Privacy Policy

Last Updated: May 11, 2026

VaultChat is an end-to-end encrypted messaging app (“VaultChat,” “we,” “our,” or “us”). This Privacy Policy explains what information we collect when you use VaultChat, how we use it, who we share it with, and the choices you have.

We designed VaultChat with a simple principle: we should never be able to read your messages. This policy describes the limited information we do collect to keep the service running.

Our Permanent Commitment to End-to-End Encryption

VaultChat’s end-to-end encryption is permanent and non-negotiable.

Auxxilus Media LLC will never:

• Disable, remove, or sunset end-to-end encryption on VaultChat.
• Add backdoors, key escrow, or “exceptional access” mechanisms — for anyone, including law enforcement, intelligence agencies, or any government.
• Weaken the cryptographic protocol or substitute it with a less secure alternative.
• Sell, rent, or otherwise share the contents of your messages, calls, photos, voice notes, or files with advertisers, data brokers, or any third party.
• Read, scan, or analyze any of your content — text, photos, voice notes, videos, files, or call audio — for advertising, profiling, behavioral targeting, AI model training, or any purpose other than delivering messages to your intended recipients and providing the core service. This applies regardless of whether content is end-to-end encrypted or stored on our infrastructure under TLS-only encryption.

Your text messages and photo attachments are end-to-end encrypted on your device, in transit, and at rest on our servers — the encryption keys never leave your device. We cannot read these conversations or view these images, and we have built our infrastructure so that we never will be able to. Voice notes, video attachments, file attachments, and view-once media are encrypted in transit (TLS) and stored on our infrastructure with restricted access; we are extending end-to-end encryption to these remaining media types in upcoming releases. We will update this section as additional categories ship as fully end-to-end encrypted.

If a court order, subpoena, or government request asks us to weaken encryption, install a backdoor, or hand over plaintext message content, we will refuse. The cryptographic design of VaultChat means we literally do not have access to your message content — we cannot produce what we do not have.

This commitment is binding on Auxxilus Media LLC and survives any acquisition, merger, or change of ownership. Any future update to VaultChat that removes or weakens end-to-end encryption would be a violation of this commitment, and users would receive at minimum 90 days’ written notice and the ability to export all their data before any such change.

Your messages are yours. They always will be.

Scope of End-to-End Encryption

VaultChat uses two layers of cryptography:

1. Transport encryption (TLS 1.2+): All data exchanged between your device and our servers travels over encrypted connections. Anyone intercepting traffic on your network or between data centers sees only ciphertext.
2. End-to-end encryption (NaCl box and secretbox): A second, stronger layer where data is encrypted on the sender’s device using cryptographic keys that only the intended recipient’s device(s) can use to decrypt. We — the operators of VaultChat — never possess these keys and cannot decrypt the content, even if we wanted to or were ordered to.

The categories of content that are end-to-end encrypted today:

• Text messages (1:1 and group conversations): NaCl box (Curve25519 + XSalsa20-Poly1305)
• Photo attachments sent in chats: per-attachment NaCl secretbox (XSalsa20-Poly1305) with a fresh random key per photo, with the key transmitted inside the end-to-end encrypted message envelope
• Voice and video calls: established peer-to-peer with WebRTC DTLS-SRTP encryption; call audio and video streams are not relayed through our servers in unencrypted form

The categories that are encrypted in transit but stored on our infrastructure in readable form:

• Voice note attachments (audio recordings sent in chats)
• Video attachments sent in chats
• File attachments (documents, PDFs, etc.)
• View-once media (photos and videos sent with auto-delete)

Storage of these categories is access-controlled: only authorized personnel of Auxxilus Media LLC have administrative access to the storage layer, and we do not access, scan, or analyze your stored media content for advertising, profiling, model training, or any commercial purpose other than delivering the message to your intended recipient. We are actively extending end-to-end encryption to these media types and will update this Privacy Policy as each category ships as fully end-to-end encrypted.

Encrypted backup of message history: If you opt into the optional 90-day (Free) or 1-year (Premium) backup of your chat history, the backup blob is end-to-end encrypted on your device using a key derived from your Vault PIN via PBKDF2-HMAC-SHA512 (100,000 iterations). The encrypted blob is uploaded to our servers; the Vault PIN never leaves your device. If you forget your Vault PIN, the backup is permanently unrecoverable — by design.

1. Information we collect

Information you provide

• Phone number. Required to create an account. We use it to send you a one-time verification code via SMS and to let other users find you when they have your number in their address book.
• Display name and @handle. The name and handle you choose to show to other VaultChat users. You can change either at any time.
• Optional profile information. Any email address, status message, or profile photo you choose to add.
• Contact list (optional). If you grant permission, we use your device’s contact list locally to show which of your contacts are on VaultChat. We do not upload your full contact list to our servers; we only check matches against numbers you choose to message.

