Privacy Policy

what you send is yours.

Messages are end-to-end encrypted before they leave your device, disappear after they are read, and our servers cannot read them — ever. This Privacy Policy explains what information we collect to make the app work, how we use it, and the choices you have.

Effective 06/07/2026Version 1.0Available at 6Seven.chat/privacy

Introduction

6Seven Chat is a cipher-encrypted messaging app built on a simple principle: what you send is yours.

6Seven Chat is operated by Victoriam Inc., which is the data controller responsible for your personal data. This policy applies to the 6Seven Chat app on iOS, Android, and web, and to all services provided at 6Seven Chat. It applies to all users worldwide. By using 6Seven Chat, you agree to this policy.

We collect only what is necessary to run the service. We do not sell your data, build advertising profiles, or share information with data brokers.

Information We Collect

Account Information

When you create a 6Seven Chat account using Sign in with Apple or Sign in with Google, we receive a stable, opaque identifier issued by that platform, called a sub. We never receive your Apple or Google password.

  • Your @handle — the username you choose. This is public.
  • Optional email address — only if you share it with Apple or Google during sign-in. Used solely for account recovery and important service notices. Never for marketing without your explicit consent.
  • Registration timestamp — the date and time your account was created.
  • Reputation score — a score associated with your public profile, calculated from activity within the app.
  • Referral records — a record of referrals you have made or received, used to calculate referral rewards.

Device and Session Information

  • Push notification token — an opaque token from Apple or Google that allows us to notify you when a sealed message arrives. You can revoke this at any time by disabling notifications in your device settings.
  • Device information — device platform (iOS, Android, or web), app version, and locale. Locale is used to deliver the app in the correct language and indicates your approximate geographic region.
  • Last seen timestamp — the last time your account was active, used for session management.
  • Session security data — a hashed refresh token, device ID, and user agent string, used to manage and secure your active sessions. Access tokens (JWTs) are not stored in our database.

Subscription Information

If you subscribe to 6Seven Chat PRO, we store your plan tier, purchase identifiers, receipt data, and renewal and expiry status provided by Apple or Google. We never receive your payment card details — all payment processing is handled directly by Apple or Google.

Social Connections

6Seven Chat is a social app, so we store information about the connections you make:

  • Friend requests you send or receive.
  • Active friendships.
  • Blocks you have applied.

This information is used only to operate the social features of the app. It is not shared with advertisers or used to build profiles.

Encryption Keys

To enable end-to-end encryption, we store your public cryptographic keys — specifically your public identity key, signed pre-key, and one-time pre-keys. This is standard practice in any app using the Signal protocol or similar architecture. Your private keys are generated on your device and never leave it. Storing your public keys on our servers is what makes it possible for another user to send you an encrypted message.

Reports

If you submit a report about another user, we retain that report — including any supporting material you provide — for the purpose of investigating the report and enforcing our Terms of Service. We may also retain a record of moderation actions taken, including account suspensions and terminations, to protect the safety of the platform.

Message Relay

Our relay server routes encrypted messages from sender to recipient. In order to do this, the relay necessarily processes the sender identifier, recipient identifier, and a timestamp during the relay session. This routing data is not written to persistent storage and is not retained after a message has been delivered or has expired. We do not retain or analyse communication metadata.

Information We Do Not Collect

We want to be direct about what we do not do:

  • Message and voice note content — every message and voice note is end-to-end encrypted on your device using 67-cipher before it reaches our relay. We process only ciphertext and do not hold the keys to decrypt it. We cannot read your messages, and neither can anyone else on our infrastructure.
  • Your contacts or address book — we never request access to your contacts.
  • Your location — we never request location permissions and do not use IP addresses for location profiling.
  • Advertising or analytics identifiers — we integrate no advertising SDKs, no third-party analytics platforms, and no advertising identifiers such as IDFA or GAID.
  • Behavioural profiles — we do not track you across other apps or websites and do not build profiles of your interests or behaviour for any purpose.
  • Sensitive personal data — we do not intentionally collect data revealing health, religious beliefs, racial or ethnic origin, sexual orientation, or political opinions.

