Privacy Policy
Last updated: May 22, 2026
🔒 TL;DR: We can't read your encrypted messages. We don't sell your data. We don't track you. Your privacy is not a feature — it's our architecture.
1. Information We Collect
Account Information:
- Email address (for authentication and OTP verification)
- Username (chosen by you)
- Invite code (used during registration)
We do NOT collect:
- Phone numbers
- Real names or government IDs
- Location data
- Contact lists
- Device identifiers for tracking
2. Message Data
Normal messages (unencrypted segments) are stored on our servers in plain text to enable features like search and AI assistance. These messages are subject to our standard data retention policies.
Encrypted segments are end-to-end encrypted using NaCl cryptography (Curve25519 + XSalsa20-Poly1305). We store only encrypted blobs (ciphertext) on our servers. We do not possess the decryption keys and cannot read, access, or share the content of encrypted messages under any circumstances.
When you use "Shake to Destroy," encrypted segments are permanently deleted from our servers and all participants' devices. Encryption keys are destroyed. This action is irreversible.
3. Encryption Keys
All encryption keys are generated and stored exclusively on your device, encrypted with your PIN. We never have access to your private keys. If you lose your device and have not backed up your keys, your encrypted messages cannot be recovered — by you or by us.
4. How We Use Your Information
- To create and maintain your account
- To deliver messages to the correct recipients
- To send OTP codes for authentication
- To manage the invite system
- To improve the service (anonymized, aggregated analytics only)
We do not use your data for advertising, profiling, or sale to third parties.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties, except:
- Legal requirements: If compelled by law, we can only provide account metadata (email, registration date). We cannot provide encrypted message content, as we do not have the keys.
- Service providers: Email delivery services (for OTP) and infrastructure providers (hosting, CDN), who process data only as necessary to provide the service.
6. Data Retention
- Normal messages: Stored until you delete them or delete your account.
- Encrypted segments: Stored until wiped (Shake to Destroy, self-destruct timer, or Dead Man's Switch).
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Dead Man's Switch: If enabled and you don't open the app within the configured period, all encrypted data is automatically destroyed.
7. Your Rights
- Access your account information
- Delete your account and all associated data
- Export your unencrypted message history
- Modify your email and username
8. Security
We implement industry-standard security measures including:
- NaCl cryptography for end-to-end encryption (Curve25519 + XSalsa20-Poly1305)
- PIN-encrypted private key storage
- TLS 1.3 for all connections
- Encrypted storage for server-side data
- Anti-censorship infrastructure (CDN masking, domain rotation)
9. Children
SALT is not intended for children under 16. We do not knowingly collect information from children.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes through the app or via email. Your continued use after changes constitutes acceptance.
11. Contact
For privacy questions or concerns:
Email: privacy@onthegrid.space