Start Chatting
← Back to home

Privacy Policy

Last updated: June 20, 2026

1. Introduction

ChumiChat (“we”, “our”, or “us”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and the choices you have. ChumiChat is designed from the ground up to minimize data collection and protect your communications.

2. Information We Collect

2.1 Account information

ChumiChat does not require you to provide an email address, phone number, or any personal information. When you open the app, a username is automatically generated for you along with an EC P-256 cryptographic key pair. We store your username and your public key on our servers — these are the only pieces of identity data we hold. Your private key is generated locally and never transmitted.

Accounts are temporary. Your username, public key, and all associated data are automatically and permanently deleted 24 hours after your account was created. No action is required from you.

2.2 Messages

Messages are encrypted end-to-end before leaving your device. Our servers store only the encrypted ciphertext and initialization vector (IV) — never plaintext. We have no technical ability to read your messages. Messages are permanently deleted from our servers 5 minutes after the recipient opens them. Any messages that remain unread are deleted when your account is auto-deleted at the 24-hour mark.

2.3 Technical data

We may collect standard server logs including IP addresses, request timestamps, and error information. This data is used solely for operating and troubleshooting the service and is not linked to message content.

3. How We Use Your Information

We use the information we collect to:

  • Deliver messages between users
  • Authenticate your session
  • Maintain and improve the service
  • Diagnose technical issues

We do not sell, share, or use your information for advertising or profiling.

4. End-to-End Encryption

ChumiChat uses ECDH key derivation with AES encryption. When you register, an EC P-256 key pair is generated on your device. Your public key is uploaded to our servers so other users can derive a shared encryption key for sending you messages. Your private key is stored exclusively in your browser's IndexedDB — it is never transmitted to our servers under any circumstances.

Because we never have access to private keys, we have no technical ability to decrypt your messages, even if compelled by law enforcement or legal process.

5. Data Retention

The following deletion schedule applies to all data:

  • Messages— permanently deleted 5 minutes after the recipient opens them. Unread messages are deleted when the sender's or recipient's account expires.
  • Accounts — your username, public key, chat participation records, and any remaining messages are permanently deleted 24 hours after account creation. This is automatic and cannot be disabled or postponed.
  • Session tokens — JWT tokens issued at registration expire after 24 hours, matching the account lifetime.

A background cleanup process runs every 2 minutes to enforce these deletions. Once deleted, data cannot be recovered by you or by us.

6. Your Rights

You can stop using ChumiChat at any time. Because we do not collect personal identifying information and because messages are end-to-end encrypted, there is little personal data for us to delete or export. If you have questions about your data, contact us at contact@chumichat.com.

7. Cookies and Local Storage

ChumiChat uses localStorage to store your authentication token and IndexedDB to store your private key. We do not use third-party tracking cookies or analytics services.

8. Children's Privacy

ChumiChat is not directed at children under 13 years of age. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy from time to time. We will update the “Last updated” date at the top of this page. Continued use of ChumiChat after changes constitutes acceptance of the revised policy.

10. Contact

If you have questions or concerns about this policy, contact us at contact@chumichat.com.