Our Privacy Commitment
Company is built on a simple principle: your messages are yours. We use end-to-end encryption so that we literally cannot read your conversations. This privacy policy explains what little data we do handle and how we handle it.
1. What We Cannot Access
Due to end-to-end encryption, we never have access to:
- Message content (text, images, files, voice/video)
- Your encryption private keys
- Decrypted versions of any data you send through Company
Our servers store only encrypted ciphertext. Even if compelled by law enforcement, we cannot produce plaintext message content because we do not possess the decryption keys.
2. What We Do Collect
To operate the Service, we collect minimal data:
- Account information: email address, username, and hashed password
- Connection metadata: IP addresses (retained for [REVIEW: specify retention period]), timestamps of connections
- Encrypted message blobs: stored for delivery, we cannot decrypt these
- Public keys: your public encryption keys, necessary for other users to encrypt messages to you
[REVIEW: verify this list matches actual server implementation]
3. How We Use Your Data
The data we collect is used solely to:
- Operate and maintain the Service
- Deliver encrypted messages between users
- Authenticate your identity
- Prevent abuse and enforce our Acceptable Use Policy
4. What We Will Never Do
- Sell your personal data to third parties
- Show you advertisements
- Build advertising profiles or social graphs
- Share data with data brokers
- Mine your metadata for commercial purposes
- Use your data for AI/ML training
5. Data Storage and Security
Encrypted message data is stored on servers operated by earthservers.net. All data at rest is encrypted. All connections use TLS. [REVIEW: specify server locations and hosting provider]
6. Data Retention
[REVIEW: define retention periods] Account data is retained while your account is active. Encrypted message blobs are retained for message delivery and history. You may request deletion of your account and associated data at any time.
7. Third-Party Services
[REVIEW: list any third-party services — hosting, email, analytics, CDN, etc.] We minimize third-party dependencies. Any third-party service we use is listed here along with what data they may access.
8. Law Enforcement Requests
We will comply with valid legal process. However, due to end-to-end encryption, we can only provide the limited metadata described in Section 2. We cannot provide decrypted message content under any circumstances because we do not have access to it.
We will notify affected users of law enforcement requests unless legally prohibited from doing so. [REVIEW: confirm this aligns with your legal obligations]
9. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and data
- Export your data
[REVIEW: add GDPR/CCPA specific rights if applicable]
10. Children's Privacy
Company is not directed at children under [REVIEW] 13. We do not knowingly collect personal information from children.
11. Changes to This Policy
We will notify users of material changes to this policy via the Service or email. Continued use after changes constitutes acceptance.
12. Contact
Privacy questions? Contact us at [REVIEW: add privacy contact email].