Privacy Policy

VOID is built on a single principle: your conversations belong to you. This policy explains what we collect, what we don't, and why. We've written it to be readable — not to bury you in legalese.

What We Collect

We collect the minimum necessary to operate VOID:

• Account information — your username and Firebase Cloud Messaging tokens.
• Device tokens — used solely to deliver push notifications to your device.
• Message metadata — timestamps and delivery status indicators. We do not store message content on our servers beyond the time required for delivery.
• Media files — encrypted media is stored temporarily and automatically deleted 72 hours after upload, or 5 minutes after download.

What We Never Collect

• The content of your messages — all messages are end-to-end encrypted. We literally cannot read them.
• Your contacts list or address book.
• Your location data.
• Advertising identifiers or tracking data of any kind.
• Any data sold to or shared with third parties for commercial purposes.

End-to-End Encryption

All messages sent through VOID are end-to-end encrypted. Encryption keys are generated on your device and never transmitted to our servers. Media files are also encrypted before upload.

Third-Party Services

VOID uses a minimal set of providers:

• Supabase — for secure authentication.
• Cloudflare — for messaging infrastructure.
• Firebase — exclusively for push delivery.
• Backblaze B2 — for temporary encrypted media.

Data Retention

Messages are delivered and not retained. Media files are purged automatically within 72 hours. Account data is retained while active and removed permanently 30 days after deletion.