Privacy Policy
The shortest privacy policy you'll ever read. Because we don't collect data.
Effective Date: February 10, 2026 · Last Updated: February 10, 2026
The short version: We don't collect your personal data. We don't store your messages. We don't track you. We don't sell anything about you because we don't have anything to sell.
1. Who We Are
Veiled ("we," "us," "our") operates a privacy-first chat platform. Our mission is to provide a space for communication that respects your fundamental right to privacy. We believe you should be able to talk to your friends, your community, and your world — without a corporation watching.
2. What We Collect
Here's the full list:
| Data Type | Collected? | Details |
|---|---|---|
| Real name | No | Never asked, never stored |
| Email address | No | Not required for account creation |
| Phone number | No | Not required for anything |
| Government ID / Face scan | No | Never. This is why we exist. |
| IP address | No | Stripped at the network edge, never logged |
| Message content | No | End-to-end encrypted; we cannot read messages |
| Files / Images | No | Not stored server-side |
| Device information | No | No fingerprinting, no device tracking |
| Usage analytics | No | No telemetry, no behavioral tracking |
| Account identifier | Yes | A cryptographic public key — anonymous, not linked to your identity |
| Server/channel membership | Yes | Required for message routing (encrypted) |
| Message metadata | Yes | Timestamps and channel IDs for ordering (minimal, encrypted) |
3. What We Do With Your Data
The data we do retain (account keys, membership, metadata) is used exclusively for:
- Message delivery — routing messages to the right channels
- Service operation — keeping the platform functional
We do not use this data for advertising, analytics, profiling, or any purpose beyond operating the chat service. Full stop.
4. What We Will Never Do
🚫 Sell your data — We have nothing to sell.
🚫 Show you ads — No ad-tech, no tracking pixels, no behavioral targeting.
🚫 Share with governments — We cannot share what we do not have. We cannot decrypt what we cannot read.
🚫 Require identity verification — No face scans, no ID uploads, no phone numbers. Ever.
🚫 Build profiles on you — No behavioral analysis, no recommendation engines fed by your activity.
5. Child Safety
Privacy is a right. Harming children is a crime. We take both seriously.
Veiled implements client-side scanning against known CSAM (Child Sexual Abuse Material) databases. This means:
- Known illegal material is blocked before it reaches our servers
- Scanning happens on your device, not on our infrastructure
- We maintain a mandatory reporting pipeline to the National Center for Missing & Exploited Children (NCMEC) as required by U.S. federal law (18 U.S.C. § 2258A)
- Our Terms of Service explicitly prohibit the distribution of CSAM, and violations result in immediate account termination and law enforcement referral
We protect your privacy from corporations and surveillance. We do not protect criminals from consequences.
6. Third Parties
We do not share data with third parties because we do not have meaningful data to share. We do not use third-party analytics, advertising networks, or data brokers. Period.
7. Data Retention
Messages are end-to-end encrypted and are not retained on our servers after delivery. Account identifiers persist as long as your account exists. When you delete your account, we delete your identifier. There is no "soft delete" — deletion is permanent and irreversible.
8. Your Rights
Regardless of where you live, you have the right to:
- Access — Request what we store about you (it's not much)
- Deletion — Permanently delete your account and all associated data
- Portability — Export your data in a standard format
- Transparency — Our source code is open; you can verify our claims
We comply with GDPR, CCPA, and equivalent privacy regulations. Though honestly, when you collect almost nothing, compliance is pretty straightforward.
9. Self-Hosted Instances
Veiled can be self-hosted. If you use a third-party Veiled instance, that operator's privacy practices may differ from ours. This policy applies only to Veiled instances operated by us. We encourage all instance operators to adopt similar privacy standards.
10. Changes to This Policy
If we change this policy, we'll announce it publicly with at least 30 days notice. Changes will never weaken your privacy protections — only strengthen them. All versions of this policy will remain available in our public Git repository.
11. Open Source Verification
Don't trust this document. Trust the code. Veiled is fully open source under the AGPL-3.0 license. Every claim we make here can be verified by inspecting our source code. We encourage security researchers, privacy advocates, and curious users to audit our codebase.
12. Contact
Questions about this policy? Concerns about privacy?
- Email: privacy@veiled.chat (coming soon)
- GitHub: github.com/rusty-ms