ZK
ZKRYPT
Legal

Privacy Policy

Effective date: June 30, 2026 · Zero knowledge by design.

TL;DR: We cannot read your messages. We cannot identify you. We do not sell your data. Your private keys never leave your device. This is not a promise — it is mathematically enforced.

1. Overview

ZKRYPT and ZKRYPT Mail ("the Apps") are end-to-end encrypted communication applications developed by ZKRYPT. This Privacy Policy explains how we handle information in connection with your use of our apps and website (zkrypt.net). Our core principle: we are architecturally incapable of reading your messages, identifying your contacts, or tracking your activity. This is not a policy choice — it is a technical design decision baked into the cryptographic architecture of the Apps.

2. Information We Do NOT Collect

The Apps are designed around zero-knowledge principles. We do not collect, store, or have access to: • Your messages or email content • Your contact list or recipient information • Your cryptographic keys (private keys never leave your device) • Your real name, phone number, or email address (for app usage) • Your location or IP address from within the Apps • Your device identifiers or advertising IDs • Any biometric data (fingerprint data is processed entirely by your device's OS)

3. How Encryption Works

All messages and emails are encrypted on your device before transmission using: • AES-256-GCM for message encryption • X25519 ECDH for key exchange • HKDF-SHA-512 for key derivation Your private key is generated locally and never transmitted to our servers. We cannot decrypt your communications even if compelled by law enforcement.

4. Data Stored on Our Servers

Our servers store only the minimum data required for message delivery: • Encrypted message ciphertext (unreadable without recipient's private key) • Sender and recipient public key identifiers (not tied to real identity) • Message timestamps • FCM push notification tokens (for delivery only, not linked to identity) No plaintext content is ever stored on our servers. Delivered messages are deleted from our servers after delivery or after the self-destruct timer expires.

5. Website and Purchases

When you purchase from zkrypt.net: • Payment is processed by Stripe. We do not store your credit card information. • Your email address is collected solely to deliver your activation code. • Purchase records are retained for accounting and license verification purposes. • We use your email only to send your activation code and critical security notices. We do not send marketing emails without your consent.

6. Push Notifications

ZKRYPT Mail uses Firebase Cloud Messaging (FCM) to deliver push notifications. FCM receives an encrypted notification payload that contains no message content. FCM only knows that a notification should be delivered to a specific device token — it cannot read the content of your messages.

7. Third-Party Services

The Apps and website use the following third-party services: • Supabase — backend database for encrypted message relay (EU-based servers) • Firebase / Google FCM — push notification delivery • Stripe — payment processing (purchases only) • Resend — transactional email delivery (activation codes only) Each of these providers has their own privacy policy. We share only the minimum information required for each service to function.

8. Data Retention

• Encrypted messages: deleted from servers upon delivery or expiry • Self-destruct messages: deleted immediately after the timer expires • Activation codes: retained indefinitely for license verification • Purchase email addresses: retained for license records • All local app data (messages, contacts, keys): stored only on your device and deleted when you reset or uninstall the app

9. Children's Privacy

The Apps are not directed at children under the age of 13. We do not knowingly collect any information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@zkrypt.net.

10. Your Rights

Depending on your jurisdiction, you may have the right to: • Access any personal data we hold about you • Request deletion of your personal data • Object to our processing of your data Because we hold no message content or identity data linked to you, most data requests will result in confirmation that we have nothing to delete beyond your purchase record. Contact us at privacy@zkrypt.net to exercise your rights.

11. Security

We implement industry-standard security practices including TLS encryption for data in transit, and we undergo regular security reviews. However, given our zero-knowledge architecture, a breach of our servers would not expose your message content or identity.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the new policy on zkrypt.net with an updated effective date. Continued use of the Apps after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related inquiries: Email: privacy@zkrypt.net Website: zkrypt.net

← Back to zkrypt.netFAQ →Contact Support →