cryptoscreen Privacy Policy

cryptoscreen is designed for one-time encrypted messages. Message plaintext is encrypted on the sender device before upload and is not stored by the service.

What the service stores

The production API stores encrypted message bytes, nonce, tag, salt, expiry time, and failed attempt count. When a sender attaches an image, the service stores encrypted image object bytes in private R2 storage plus encrypted attachment metadata in Neon. User message rows and attachment metadata are deleted after a successful read, after the third wrong PIN, or after expiry cleanup. Unused user links expire after 30 days.

After a successful read with an image attachment, the app downloads the encrypted image bytes through a one-time read session. The R2 object is deleted after that one-time download. Expired attachment objects are deleted by scheduled cleanup.

Service-owned retained review/demo rows may remain reusable for Apple App Review and TestFlight invocation testing. These rows must contain only demo text, not private user content.

The service also keeps an aggregate count of how many sealed messages have been shared. That counter does not include message content, recipients, senders, or link secrets.

If you send feedback from inside the app, the service processes the rating, feedback text, app version/build, platform/device information, and timestamp to deliver that support request to the maintainer.

What is not stored

The service does not intentionally store plaintext message content, the URL fragment secret, contact lists, or account profiles.

Operational data

Cloudflare and Neon may process standard infrastructure logs needed to operate, secure, and debug the service.

Contact

For privacy requests, use the contact address on the support page.