Privacy Policy

1. Overview

TempChat is designed from the ground up to collect as little data as possible and to ensure that the data we do handle cannot be linked to your real-world identity. This Privacy Policy explains what information is processed when you use TempChat, how it is used, and how it is deleted.

The short version: We cannot read your messages. We do not know who you are. Everything is deleted when the room expires.

2. The Zero-Knowledge Model

TempChat uses end-to-end encryption with a zero-knowledge architecture:

• Your messages and display name are encrypted in your browser using AES-256-GCM before being transmitted to our servers.
• The encryption key is derived from a private key that lives exclusively in the room URL fragment (#hash). URL fragments are not included in HTTP requests, so this key is never transmitted to or stored by our servers.
• Our servers store and transmit only opaque ciphertext. We have no technical capability to decrypt or read the content of messages or display names.
• Requests are authenticated using ECDSA P-384 signatures. The public key is stored server-side for verification purposes only — it cannot be used for decryption.

3. What We Collect and Why

The following categories of data are processed when you use TempChat:

3.1 Room Data (Server-Side, Temporary)

• Room identifier (roomId): A randomly generated, opaque identifier assigned by the server at room creation. Not linked to any personal identity.
• Encrypted room name: Stored as ciphertext. We cannot read it.
• User identifier (userId): A randomly generated, opaque identifier assigned by the server when you join a room. Not linked to any personal identity.
• Encrypted display name: Stored as ciphertext. We cannot read it.
• Encrypted messages: Stored as ciphertext in a Redis sorted set. We cannot read them.
• Join timestamp and event sequence number: Used to deliver messages to late-joining members. Not linked to any personal identity.
• ECDSA public key (JWK): Used exclusively to verify request signatures. Cannot be used for decryption.

All of the above data is stored in-memory in Redis with a TTL (time-to-live). It is automatically and permanently purged when the room expires. We do not persist this data to any external database or long-term storage.

3.2 Server Logs (Transient)

Like most web services, our servers generate access logs that may include IP addresses, request timestamps, HTTP method and path, and response codes. These logs:

• Do not contain message content (which is encrypted at the client and never visible to the server).
• Are retained for 30 days for operational and security purposes, then deleted.
• May be used to investigate abuse, service disruptions, or security incidents.

3.3 Local Storage (Your Device Only)

TempChat stores the following data in your browser's localStorage:

• Your userId for each active room.
• Your privateKey (JWK) for each active room (the encryption key that never leaves your device).
• Your display name (plaintext, for display purposes only).
• The join_eid (event sequence number at the time you joined, used to replay missed messages).
• Your theme preference (dark or light).

This data is stored locally on your device and is never transmitted to our servers (except the userId and join_eid, which are used for session continuity). You can clear it at any time by clearing your browser's site data for app.tempchat.app, or by using the "Leave Room" function within the app.

4. Payments

If you purchase a Boost, payment is processed entirely by a third-party payment provider (currently SePay and/or Polar). TempChat does not collect, store, or process your payment card details.

The payment provider may collect information such as your name, email address, billing details, and IP address in accordance with their own privacy policies. We encourage you to review the privacy policies of the relevant payment processor before making a purchase.

TempChat receives a webhook notification upon successful payment confirmation. This notification contains the roomId for which the Boost was purchased, the Boost type, and a transaction identifier. No personal payment information is included in the webhook payload received by TempChat.

5. No Personal Accounts or Email Addresses

TempChat does not require you to register an account, provide an email address, or supply any personally identifying information to use the service. If you contact us voluntarily (e.g., by email for support), any information you provide will be used only to respond to your request and will not be stored beyond what is necessary for that purpose.

6. Third-Party Services

TempChat uses the following third-party infrastructure:

• Google Fonts: The marketing site loads fonts (Syne, Outfit) from Google Fonts CDN. Google may log requests to their CDN, including your IP address. See Google's Privacy Policy.
• Firebase Hosting (Google): The marketing site (tempchat.app) and web application (app.tempchat.app) are hosted on Firebase. Firebase Hosting may collect access logs. See Firebase Privacy Policy.
• Payment processors (SePay / Polar): As described in Section 4 above.

We do not use advertising networks, tracking pixels, analytics platforms, or other third-party data-collection tools on TempChat.

7. Data Deletion and Retention

TempChat is designed for automatic data deletion:

• All room data (messages, member metadata, keys) is automatically purged from our servers when the room's TTL expires.
• There is no manual deletion request process for room data — it is deleted automatically and unconditionally at expiry.
• Server access logs are deleted after 30 days.
• If you want to delete locally stored data (privateKey, userId, display name) before room expiry, use the "Leave Room" function in the app, or clear your browser's site data for app.tempchat.app.

8. Children's Privacy

TempChat is not directed at children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has used TempChat in a way that violates this policy, please contact us.

9. Security

We implement technical measures to protect the integrity of the service, including ECDSA request signing, timestamp drift validation, and TLS encryption in transit. However, no system is completely secure. The zero-knowledge architecture means that even a full compromise of our servers would not expose the plaintext of your messages — the encryption key is never held by us. Nevertheless, you should be aware that the security of data on your own device is your responsibility.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Your continued use of TempChat after changes are posted constitutes your acceptance of the revised Policy.

11. Contact

Questions about this Privacy Policy or how your data is handled? Contact us at: support@tempchat.app.