Privacy Policy

Last Updated: November 5, 2025

Our Philosophy

Chatit is built on the principle of "private-by-design". We are a "zero-knowledge" platform, meaning we are architected to have no access to your message content. Privacy isn't an option; it's the foundation upon which this application is built.

Our messaging application uses state-of-the-art end-to-end encryption (E2EE). Your messages are encrypted on your device and can only be decrypted by your intended recipient. Neither we, nor anyone else, can read these messages.

This same end-to-end encryption (E2EE) principle applies to our Audio and Video Calls. The call's media stream is encrypted directly between you and the person you're calling. Your private conversations remain private, always.

What Information We Collect (And Why)

We collect the absolute minimum information required for the app to function. We never ask for your real name, email address, or phone number.

1. Information Stored on Our Servers

  • Account Data: When you create an identity, we store your `userId` (a random identifier) and your `publicKey` (your public signing key) on our server. We need your public key to verify the authenticity of messages you send (to prevent spam or identity spoofing).
  • Nickname (Optional): If you choose to set a public "nickname", it will be stored on our server and visible to other users you contact.
  • Push Notification Tokens: To notify you when you receive a new message and the app is closed, we store a `pushToken` provided by Google (Firebase Cloud Messaging) or Apple (APN). This token is anonymous and is not linked to your personal identity, only to your app installation on your device.
  • Pending Messages: If you send a message to a user who is offline, our server will temporarily store that message in its encrypted form. The message is deleted from the server immediately after the user comes online and the message is delivered. We can never read these messages.
  • Call Signaling: Our server relays temporary, encrypted connection signals between users to help establish an end-to-end encrypted call. We do not log or store any information about these signals.

2. Information Stored Only on Your Device

The following data is generated and stored exclusively on your device. We have no access to it, and deleting the app will permanently remove it (unless you have a manual backup).

  • Mnemonic Phrase and Private Keys: Your complete identity (your 12-word mnemonic phrase, your private signing key, and your private encryption key) is stored in `SecureStore` (an encrypted area of your phone). This data never leaves your device.
  • Application PIN Code: If you set a PIN, it is stored locally in `SecureStore` to lock access to the app.
  • Contact List and Messages: The contacts you add and your entire conversation history are stored locally on your device in an encrypted format. Messages are only decrypted live (in-memory) when you open a conversation. This provides an extra layer of security, protecting your data even if your device's storage is physically accessed.

How We Use Information

We use the collected information (public keys, push tokens) strictly to:

  • Authenticate users and verify message integrity.
  • Route encrypted messages between users.
  • Relay connection signals to establish end-to-end encrypted audio and video calls.
  • Send push notifications when you are offline.
  • Allow the contact list functionality (sharing of nicknames and public keys).

Information Sharing

We do not sell, rent, or share your information with third parties for marketing purposes. The only third parties we interact with are essential service providers for push notifications:

  • Google (Firebase Cloud Messaging) and Apple (Apple Push Notification service): We send them your `pushToken` and a generic notification (e.g., "New Message") to deliver the alert to your device.

Data Deletion

You have full control over your data. You can delete all data associated with your account at any time from within the app by navigating to Settings {'>'} App Data {'>'} Delete All Data. This action will delete your `userId`, `publicKey`, `nickname`, and `pushToken` from our server, and will delete all local data (including your identity and messages) from your device. This action is irreversible.

Cookies (For the Website)

Our website, `chatit.ro`, may use strictly necessary cookies for basic functionality and to anonymously analyze traffic (e.g., through privacy-respecting analytics tools). We do not use advertising tracking cookies.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page. You are advised to review this page periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, you can contact us at: [email protected]