How We Use Your Information

  • Operating the service — authenticating your account, routing encrypted messages, managing your social connections, and keeping your sessions secure.
  • Delivering notifications — sending you a push notification when a sealed message arrives.
  • Enabling encryption — storing your public keys so that other users can send you end-to-end encrypted messages.
  • Subscription management — verifying your PRO subscription entitlements and managing renewals.
  • Referral rewards — tracking referrals and calculating free months of PRO.
  • Safety and abuse prevention — investigating reports, taking moderation action, and maintaining the integrity of the platform. We use anonymised message size and rate data for rate-limiting and spam detection. We do not inspect message content for these purposes.
  • Improving the app — using anonymised crash and diagnostic reports to identify and fix software defects.
  • Legal compliance — meeting our obligations under applicable law where required.
  • Marketing — only if you have explicitly opted in. You may withdraw consent at any time.

How We Share Your Information

We do not sell, rent, or share your personal information with advertisers or data brokers. We share limited data with third-party service providers only to the extent necessary to operate the service:

  • Apple and Google — for authentication via Sign in with Apple and Sign in with Google, and for subscription receipt validation. They receive only what is necessary for these functions.
  • Google Cloud (Cloud Run) — our cloud infrastructure provider, hosting our database and relay server in us-east (USA). Data at rest is encrypted.
  • Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) — our push notification providers for iOS and Android respectively. They receive your device push token and a generic notification trigger, for example "sealed 67 incoming". They never receive message content, sender identity, or any message preview. The notification functions only as a prompt for the app to wake and retrieve your encrypted message, which is then decrypted on your device.

Each of these providers processes data only under our instruction and is contractually required to protect it.

Legal Disclosures

We may disclose account-level information if required to do so by a binding legal order from a court, regulator, or law enforcement authority with jurisdiction over us. Where legally permitted, we will notify you before complying. Because we do not hold decryption keys for message content, we cannot produce the content of any message in response to such an order, regardless of its source.

Business Transfers

If 6Seven Chat is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.

Data Retention and Security

We keep your information for as long as your account is active, or as long as we need it to provide the service. Specifically:

  • Account data — retained until you delete your account.
  • Session and device data — retained until a session expires or is revoked, or until you delete your account.
  • Subscription records — retained for the duration of your subscription plus one year to cover dispute and chargeback windows.
  • Social graph data — retained until you remove a connection or delete your account.
  • Report and moderation records — retained for 12 months after the investigation is closed, to enable appeals and protect against re-registration by bad actors.
  • Relay routing data — not retained. Processed transiently in memory during the relay session only.

Security

Security is core to what 6Seven Chat is. Every message and voice note is end-to-end encrypted on your device before it reaches our relay — we do not possess the keys to decrypt your communications.

For the account and technical data we do hold, we apply appropriate protections: all data in transit is encrypted using TLS. Our database is encrypted at rest, and backups are encrypted. Refresh tokens are stored using a secure cryptographic hash. Access tokens are short-lived and not stored on our servers. Access to production systems is restricted to authorised personnel on a need-to-know basis.

No system is completely immune to attack. In the event of a data breach that is likely to affect your rights, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay where required by law.

Children and Young Users

Minimum age

6Seven Chat is available to users aged 13 and over. We do not knowingly permit children under 13 to create an account. We verify minimum age using platform-level age signals from Apple and Google at registration. Users who provide a date of birth indicating they are under 13 are denied access.

If you believe your child under 13 has created an account, please contact us immediately at hello@6Seven.chat. We will delete the account and all associated data within 72 hours.