Information generated by your use of the service

• Public encryption keys. Your device generates a public/private encryption keypair the first time you sign in. The public key is published to our directory so other users can encrypt messages to you. The private key never leaves your device.
• Encrypted message ciphertext. When you send a message, our server briefly stores its encrypted ciphertext so we can deliver it to the recipient. Because messages are end-to-end encrypted, we cannot read them.
• Push notification tokens. Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) tokens that allow us to deliver call alerts and message notifications to your device.
• Minimal call signaling metadata. When you place or receive a call, our signaling server briefly handles the WebRTC handshake so two devices can connect directly. We do not record calls; their content is end-to-end encrypted between the participating devices.
• Account activity. Sign-in timestamps and the device on which you last signed in. We use this only to surface unusual activity in your account and to expire stale sessions.

Information we do NOT collect

• Message contents, call audio, or call video. These are end-to-end encrypted and unreadable to us.
• Advertising identifiers (currently). VaultChat does not currently integrate any third-party advertising SDK or collect advertising identifiers. If we add advertising to free-tier accounts in the future, we will update this policy and notify users at least 30 days before any advertising SDK is enabled.
• Analytics or behavioral tracking that profiles or sells your data.
• Browsing or web-tracking data. VaultChat is not a browser and does not load third-party trackers.

2. How we use information

We use the limited information we collect to:

• Create your account and verify that you control the phone number you registered.
• Route encrypted messages and call invites to the right recipient.
• Deliver push notifications so calls ring on your device.
• Discover other VaultChat users you already have in your contacts.
• Diagnose service problems and detect abuse, including spam, scams, or unauthorized access.
• Comply with our legal obligations.

We do not sell your personal information. We do not currently serve third-party advertising in any tier of VaultChat. If this changes in the future, we will update this policy and notify users at least 30 days before any advertising SDK is enabled.

3. End-to-end encryption

One-to-one messages, group messages, voice calls, video calls, and all media attachments — photos, videos, voice notes, files, and view-once messages — between VaultChat users are protected by end-to-end encryption (E2E).

For text messages and call signaling, we use the Double Ratchet protocol with X25519 key agreement and XSalsa20-Poly1305 authenticated encryption (via tweetnacl).

For media attachments, each file is encrypted on your device with a fresh per-attachment NaCl secretbox key (XSalsa20-Poly1305) before upload. The key travels inside the E2E-encrypted message envelope alongside the URL — only the participating devices hold the keys needed to decrypt any attachment. Our servers store only ciphertext for both messages and media.

The only auxiliary data not end-to-end encrypted (by design, because the service couldn’t function without it) is:

• Your public encryption key.
• The fact that two accounts have a conversation together, and the time of the most recent message.
• Push notification metadata required to wake your device for incoming messages or calls.

4. When we share information

We share information only in the following circumstances:

Legal and safety

• We may disclose limited account information (such as a phone number associated with an account) in response to a valid legal request from a government authority. We push back on overly broad requests and review every demand for compliance with applicable law.
• We comply with our reporting obligations to the National Center for Missing & Exploited Children (NCMEC) under 18 U.S.C. § 2258A. Because messages are end-to-end encrypted, we do not scan message content; reports are based on user-submitted abuse reports and account-level signals.
• We may share information if we believe in good faith that doing so is necessary to prevent imminent harm, fraud, or illegal activity.

Business transfers

If VaultChat is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and offer choices before any information becomes subject to a different privacy policy.

5. Your rights and choices

• Access and correction. You can view and edit your profile from inside the app at any time.
• Deletion. You can delete your account from within Settings. Account deletion is irreversible.
• Export. You can request a copy of the limited information associated with your account by emailing the address in §13.
• California, EU, UK residents. You may have additional rights under the California Consumer Privacy Act (CCPA), the EU/UK GDPR, or comparable laws — including the right to know what we hold, request deletion, and object to certain processing. Contact us using the information in §13 to exercise these rights.
• Notification controls. You can disable notifications, including incoming-call alerts, in your device’s system settings or VaultChat’s in-app settings.

6. Data Storage & Retention

• Message Content (on-device): Decrypted message text is stored only on your device and kept in a local cache for up to 90 days so you can read past conversations offline. Older entries are automatically pruned.
• Encrypted Server Backup (optional, default-on): When enabled, your last 90 days of messages are encrypted on your device using a key derived from your Vault PIN, then uploaded to our backend so you can restore them after reinstalling or signing in on a new device. We never see the contents — without your Vault PIN, the backup is unreadable to us.
• Backend Infrastructure: Encrypted message metadata, account records, push tokens, and encrypted backups are stored in a PostgreSQL database hosted by Supabase, Inc. (US). Our application server is hosted by Railway Corp. (US). Both providers are contractually bound to process this data only on our instructions.
• Server Logs: Retained for 30 days for security and abuse prevention only.
• Account Data: Retained until you delete your account (see Section 8).

