1. Data We Collect

VaultChat operates on a decentralized architecture using the Nostr open protocol. Specifically:

• VaultChat has no registration server. No account is created, no email address is required, no phone number is required.
• VaultChat does not collect device identifiers, IP addresses, or usage analytics.
• VaultChat does not have access to your messages at any point.
• VaultChat does not operate servers that store personal information.

All application data is stored locally on your device in an encrypted format. See Section 2.

2. How Data Is Stored

All application data — messages, contacts, conversation history, and identity keys — is stored exclusively on your device:

• Messages and conversations — stored in a Hive AES-256 encrypted local database. The encryption key is generated at first launch and stored in Android Keystore.
• Private key — stored using flutter_secure_storage backed by Android Keystore (Android) or Secure Enclave (iOS). The key is hardware-protected and is not transmitted.
• PIN — derived using PBKDF2-SHA256 with 210,000 iterations. The raw PIN is never stored.
• Android cloud backup — disabled via allowBackup=false and full data_extraction_rules configuration. Your data cannot be extracted through Google backup services.

3. Encryption & Keys

VaultChat implements the NIP-44 v2 specification for end-to-end message encryption:

• Key exchange: secp256k1 ECDH
• Key derivation: HKDF-SHA256 with a per-message random nonce
• Message encryption: ChaCha20 stream cipher
• Message authentication: HMAC-SHA256
• File encryption: AES-256-GCM
• Identity backup encryption: AES-256-GCM with PBKDF2 key derivation

Your private key never leaves your device. Without your private key, messages cannot be decrypted — including by VaultChat developers.

4. Third-Party Infrastructure

VaultChat relies on the following third-party infrastructure to function:

Nostr relay servers — Messages are routed through independent public relay servers. VaultChat currently connects to: relay.damus.io, nos.lol, relay.nostr.band, relay.primal.net, nostr.wine, and purplepag.es. These are third-party services not operated by VaultChat.

File hosting services — When sending file attachments, files are encrypted AES-256-GCM on your device before upload to third-party file hosting services. These services receive only encrypted binary data and cannot read file contents.

VaultChat does not use advertising networks, analytics platforms, or crash reporting services that transmit personal data to third parties.

5. No Account Required

VaultChat does not require and does not collect:

• Email address
• Phone number
• Real name or any personal identifier
• Payment information
• Government-issued identification

Your identity is a cryptographic keypair generated locally on your device. Your public key serves as your identifier. It was generated mathematically on your device — VaultChat did not assign it and has no record of it.

6. Children's Privacy

VaultChat is not directed to children under the age of 13. We do not knowingly collect personal information from children. Because VaultChat collects no personal information from any user, this principle applies equally to all users regardless of age.

Parents or guardians with concerns may contact us at contact@vaultchat.app.

7. Your Rights (GDPR / Romanian Law)

VaultChat does not collect or store personal data on any server. Most GDPR rights are satisfied by the application's architecture:

• Right of access — All your data is on your device, accessible at any time.
• Right to erasure — Uninstalling the app permanently deletes all local data.
• Right to portability — Use the Backup & Restore feature to export your encrypted identity.
• Right to rectification — Contact names and conversation data can be modified or deleted within the app at any time.

For any privacy-related request, contact us at: contact@vaultchat.app

8. Changes to This Policy

We may update this Privacy Policy as the application evolves. Material changes will be communicated through an update to the date at the top of this page and a notice in the GitHub and release notes.

Continued use of the application after a policy update constitutes acceptance of the revised policy.

10. Files & Traces on Device

VaultChat is designed to leave no automatic traces of files or messages on your device. However, users should understand the following distinctions:

What VaultChat does NOT do automatically:

• Save received images to your photo gallery
• Save received PDF or document files to device storage
• Create file thumbnails or previews in system folders
• Leave file metadata in device indexes

What remains outside VaultChat control:

• Screenshots — If a user takes a screenshot of a received file or message, the resulting image is saved to the device gallery by the operating system. VaultChat cannot prevent this.
• Screen recording — If the device screen is being recorded, content displayed on screen may be captured.
• Manual sharing — If a user explicitly shares a received file to another application, the file exits VaultChat's control at that point.
• Temporary system cache — The Android operating system may create temporary cache files during file rendering. These are managed by the OS, not by VaultChat, and are typically cleared automatically.

When a conversation is deleted:

• All message records are removed from the encrypted local database
• All file references and download links are removed
• Files previously stored on third-party hosting expire and become inaccessible
• No file content remains in VaultChat storage on either device

The deletion is synchronized to both devices simultaneously. After deletion, the files cannot be recovered through VaultChat.

9. Contact

For privacy-related questions, data requests, or concerns:

• Email: contact@vaultchat.app
• GitHub: github.com/blejusca/VaultChat
• GitHub Releases: github.com/blejusca/VaultChat/releases

We aim to respond to all privacy-related enquiries within 72 hours.