loading
← back

Privacy Policy

// effective february 1, 2026 · last updated february 2026

// corporate entity

FROSTCRYPT LLC

APP_NAME is a product of FROSTCRYPT LLC ("we", "us", "our").

Data inquiries: [email protected]

This Privacy Policy describes how FROSTCRYPT LLC collects, uses, and protects your information when you use APP_NAME ("the Service"). By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account information

  • Email address (required for registration)
  • Username and display name
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Date of birth (used for age verification)

Technical data

  • Device identifiers for end-to-end encryption key management
  • Server-side metadata required for messaging (server membership, channel membership, timestamps)
  • IP addresses in server logs (retained for a maximum of 48 hours)
  • Browser type and operating system (for compatibility and security)

2. Information We Cannot Access

Due to the end-to-end encrypted nature of the Service, we do not and cannot access:

  • Message content (end-to-end encrypted)
  • File attachments (end-to-end encrypted)
  • Voice and video call content (end-to-end encrypted)
  • Your encryption keys (stored only on your devices)

3. How We Use Your Information

  • To provide and operate the Service
  • To authenticate your identity and secure your account
  • To deliver messages and facilitate communication
  • To detect and prevent abuse, fraud, and security threats
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your data are:

  • Contract: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Security monitoring, abuse prevention, and service improvement
  • Legal obligation: Compliance with applicable laws and regulations
  • Consent: Where you have explicitly opted in (e.g., marketing communications, if any)

5. Cookies & Tracking

We use strictly necessary cookies to maintain your authenticated session. We do not use advertising cookies, analytics trackers, or any third-party tracking pixels. We do not participate in cross-site tracking.

6. Third Parties

We do not sell, trade, or share your personal data with third parties for their own purposes. We do not use your data for advertising. We do not train AI models on your data.

We may use the following categories of service providers who process data on our behalf under strict contractual obligations:

  • Cloud infrastructure providers (hosting and storage)
  • Email delivery services (for verification codes and account notifications)
  • CAPTCHA services (Cloudflare Turnstile, for bot prevention during registration)

7. International Data Transfers

Your data may be processed in the United States or other countries where our infrastructure providers operate. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.

8. Data Retention

Account data is retained while your account is active. Upon account deletion, your account data is permanently removed within 30 days. IP address logs are automatically purged after 48 hours. Encrypted message content that has already been delivered to recipients cannot be recalled by us, as we do not hold decryption keys.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request an export of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request restriction of processing under certain conditions

For California residents (CCPA/CPRA)

You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact [email protected].

For EEA, UK, and Swiss residents (GDPR)

You may exercise any of the rights listed above by contacting [email protected]. You also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

The Service is not directed to children under 14. We do not knowingly collect personal information from children under 14. If we become aware that we have collected data from a child under 14, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or by email at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or to exercise your data rights, contact us at [email protected].

you actually read the whole thing? respect.

// see also: terms of service →

© 2026 FROSTCRYPT LLC. All rights reserved.

// APP_NAME is a registered product of FROSTCRYPT LLC