7. Third-Party Services

VaultChat uses the following service providers to deliver the app. None of them have access to your message content.

• Supabase, Inc. — Database and authentication infrastructure. Stores encrypted message metadata, account records, and the encrypted history backup described in Section 6.
• Railway Corp. — Hosting for our application server, which handles real-time message routing and push delivery.
• Twilio Inc. — SMS for account verification codes and security alerts only. Twilio does not have access to your messages.
• Apple Inc. (APNs / App Store) — Push notification delivery on iOS and processing of in-app subscription purchases. Notification payloads never include message content.
• Google LLC (Firebase Cloud Messaging / Google Play Billing) — Push notification delivery on Android via FCM and processing of in-app subscription purchases via Play Billing. Notification payloads never include message content.
• Giphy, Inc. — Optional GIF picker. When you open the GIF picker, your search query (not your messages) is sent to Giphy to return results.
• Sentry (Functional Software, Inc.) — Crash and error reporting. When the app crashes we send anonymized diagnostic data (device model, OS version, stack trace, app version) to help us fix bugs. No message content, contact list, or media is included.

We do not currently use any advertising networks. If we add an advertising network in the future, we will list it in this section before it is enabled and notify users via in-app notice.

8. Account deletion

You can delete your account at any time from within VaultChat’s Settings, or by visiting our account deletion page. When you delete your account, we delete your profile, public key, encrypted server backup, and any pending encrypted messages. Account deletion is irreversible.

9. Security

We use industry-standard cryptographic protocols (X25519 key agreement, XSalsa20-Poly1305 authenticated encryption, and the Double Ratchet) to protect message content end-to-end. Server-stored data is encrypted at rest and accessed only by authorized personnel. No system can guarantee perfect security; if you suspect your account has been compromised, contact us immediately.

10. International users

VaultChat is operated from the United States. If you use VaultChat from outside the United States, your information will be transferred to and processed in the United States. By using VaultChat, you consent to that transfer. We rely on appropriate safeguards for transfers from the European Economic Area, United Kingdom, and Switzerland, including standard contractual clauses where required.

11. Children’s Privacy

VaultChat is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact privacy@vaultchat.co and we will delete the account and any associated data.

We have zero tolerance for the sexual exploitation of children. We comply with U.S. federal law (18 U.S.C. § 2258A) requiring us to report apparent child sexual abuse material to the National Center for Missing & Exploited Children’s CyberTipline. Because VaultChat is end-to-end encrypted, we do not scan the contents of messages or calls; reports are based on user-submitted abuse reports and account-level signals. When we receive a credible report, we preserve the relevant content and account metadata as required by law and forward apparent violations to NCMEC, who in turn coordinate with law enforcement. For more detail, see our Child Safety & CSAM Policy.

12. Changes to This Policy

We may update this Privacy Policy as VaultChat evolves. When we make material changes, we will update the “Last Updated” date at the top of this page and surface an in-app notice the next time you open the app. Continued use of VaultChat after a material update constitutes acceptance of the revised policy.

13. Device Permissions We Request

VaultChat asks for the following device permissions. Each is requested only when you use the feature that needs it, and you can revoke any permission at any time from your device’s system settings.

• Camera — to capture photos and videos for chats and to scan QR codes when adding contacts. Used only when you tap the camera button or open the QR scanner.
• Microphone — to capture audio for voice and video calls and for voice messages. Used only during an active call or voice recording.
• Contacts — to find people you already know who use VaultChat. Your contacts are matched on-device against our directory; we never upload your full address book.
• Notifications — to deliver incoming call alerts and message notifications. Notification content is generic (“New message”); the actual message text is decrypted only after you open the app.
• Photos / Media — to share photos, videos, audio, and documents in chats. Access is granted only to files you explicitly select.
• Location (optional) — only when you tap “Share Location” in a chat. Location is never tracked in the background.
• Face ID / Biometric — to unlock locked chats and the Vault. Biometric data is processed entirely on your device by the OS Secure Enclave; VaultChat never receives or stores it.
• Bluetooth — to route in-call audio to paired Bluetooth headsets during voice and video calls.
• Phone state (Android only) — to bridge incoming VaultChat calls into the Android telecom stack so they appear like normal calls on the lock screen.

14. Contact Us

Questions, requests, or concerns about this policy or your information:

VaultChat
11 Hetton Ct
Glassboro, NJ 08028
United States

Email: privacy@vaultchat.co