Connecto ("we", "our", "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.
1. Information We Collect
Personal Data: When you register, we collect your email address, username, and hashed password. You may optionally provide an avatar and banner image.
Encrypted Content: All direct messages, group messages, and voice calls are end‑to‑end encrypted on your device. We never have access to the plaintext content.
Metadata: We collect limited metadata (e.g., timestamps, channel IDs) necessary to route messages, but this does not include the content of communications.
Usage Data: Server memberships, IP addresses, and audit logs are kept for security and moderation purposes.
2. How We Use Your Information
- To provide, maintain, and improve the service.
- To authenticate your identity and prevent fraud.
- To moderate content and enforce our Terms of Service.
- To send essential notifications (verification, security alerts).
- To comply with legal obligations.
3. End‑to‑End Encryption (E2EE)
Connecto uses military‑grade E2EE for all direct messages and voice channels. Your encryption keys are generated and stored locally on your device – we never have access to your private keys. This ensures that even we cannot read your messages or listen to your calls.
4. Data Storage & Security
Your data is stored on Cloudflare D1 databases located in the EU and US. All traffic is encrypted with TLS 1.3. Passwords are hashed using PBKDF2 with a pepper. Encrypted message blobs are stored but cannot be decrypted by us.
5. Sharing of Data
We do not sell your personal data. We may share data with:
- Cloudflare (infrastructure provider) – under their data processing addendum.
- Brevo (email delivery) – only your email address for verification.
- Law enforcement when required by valid legal process.
6. Your Rights (GDPR / CCPA)
You have the right to access, correct, delete, or port your personal data. To exercise these rights, contact privacy@connecto.com.
7. Data Retention
We retain encrypted messages as long as your account is active. After deletion, encrypted blobs may be kept for up to 90 days in backups. Audit logs are retained for 12 months.
8. Children’s Privacy
Connecto is not directed to children under 13. We do not knowingly collect information from children.
9. Changes to This Policy
We will notify users of material changes via email or in‑app notice.
10. Contact Information
Data Protection Officer: dpo@connecto.com
Legal correspondence: legal@connecto.com