Privacy Policy

Last updated: March 31, 2025

1. Introduction

At PrivMsg, we prioritize your privacy and security above all else. This Privacy Policy outlines our approach to data collection and protection when you use our secure messaging service.

Our philosophy is simple: we only collect the absolute minimum data required for the service to function.

2. Data We Collect

Based on our database structure, we collect and store only:

  • Username: We do not require your real name, email address, or other personal details
  • Public key: Your public encryption key is stored to enable other users to send you encrypted messages
  • Encrypted messages: Messages are stored in encrypted form - we cannot read their contents
  • Message metadata: Limited to sender ID, recipient ID, timestamp, and read status
  • Session data: Basic information required for authentication (IP address, user agent)

What we do NOT collect or store:

  • Private encryption keys
  • Unencrypted message content
  • Your real name, email address, or contact information
  • Your location data (beyond IP address for session authentication)
  • Device information (beyond user agent for session authentication)
  • Any other personal identifying information

3. End-to-End Encryption

Our service employs 2048-bit RSA encryption for all messages. This means:

  • Messages are encrypted on your device before transmission
  • Only the intended recipient can decrypt messages
  • Your private key never leaves your device
  • We have no technical ability to decrypt your messages

4. How We Use Your Data

The limited data we collect is used exclusively for:

  • Authenticating your identity to the service
  • Facilitating message delivery between users
  • Maintaining basic service functionality

We do not analyze your data for marketing purposes, sell your information to third parties, or build behavioral profiles.

5. Data Retention

Messages are stored until you choose to delete them. If you delete your account, all your messages and account information will be permanently removed from our systems.

6. Legal Compliance

While we are committed to user privacy, we will comply with valid legal requests from authorities. However:

  • We can only provide the limited data we actually possess
  • Due to our technical design, we cannot access message content
  • We collect minimal identifying information about our users

If legally compelled, we will provide information to appropriate legal organizations, though this will be limited to what we actually have access to.

7. Security Measures

We employ industry-standard security measures to protect our systems and your data, including:

  • 2048-bit RSA encryption for messages
  • Secure password hashing
  • Regular security audits and updates
  • Protection against common web vulnerabilities

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify users of any changes by posting the new policy with an updated revision date.

Your continued use of the service after changes to the Privacy Policy constitutes acceptance of those changes.

9. User Rights

You have the right to:

  • Access the data we hold about you
  • Delete your account and associated data
  • Export your data (though this is limited to your public key as we cannot decrypt your messages)

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at [email protected].