Privacy Policy

Last updated: April 22, 2025

1. Introduction

ConfyChat (“we”, “us”, “our”) is committed to protecting your privacy and ensuring the confidentiality of all information exchanged. This policy explains how we meet European GDPR standards, ISO‑certified security, and global best practices.

2. GDPR Compliance

• Data Controller: ConfyChat Ltd., EU Registration No. 123456789
• Legal Basis: Art.6(1)(f) GDPR — legitimate interest in providing ephemeral chat.
• Data Subjects’ Rights: Access, rectification, erasure (“right to be forgotten”), portability, objection. Contact privacy@confychat.com.

3. What We Do (and Don’t) Collect

Nothing. We do not collect, process, or store any personal data or message content. Chats occur device‑to‑device (Bluetooth/Wi‑Fi Direct) and are encrypted end‑to‑end.

4. Security Standards

• ISO 27001:2013 certified information security management.
• End‑to‑end AES‑256 encryption for all message packets.
• Ephemeral messaging: all data is purged from memory when the app closes or goes out of range.
• Regular third‑party penetration testing (annual SOC 2 Type II audits).

5. Data Retention & Deletion

Messages live only in RAM and are never written to disk. On app exit or range departure, all message data is irreversibly deleted.

6. International Transfers

No servers. All communication is peer‑to‑peer. No cross‑border data transfers occur.

7. Third‑Party Services

We do not use any analytics, ads, or tracking services. We do not integrate any SDKs that collect user data.

8. Contact & Complaints

Data Protection Officer: DPO@confychat.com
You have the right to lodge a complaint with your local supervisory authority.