Privacy Policy

App: MPC Chat (mobile clients; package com.seaz5342.chat on Android).
Effective date: 2026-04-26
Last updated: 2026-04-26

1. Who we are

“We”, “us”, and “our” refer to the operator of the MPC Chat service (the Controller for personal data you provide to us). Contact: [email protected] (update if you use a different support address).

2. Summary

MPC Chat is built so that message content is end-to-end encrypted on your device before it reaches our servers. We process account, social graph, device, and operational data needed to run chat, files, notifications, and optional in-app balance features. We use infrastructure and service providers (listed below) to host and operate the service.

3. What data we process

3.1 Account & identity

• Email and password. We store your email (or a guest placeholder until you link a real email) and a password hash. We do not store your password in plain text.
• Guest accounts. You may start as a guest; we may later associate a real email when you link your account.
• Profiles. Display name, optional picture URL, status text, and optional human-readable identity ID (e.g. a handle). Identity IDs are issued in a way that reduces impersonation; technical details are handled server-side.

3.2 Chat, rooms, and messages (metadata and ciphertext)

• Rooms and membership. We store room identifiers, type (private or group), titles, avatars, membership, and related settings (e.g. group policies) as required for the product.
• Messages. For each message we store identifiers (message id, room, sender profile), timestamps, message type (text, image, video, file), and optional file metadata (name, size, MIME type, storage key). The content field may hold end-to-end encrypted payload (when encryption is enabled) or, in some cases, unencrypted text when the app sends plaintext — the app is designed to prefer encryption in private and group contexts as implemented in the client.
• What we do not have. We do not have your end-to-end encryption private keys or your key-backup passphrase. Those stay on your device (or are encrypted by you before any optional server-side backup of wrapped key material).

3.3 Cryptography & keys (operational, not your secrets)

• Device registration. We store a device name, a public key (ECDH P-256, in base64), and last-seen timestamps so other users can establish encrypted channels and so you can use multiple devices where supported.
• Per-profile public keys and wrapped room keys. We store public keys and, for group rooms, encrypted copies of the group’s symmetric key wrapped for each member. These are ciphertexts we cannot use to read message content without your private keys.
• Key backup. If you use backup, we may store encrypted key material derived under a passphrase you choose; the passphrase is not sent to us.

3.4 Files and media

Files you send are stored in our object storage (e.g. images, videos, attachments). We retain storage keys and metadata needed to deliver and display them. Content may be end-to-end encrypted at the message layer; file blobs are stored for delivery to recipients you authorize.

3.5 Social graph and discovery

We process friend relationships, blocks, and identity lookup as needed for the product (e.g. search by identity ID, friend requests, invites).

3.6 Notifications

• Push tokens (Android). We store FCM device tokens and platform identifiers so we can send push notifications. Notification payloads are designed to avoid sending full message content where the app can avoid it; consult your OS notification settings.
• Per-profile notification preferences may be stored (e.g. display name for notifications).

3.7 Optional in-app balance & payments (crypto)

If you use token balance, deposits, paid messages, premium subscription, or withdrawals:

• We process internal ledger and balance records, payment order references, and transaction metadata associated with your account.
• For withdrawals, we process destination network, cryptocurrency address, optional memo, and status with our payment provider.
• We do not process traditional card or bank details for these flows; the provider is a cryptocurrency payment / payout service (OxaPay or as configured in deployment).

3.8 Subscriptions (premium)

If you purchase premium, we store subscription status and renewal timestamps derived from the product rules (e.g. monthly premium price configured in the service).

3.9 Read state & product telemetry

• We may store read receipts / last-read pointers per room and profile to sync state across your devices.
• We use Sentry (or compatible error reporting) on the API and in the app for crashes and performance. We configure scrubbing to reduce sensitive data in reports (for example, tokens in logs and request bodies for sensitive routes). DSNs may be disabled in some builds — if Sentry is disabled, fewer diagnostic events are sent.
• We may use a stable installation identifier (e.g. from Firebase) to correlate support and diagnostics; it is not your name or email by itself.

4. Purposes and legal bases (EEA/UK style)

Depending on your region, we rely on one or more of the following:

• Contract — to provide the chat service, sync state, and deliver features you use.
• Legitimate interests — to secure the service, prevent abuse, and improve reliability (including error reporting), balanced against your rights.
• Consent — where required for optional processing (e.g. certain marketing or non-essential analytics, if ever offered) or for push notifications as governed by your device OS.
• Legal obligation — where we must retain or disclose information to comply with law.

5. How we share data

We share data with processors who help us run MPC Chat, including — depending on your deployment and configuration:

• Cloudflare (Workers, D1, R2, Durable Objects) for hosting, database, file storage, and realtime infrastructure. See Cloudflare’s privacy documentation.
• Google / Firebase for FCM (push) and, where used, app installation identifiers. See Google’s policies for Firebase and Google Play services on Android.
• Sentry for error and performance data. See Sentry’s privacy policy.
• OxaPay (or the configured payment provider) for cryptocurrency invoices and payouts when you use balance features. See the provider’s privacy policy for payment data they process on our behalf as a sub-processor or partner.

We do not sell your personal data as a commodity. We do not use advertising SDKs in this policy’s scope.

6. International transfers

Our providers may process data in the United States and other regions. If you are in the EEA/UK/Switzerland, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) where required by your provider’s role and DPA, subject to your configuration and the provider you choose.

7. Retention

We keep information for as long as your account is active and as needed to provide the service, comply with law, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymize data according to our data model (some records may be removed by cascade rules tied to the user account; operational backups may persist for a limited period on infrastructure providers). Specific retention for payment/ledger records may be longer where required for accounting or anti-fraud.

8. Security

• Transport security (HTTPS) for client–server traffic.
• Authentication with signed tokens; signed URLs for file access where applicable.
• End-to-end encryption of message content in supported flows (AES-GCM with keys derived/transported as described in the app).
• Operational controls to reduce secret leakage in logs and third-party error reporting.

9. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict certain processing, and to object. Contact us at the email above. If you are in the EU, you may lodge a complaint with a supervisory authority.

10. Children

MPC Chat is not directed at children under 13 (or the minimum age in your country). We do not knowingly collect personal data from children below that age. If you believe a child has provided us data, contact us to request deletion.

11. Third-party links

The app or website may link to third-party sites. Their privacy practices are governed by their own policies.

12. Changes to this policy

We will post the updated policy with a new “Last updated” date. For material changes, we may also notify you in-app or by email where appropriate.

13. Contact

Questions about privacy: [email protected]