Privacy Policy
This policy explains what data Sealr ("we", "us") collects, why, and how we protect it. Sealr is an end-to-end encrypted messenger. Where we say "messages" we mean the text, photos, videos, voice notes, and files you send through the app. Messages are encrypted on your device before they leave it, and we cannot read them.
Information we collect
Account information
When you sign up, we collect the minimum identifiers needed to create your account: your email address and/or phone number, and a unique account ID generated by our authentication provider. You can also choose a Sealr nickname, which is visible only to people who already have your phone number saved on their device.
Messages, media, and group names
The content of every message — text, photos, videos, voice notes, and files — is end-to-end encrypted on your device before it leaves you. Group chat names are also end-to-end encrypted. Our servers store only ciphertext. We cannot read your messages, view your media, read your group names, or recover any of this content if you lose your recovery passphrase.
Contacts
Sealr accesses your phone's contacts only when you open the contact picker to start a chat or invite someone. When you do, the phone numbers from your address book are sent to our servers over an encrypted connection for the sole purpose of checking which of your contacts already use Sealr, so we can show a "chat now" shortcut. We process these numbers transiently to perform the match: we do not store your contacts on our servers, we do not log them, and we never sell or share them with third parties. Matches are cached on your device only. People who have turned off discoverability are never revealed.
Location
Sealr uses your device's location only to evaluate a geofence that a sender has placed on a specific message — to check whether you are inside the area the sender chose in order to unlock the content. Your coordinates are never stored on our servers and are never shared with the sender or any third party.
Device and technical data
We collect minimal technical information needed to operate the service and detect abuse: device model, operating system version, app version, an anonymous install identifier, and IP address used for message delivery. In the event of a crash or error, anonymised diagnostic data (stack trace, device model, OS version, app version) is sent to Sentry, a third-party error-monitoring service. Sentry never receives message content, media, user identifiers, or contact information. You can read Sentry's own privacy policy at sentry.io/privacy.
Message activity events
When a sender enables activity tracking on a message, Sealr records limited events — such as "viewed", "shared", or "screenshot attempted" — linked to that specific message. These events are visible only to the sender of that message, not to Sealr staff or third parties.
Blocked users
When you block another user, a record of that block (your account ID and the blocked account ID) is stored on our servers so that the block takes effect across all your devices and persists if you reinstall the app. You can view and manage your blocked users at any time from the app's settings.
How we use your data
- To deliver your messages to the people you choose to send them to.
- To authenticate you when you sign in (email or SMS verification).
- To enforce the rules a sender sets on a message (expiry, view limits, geofence, revoke, etc.).
- To enforce blocks between users.
- To detect abuse, fraud, and to keep the service available.
- To investigate bugs and crashes via anonymised error reports (Sentry).
- To respond to lawful legal requests when we are required to.
Who we share data with
We do not sell your data. We share limited data only with the following service providers, and only as strictly necessary:
- Google Firebase — authentication, encrypted message storage and delivery, push notifications, and cloud functions.
- Sentry — anonymised crash and error reporting (no message content, no identifiers).
- Email infrastructure (such as Resend or similar) — to send verification and notification emails when you sign in or change your account.
- Apple and Google — app distribution and push notification routing.
Each provider is bound by a data-processing agreement. A full list of sub-processors is available on request at privacy@sealr.chat.
How long we keep data
- Messages and media: until they expire (sender-set timer), are revoked by the sender, or you delete your account.
- Account information: until you delete your account, then up to 30 days for backup purges.
- Block records: until you unblock the user or delete your account.
- Crash reports: 90 days in Sentry, then automatically deleted.
- Message activity events: up to 365 days, then automatically deleted.
Account deletion
You can delete your account at any time from Settings → Delete account inside the app. Deletion removes your account credentials, your public encryption key, all messages you own, and all personal data we hold about you, subject to the retention periods above. Deletion is permanent and cannot be undone.
Your rights
If you are in the European Economic Area, the United Kingdom, or another region with equivalent data protection law, you have the right to:
- Request a copy of the personal data we hold about you.
- Ask us to correct inaccurate data.
- Ask us to delete your data ("right to be forgotten").
- Object to or restrict certain kinds of processing.
- Receive a portable copy of your data.
- Lodge a complaint with your local data protection authority (in Italy: the Garante per la protezione dei dati personali).
To exercise any of these rights, write to privacy@sealr.chat. We respond within 30 days.
Security
Messages, media, and group names are end-to-end encrypted using AES-256-GCM with RSA-OAEP-2048 key exchange — industry-standard cryptography. Authentication tokens are stored in your device's secure keystore. Recovery passphrases are never transmitted to our servers; only an encrypted key bundle is stored so you can restore your keys on a new device. See our security disclosure policy if you have found a vulnerability.
Children
Sealr is not directed at children under 13 (or the higher minimum age required in your country). We do not knowingly collect personal data from children. If you believe a child has provided us data, write to privacy@sealr.chat and we will delete it promptly.
Changes to this policy
We will notify you of material changes via in-app notice or by email. The "last updated" date at the top of this page always reflects the current version.