Privacy Policy
Last Updated: July 1, 2025
๐ Our Privacy Commitment
Privacy isn't just a featureโit's our foundation. We built Cryptojis because we believe everyone has the right to communicate privately.
The Short Version
๐
Messages never stored on servers
๐ฑ
All encoding on your device
#๏ธโฃ
SHA-256 hashed identifiers
๐๏ธ
30-day auto deletion
- Your messages are never stored on our servers
- All encoding happens on your device
- We use SHA-256 hashing to anonymize device identifiers
- Analytics data is automatically deleted after 30 days
- We never collect personal information
- No tracking, no ads, no data selling
1. Information We Collect
1.1 Receipt Validation Data
When you make a purchase, we validate your receipt with Apple:
- What we collect: Hashed device identifier, subscription status, product type, purchase date
- What we DON'T collect: Your name, email, payment details, Apple ID, or any personal information
- How it's protected: Device IDs are hashed with SHA-256 before leaving your device
- Where it's stored: Google Firebase Firestore with strict security rules
- Retention: 30 days (automatically deleted)
1.2 Anonymous Analytics
We collect minimal analytics to improve the app:
| What We Collect | Purpose | Retention |
|---|---|---|
| App launches | Understand usage patterns | 30 days |
| Feature usage (anonymous) | Improve popular features | 30 days |
| Subscription types | Plan improvements | 30 days |
| General device type | Compatibility testing | 30 days |
| Trial status | Understand conversion | 30 days |
What we DON'T collect:
- Your location or IP address
- Unique device identifiers
- Personal information
- Contact lists or photos
- Advertising identifiers
1.3 Your Messages
- Stored: Only on your device
- Transmitted to servers: Never
- Accessed by us: Never possible
- Encryption: Messages encoded using emoji-based hiding
- Cloud backup: Only if you enable iCloud backup (encrypted by Apple)
2. How We Use Information
The minimal data we collect is used exclusively for:
- Subscription Validation: Verify your premium access through Apple's secure receipt validation
- Service Improvement: Understand which features are popular (completely anonymous)
- Bug Fixes: Anonymous crash reports help us improve stability
- Feature Planning: See what subscription types users prefer
- Security: Ensure our systems are functioning properly
Important: We never use your data for advertising, marketing, or selling to third parties. Ever.
3. Third-Party Services
3.1 Firebase (Google)
Firebase Services We Use:
- Firestore Database: Stores hashed device IDs and subscription status
- Cloud Functions: Processes receipt validation securely
- Firebase Analytics: Anonymous usage statistics (privacy mode enabled)
Data shared: Hashed device ID, subscription status, anonymous analytics
Security: All data encrypted in transit and at rest
Their privacy policy: firebase.google.com/support/privacy
3.2 Apple
Apple Services:
- App Store: App distribution and updates
- StoreKit: In-app purchases and subscriptions
- Receipt Validation: Verify legitimate purchases
Data shared: Purchase receipts only (no personal data)
Their privacy policy: apple.com/legal/privacy
4. Data Security
Technical Safeguards:
- Encryption: All network communication uses HTTPS/TLS 1.3+
- Hashing: Device identifiers are SHA-256 hashed before transmission
- Access Control: Firestore database locked to authenticated Cloud Functions only
- Authentication: Admin dashboard requires multi-factor authentication
- Auto-deletion: Data older than 30 days automatically purged daily
- Audit Logs: All data access is logged and monitored
Operational Security:
- Regular security audits
- Principle of least privilege for all systems
- No employee access to user data
- Secure development practices
5. Your Rights
You have complete control over your data:
Data Control Options:
- Access: Request what limited data we have about you
- Deletion: Request immediate deletion of your data
- Opt-out: Disable analytics in app settings
- Export: Your messages are already on your device
- Correction: Update any inaccurate information
To exercise any of these rights, contact us at privacy@cryptojis.com. We'll respond within 72 hours.
6. GDPR Compliance (EU Users)
| Right | How We Comply |
|---|---|
| Legal Basis | Legitimate interest (app functionality) |
| Data Controller | LB2Holdings |
| Data Minimization | Only essential data collected |
| Right to Erasure | Auto-delete after 30 days + manual deletion |
| Data Portability | Messages stored only on device |
| Privacy by Design | Built from ground up for privacy |
7. CCPA Compliance (California Users)
Your California Privacy Rights:
- No Sale of Data: We never sell your information. Period.
- Right to Know: This policy details all data collection
- Right to Delete: Request deletion at privacy@cryptojis.com
- Non-discrimination: Same features for all users
- Financial Incentives: None offered
8. Children's Privacy
Cryptojis is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with information, please contact us immediately at privacy@cryptojis.com.
For users aged 13-17, we recommend parental guidance when using privacy tools.
9. Data Retention and Deletion
Automatic Deletion Schedule:
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Receipt validation data | 30 days | Automated daily purge |
| Analytics data | 30 days | Firebase auto-deletion |
| Support inquiries | 90 days | Manual review and deletion |
| Your messages | Never stored | N/A - device only |
10. Privacy Features in Cryptojis
On-Device Processing
All message encoding and decoding happens locally. Your messages never leave your device in readable form.
Screenshot Protection
Premium feature that prevents screenshots of your encoded messages (iOS restrictions apply).
Biometric Lock
Secure your app with Face ID or Touch ID for an extra layer of protection.
No Account Required
Use Cryptojis without creating an account or providing any personal information.
11. Open Source Transparency
We believe in transparency. Our privacy practices are:
- Clear and understandable
- No hidden analytics or tracking
- Focused on user privacy
- Simple and straightforward
12. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes by:
- Updating the "Last Updated" date
- Posting a notice in the app
- Sending an in-app notification for material changes
Continued use after changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy questions, concerns, or requests:
Email: privacy@cryptojis.com
Response Time: Within 72 hours
Support: support@cryptojis.com
Website: cryptojis.com
For EU residents: You have the right to lodge a complaint with your local data protection authority.
๐ค Summary
True privacy is not just about what we don't collectโit's about building an entire system designed to protect your communications from the ground up. That's Cryptojis.