Privacy Policy

Last updated: May 22, 2026

🔒 TL;DR: We can't read your encrypted messages. We don't sell your data. We don't track you. Your privacy is not a feature — it's our architecture.

1. Information We Collect

Account Information:

Username (chosen by you)

We do NOT collect:

Phone numbers
Real names or government IDs
Location data
Contact lists
Device identifiers for tracking

2. Message Data

Normal messages (unencrypted segments) are stored on our servers in plain text to enable features like search and AI assistance. These messages are subject to our standard data retention policies.

Encrypted segments are end-to-end encrypted using NaCl cryptography (Curve25519 + XSalsa20-Poly1305). We store only encrypted blobs (ciphertext) on our servers. We do not possess the decryption keys and cannot read, access, or share the content of encrypted messages under any circumstances.

When you use "Shake to Destroy," encrypted segments are permanently deleted from our servers and all participants' devices. Encryption keys are destroyed. This action is irreversible.

3. Encryption Keys

All encryption keys are generated and stored exclusively on your device, encrypted with your PIN. We never have access to your private keys. If you lose your device and have not backed up your keys, your encrypted messages cannot be recovered — by you or by us.

4. How We Use Your Information

To create and maintain your account
To deliver messages to the correct recipients
To improve the service (anonymized, aggregated analytics only)

We do not use your data for advertising, profiling, or sale to third parties.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

Legal requirements: If compelled by law, we can only provide account metadata (registration date, if applicable). We cannot provide encrypted message content, as we do not have the keys.
Service providers: Infrastructure providers (hosting, CDN), who process data only as necessary to provide the service.

6. Data Retention

Normal messages: Stored until you delete them or delete your account.
Encrypted segments: Stored until wiped (Shake to Destroy, self-destruct timer, or Dead Man's Switch).
Account data: Retained while your account is active. Deleted within 30 days of account deletion.
Dead Man's Switch: If enabled and you don't open the app within the configured period, all encrypted data is automatically destroyed.

7. Your Rights

Access your account information
Delete your account and all associated data
Export your unencrypted message history
Modify your username

8. Security

We implement industry-standard security measures including:

NaCl cryptography for end-to-end encryption (Curve25519 + XSalsa20-Poly1305)
PIN-encrypted private key storage
TLS 1.3 for all connections
Encrypted storage for server-side data
Anti-censorship infrastructure (CDN masking, domain rotation)

9. Children

RESALT_ is not intended for children under 16. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app. Your continued use after changes constitutes acceptance.

11. Contact

For privacy questions or concerns:

Email: [email protected]