Privacy Policy
Last updated: see git history
Summary
Scorpio Net is designed with privacy by default and privacy by design (GDPR Article 25).
| What we collect | What we do NOT collect |
|---|---|
| Your username (local only) | Your message content (end-to-end encrypted) |
| Encrypted message metadata (timestamp, conversation ID) | Passwords or PINs (hashed locally, never transmitted) |
| Optional: crash reports (with consent) | Location data |
| Contact lists (without explicit consent) | |
| Advertising identifiers |
Data Storage
- All message content is encrypted with AES-256-GCM before leaving your device.
- Private cryptographic keys are stored exclusively in your device’s secure enclave (iOS Keychain / Android Keystore).
- The server stores only ciphertext — it cannot decrypt your messages.
- Local data is stored in an encrypted SQLite database (SQLCipher).
Data Retention
- Messages: configurable disappearing message timers (default: off).
- Server-side: ciphertext is deleted after delivery or after 30 days maximum.
- Audit logs: retained for up to 6 years where required by law (HIPAA).
Your Rights (GDPR)
- Access: Request a copy of all data associated with your account.
- Erasure: Request deletion of your account and all associated data.
- Portability: Export your data in a machine-readable format.
- Rectification: Correct inaccurate personal data.
To exercise these rights, contact us at privacy@scorpio-net.example.com.
Third Parties
Scorpio Net does not share your data with third parties for advertising. Optional crash reporting (e.g., Sentry) is opt-in and anonymised.
Children
Scorpio Net is not intended for users under the age of 16 (GDPR Article 8).
Changes
Material changes to this policy will be announced in-app and via the project’s release notes. Continued use after the effective date constitutes acceptance.