Users aged 13-15 in the EU, EEA, and UK

6Seven Chat is available to users aged 13 and over. We do not rely on consent as our legal basis for processing the personal data necessary to provide the service — we rely on performance of our contract with you and our legitimate interests, as set out in the Legal Basis section. Because we do not rely on the child's consent, and because we collect only the minimal data necessary to operate the service, our processing does not require separate verifiable parental consent.

We do not collect location data, build behavioural profiles, or process special category data from any user, regardless of age. Younger teens receive the same privacy-protective experience as all users, with the highest privacy settings applied by default. A parent or guardian may contact us at hello@6Seven.chat to access, correct, or delete their child's data at any time.

UK Children's Code

The Services are likely to be accessed by users under 18 in the UK, and we comply with the UK Age Appropriate Design Code. By design, 6Seven Chat collects minimal data, contains no advertising, applies the highest privacy settings to all accounts by default, does not profile users, and never requests location access. Private keys never leave your device.

Your Rights and Choices

Rights under GDPR and UK GDPR

If you are located in the United Kingdom or European Economic Area, you have the following rights. To exercise any of them, contact us at hello@6Seven.chat with your @handle. We will respond within 30 days.

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your personal data. See "Deleting your account" below.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Portability — receive your account data in a structured, machine-readable format (JSON).
  • Objection — object to processing where we rely on legitimate interest as our legal basis.
  • Withdraw consent — where processing is based on consent, such as marketing, withdraw it at any time without affecting earlier processing.
  • Complaint — lodge a complaint with your national data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk). In the EU, contact your local supervisory authority (edpb.europa.eu). We would always prefer to resolve concerns directly first — please reach out to us before escalating.

Rights under CCPA / CPRA

California residents have the right to know what personal information we collect and how we use it, to request deletion, to request correction, and to opt out of the sale or sharing of personal information. We do not sell or share your personal information. To submit a CCPA request, email hello@6Seven.chat with the subject "CCPA Request" and your @handle.

Deleting your account

You can delete your account at any time from Settings -> You -> Log out -> "Delete account permanently". This immediately and permanently deletes your user record, all active sessions, your push token, your subscription records, your social graph data, and your encryption keys from our servers. Deletion is irreversible.

If you cannot use the in-app option, email hello@6Seven.chat with the subject "Account deletion request" and your @handle. We will complete deletion within 7 days.

Report and moderation records may be retained beyond account deletion where we have a legitimate interest in doing so for platform safety. Apple and Google retain their own transaction histories in accordance with their own policies.

International Data Transfers, Legal Basis, Changes, and Contact

International Data Transfers

Legal Basis for Processing

For users in the UK and EEA, we process personal data on the following legal bases under UK GDPR and EU GDPR:

  • Contract performance — processing your account, delivering messages, managing sessions, subscriptions, social connections, and encryption keys.
  • Legitimate interest — push notifications, crash diagnostics, relay abuse detection, referral management, account recovery, and retention of moderation records for platform safety.
  • Legal obligation — compliance with applicable law and response to valid legal orders.
  • Consent — marketing communications. You may withdraw at any time.

Changes to This Policy

We may update this policy from time to time. For minor changes — such as clarifications or legal updates that do not affect how we handle your data — we will update the version number and effective date, and post a notice in the app.

For material changes — such as collecting new categories of data, adding new sub-processors, or changing how we use existing data — we will notify you in-app and by email, if we hold your email address, at least 30 days before the change takes effect. Where required by law, we will seek your explicit consent before processing under revised terms. Continued use of the app after the notice period does not constitute acceptance of material changes.

All previous versions of this policy are available on request.

Contact Us

If you have questions, concerns, or requests relating to this policy or how we handle your data, please contact us.

Privacy enquiries: hello@6Seven.chat
Data Controller: Victoriam Inc. | 8 The Green STE A, Dover, DE 19901

We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to your national data protection supervisory authority.

Version history: v1.0 06.07.2026 - Initial policy.

Privacy Policy · Version 1.0 · 6Seven.chat/privacy