy Policy

We collect minimal information necessary to provide our service. This includes only the encrypted message content (which we cannot decrypt), temporary metadata for delivery purposes, and basic technical information like browser type for security purposes. We do not collect personal information, IP addresses, or any identifying data that could be linked back to you.

The limited data we collect is used solely to deliver your secure messages and maintain system security. Encrypted messages are stored temporarily only until they are read and automatically deleted. Technical data helps us prevent abuse and maintain service quality. We never use your data for marketing, analytics, or any purpose beyond secure message delivery.

All message data is encrypted using AES-256 encryption before storage on our secure servers. Messages are stored only until they are read once or expire, after which they are permanently deleted using cryptographic deletion methods. Our servers are located in secure facilities with multiple layers of physical and digital protection, and we maintain strict access controls.

You have the right to know what data we collect, though due to our zero-knowledge architecture, we cannot identify which data belongs to which user. You can request information about our data practices, and since messages auto-delete, there is typically no personal data to delete or modify. You can stop using our service at any time without any data retention concerns.

We use minimal third-party services, primarily for infrastructure and security monitoring. These services are carefully vetted and bound by strict data protection agreements. We do not share your data with advertisers, marketers, or any non-essential third parties. Our hosting providers have been selected based on their strong privacy and security commitments.

We implement multiple layers of security including end-to-end encryption, secure server infrastructure, regular security audits, and penetration testing. Our team follows security best practices, and we maintain incident response procedures. All data transmission occurs over encrypted connections, and our systems are monitored 24/7 for security threats.

Our service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. Parents who believe their child has provided information to us should contact us immediately.

We may update this privacy policy to reflect changes in our practices or applicable laws. When we make significant changes, we will notify users through our website and provide the updated policy with a new effective date. We encourage you to review this policy periodically to stay informed about how we protect your privacy.