← Back to home

VaultChat Privacy Policy

Effective Date: April 10, 2026 · Last Updated: April 17, 2026

1. Our Privacy Commitment

VaultChat is built on a foundation of privacy-first design. We believe your conversations are yours alone. We do not read, sell, or share your messages with anyone — ever. Our architecture is designed so that we technically cannot access your message content even if we wanted to.

2. End-to-End Encryption

All messages sent through VaultChat are protected by end-to-end encryption using the Signal Protocol. This means:
  • Messages are encrypted on your device before transmission.
  • Only you and your recipient can read messages.
  • Even VaultChat servers cannot decrypt your messages.
  • Encryption keys are stored only on your device.

3. Notification and Security

Unlike other messaging apps, VaultChat never includes message content in push notifications. This directly counters known iOS notification storage vulnerabilities that allow message extraction from device logs. Our notifications only say "New message received" — the actual content is only accessible after biometric authentication within the app.

4. Information We Collect

We collect the minimum information necessary to provide our secure services:
  • Phone Number: Required for account verification and SMS service delivery.
  • Vault Handle: Your chosen username.
  • Profile Information: Name, bio, or photo you voluntarily provide.
  • Message Metadata: Timestamps and delivery status.

5. SMS & Mobile Privacy (Carrier Compliance)

VaultChat uses SMS via Twilio solely for account verification, security alerts, and sending secure download links for the app.
  • No Sharing of Mobile Information: Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes.
  • Opt-In Data Exclusion: All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

6. Data Storage & Retention

  • Message Content: Stored only on your device. We use Supabase for secure cloud infrastructure for metadata delivery.
  • Backups: Encrypted with your personal PIN before leaving your device.
  • Retention: Messages are deleted when you delete them. Server logs are retained for 30 days for security purposes only. Account data is retained until you delete your account.

7. Third-Party Services

VaultChat uses the following third-party services to function:
  • Twilio: For SMS verification codes only. Twilio does not have access to your messages.
  • Supabase: For secure cloud database infrastructure.
  • Apple/Google: For push notification delivery (content is never included).

Note: We do not use any advertising networks or analytics trackers.

8. Your Rights & Opt-Out

You have the right to access, delete, or export your data at any time.
  • SMS Opt-Out: You can cancel the SMS service at any time by texting "STOP" to our number.
  • Assistance: Text "HELP" for more info or contact privacy@vaultchat.co.

9. Biometric Data

Face ID and Touch ID authentication is processed entirely on your device by Apple's Secure Enclave. VaultChat never receives, stores, or transmits your biometric data.

10. Contact Us

For privacy-related questions or concerns:
  • Email: privacy@vaultchat.co
  • Website: vaultchat.co
  • Address: 104 S 20th St, Philadelphia, PA 19103