Data Retention Statement
Plain text vs ciphertext
Text message retention
The readable text is encrypted on the sender’s device before delivery. Our server does not receive the readable message, does not store the readable message and cannot read it.
What may pass through the SECRET infrastructure is only a ciphertext delivery package addressed to the approved recipient terminal. To anyone except the recipient terminal, that package is unreadable encrypted data.
After the recipient reads the message, the server-side encrypted delivery record is erased according to the read-once flow.
Encrypted audio and media
Voice and media are encrypted on the device before they are sent. Our server cannot listen to, open, play or understand the content.
SECRET does not keep readable audio files, readable media files or human-accessible message content on the server. Only encrypted delivery material and minimal delivery metadata may exist temporarily for the purpose of delivering the encrypted package to the intended terminal.
Local vault
Private keys and vault access material are stored locally on the approved device. SECRET does not keep a master key that can rebuild a wiped vault.
Panic Wipe
When Panic Wipe is executed, the account is disabled and anonymized, active sessions are removed, approved device records are revoked, linked encrypted records are purged, and local vault/session material is cleared from the device.
Operational records
Some minimal operational records may be retained for security, access control, subscription status, abuse prevention and legal compliance. These records are not message contents and are not readable private communications.
Important limitation
No system can guarantee absolute security if a device is physically compromised, jailbroken, modified, shared, or used outside the intended security model.