Privacy policy

1. Data We Collect

• Account data: account identifiers, name, email address, and profile details you provide directly or through an authentication provider.
• Message data: encrypted message payloads, encrypted file payloads (if attached), and message configuration (expiration, view limits, and optional geo rules).
• Usage and security data: when links or messages are opened, we may record timestamp, IP address, approximate location, and device/browser metadata to provide sender activity history and prevent abuse.
• Billing/support data: records needed for subscriptions, support, and service operations.

2. Client-Side Encryption

Messages and files are encrypted in your browser before upload. MsgCrypt does not store encryption slugs or plaintext message contents. Only someone with the slug can decrypt a message.

3. Google User Data (OAuth)

If you sign in with Google, MsgCrypt accesses limited Google account data through OAuth. We currently request only basic identity scopes (`openid`, `email`, and `profile`).

• Data accessed: Google account identifier, email address, display name, and profile image (if available).
• Data usage: account sign-in, account linking, account security, fraud prevention, and support troubleshooting.
• Data not accessed: MsgCrypt does not request Gmail, Google Drive, Calendar, or Contacts data unless this policy is updated and additional scopes are explicitly requested.

4. How We Use Data

• Provide and maintain the service
• Authenticate users and secure accounts
• Deliver usage/activity analytics to senders
• Prevent abuse and protect the platform
• Respond to support requests
• Comply with legal obligations

5. Data Sharing

We do not sell personal information or Google user data.

• We share data only with service providers needed to operate MsgCrypt (for example hosting, authentication, database, and billing providers), under contractual confidentiality and security obligations.
• We may disclose data when required by law, legal process, or to protect the rights, safety, and security of MsgCrypt and its users.

6. Data Storage and Protection

• Data is transmitted over encrypted channels (HTTPS/TLS).
• Access to production systems is restricted to authorized personnel and providers.
• We apply technical and organizational safeguards designed to protect data against unauthorized access, alteration, disclosure, or destruction.

7. Data Retention and Deletion

• Message content and activity data are retained according to message settings, plan limits, and operational needs, then deleted or anonymized when no longer required.
• Account records are retained while your account is active and as needed for legal, tax, fraud-prevention, and audit obligations.
• You can request deletion of your account and associated personal data by emailing info@msgcrypt.com with subject line Data Deletion Request.

8. Cookies and Similar Technologies

We use essential cookies and similar technologies for authentication, security, and core product functionality. Non-essential analytics are controlled by your consent settings.

9. Your Privacy Rights

You may request access, correction, deletion, or portability of your data. To exercise these rights, contact us using the information below.

10. Changes to This Policy

We may update this policy from time to time. We will post the updated version and revise the Last updated date.

11. Contact Us

Questions about privacy? Email info@msgcrypt.com.