Shroud Messenger — Privacy Policy

Last updated: March 31, 2026

            Summary: Shroud uses end-to-end encryption. We cannot read your messages,
            see your photos, or listen to your calls. We collect the minimum data needed to deliver messages.
        

1. What We Encrypt (We Cannot Access)

Messages — encrypted with Signal Protocol (X3DH + Double Ratchet). Only you and your recipient can read them.
Media files — encrypted with ChaCha20-Poly1305 before upload. Our server stores only encrypted blobs.
Voice and video calls — peer-to-peer WebRTC with DTLS-SRTP. Audio and video never pass through our servers unencrypted.

2. What We Store (Minimum Necessary)

Account info — display name and randomly generated device ID. No phone number, no email.
Public keys — your encryption public keys (needed for others to send you messages).
Encrypted messages in transit — stored temporarily until delivered, then deleted within 7 days.
Push notification tokens — to wake your device when a message arrives. We send "New message" without content.

3. What We Never Collect

Phone numbers or email addresses
Contact lists or address books
Location data
Usage analytics or tracking data
Advertising identifiers
Message content (encrypted, we cannot decrypt)

4. Disappearing Messages

When enabled, messages are automatically deleted from both devices after the selected timer expires. Deletion is handled client-side. The server deletes delivered messages within 7 days regardless of this setting.

5. Data Retention

Delivered messages: deleted from server within 7 days
Undelivered messages: stored up to 30 days, then deleted
Account data: retained until you delete your account
Encrypted media: retained until the message is deleted

6. Third-Party Services

Firebase Cloud Messaging (FCM) — for push notifications only. Google receives your device token but not message content.
TURN server — assists with call connectivity when direct peer-to-peer connection fails. Only encrypted media passes through.

7. Your Rights

You can request deletion of your account and all associated data at any time through the app settings. Upon deletion, all your data is permanently removed from our servers within 48 hours.

8. Security

All connections use TLS 1.3. Encryption keys are generated and stored on your device. Private keys never leave your device. We use hardware-backed key storage where available.

9. Open Source Cryptography

Shroud's encryption is built on the Signal Protocol — the same cryptographic foundation trusted by security researchers worldwide. Our implementation uses X25519 for key exchange, ChaCha20-Poly1305 for symmetric encryption, and HMAC-SHA256 for authentication.

10. Changes

We will notify users in-app of any material changes to this policy.

11. Contact

Questions about this policy: privacy@shroud.ru

S H R O U D