Privacy Policy

Last Updated: May 12, 2025

1. Introduction

Welcome to Zixt Secure Messaging ("Zixt," "we," "us," or "our"). At Zixt, we take your privacy seriously and are committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our secure messaging platform.

By using Zixt Secure Messaging, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Username
  • Email address
  • Optional profile information (first name, last name, avatar, bio, and status)
  • Encrypted password (we never store plaintext passwords)

2.2 Cryptographic Keys

Our system generates and stores:

  • Public keys (visible to other users)
  • Encrypted private keys (secured with your password and only decrypted locally during use)
  • Session keys (used for message encryption)

2.3 Message Data

We store:

  • Encrypted message content (only decryptable by intended recipients)
  • Message metadata (timestamps, thread affiliations)
  • Read receipts

2.4 Technical Information

We automatically collect:

  • IP addresses (for security monitoring and distributed hash table functionality)
  • Browser type and version
  • Access timestamps
  • System configuration information

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Zixt messaging platform
  • Facilitate secure communication between users
  • Verify your identity and authenticate access
  • Process and deliver messages to intended recipients
  • Operate the distributed hash table (DHT) for federated messaging
  • Generate blockchain entries for message verification
  • Detect and prevent security incidents, fraud, and abuse
  • Send service-related notifications (such as security alerts or updates)

4. Data Security

We implement comprehensive security measures to protect your information:

  • Post-quantum cryptography (ML-KEM-1024 for encryption and ML-DSA-65/Dilithium5 for signatures)
  • End-to-end encryption for message content
  • Encrypted storage of private keys
  • Secure password hashing
  • Multi-factor authentication options
  • Blockchain-verified message integrity
  • Regular security audits and updates

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Retention of Data

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Message data is retained according to your organization's retention policy settings, with a default of 90 days unless configured otherwise by administrators.

You may request deletion of your account and associated data at any time. However, some information may be retained as required by law or for legitimate business purposes.

6. Sharing Your Information

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties except in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information.
  • Federated Services: In federated deployments, limited information (such as public keys and encrypted messages) is shared between participating servers to facilitate communication.
  • Legal Requirements: When required by law, court order, or governmental regulation.
  • Service Providers: We may engage trusted third parties to help us operate our service (such as hosting providers), subject to confidentiality agreements.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate safeguards for your data.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access to your personal information
  • Correction of inaccurate or incomplete data
  • Deletion of your personal data
  • Restriction or objection to certain processing activities
  • Data portability
  • Withdrawal of consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

8. Children's Privacy

Zixt Secure Messaging is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will promptly delete it from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, where data protection laws may differ. By using our services, you consent to this transfer. However, we will take appropriate measures to protect your personal information and ensure it is treated in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@zixt.app