Privacy Policy

We built LoChat around one principle: your conversations belong to you. This policy explains exactly what we do and do not do with your information.

Effective date: January 1, 2026 · Last updated: March 1, 2026 · Version 1.0
01

Section 01

Information We Collect

We collect only the minimum information necessary to provide and improve the LoChat service. We categorize this into two types:

Information you provide directly:

  • Account registration data: username, phone number or email address used to create your account.
  • Profile information: display name and optional profile photo.
  • Support communications: messages you send to our support team.

Information collected automatically:

  • Device information: device type, operating system version, and app version for compatibility and troubleshooting.
  • Connection metadata: timestamps of connections to our servers and IP addresses (used for IP whitelist enforcement where applicable).
  • Crash and error reports: anonymous diagnostic data to improve app stability.

We do not collect: message content, call audio/video, file contents, or any data processed end-to-end. This information is encrypted on your device and is technically inaccessible to us.

02

Section 02

How We Use Your Information

The limited information we collect is used exclusively for the following purposes:

We never sell, rent, or share your personal data with advertisers, data brokers, or third parties for marketing purposes.

  • Account management: to authenticate your identity, deliver notifications, and manage your subscription or plan.
  • Service operation: to route messages, facilitate calls, and sync data across your devices.
  • Security enforcement: to detect abuse, enforce IP whitelisting, and protect against unauthorized access.
  • Product improvement: to diagnose bugs, measure performance, and prioritize feature development using aggregate, anonymized data.
  • Legal compliance: to comply with applicable laws, regulations, or valid legal requests in the jurisdictions where we operate.
03

Section 03

End-to-End Encryption

LoChat uses end-to-end encryption (E2EE) by default for all private messages, group chats, voice messages, file transfers, and voice/video calls.

This means:

  • Messages are encrypted on your device using your private key before being sent to our servers.
  • Our servers only store and relay ciphertext — we cannot decrypt or read your messages.
  • Decryption only happens on the recipient's device using their private key.
  • Perfect Forward Secrecy (PFS) ensures that session keys rotate with every message, so compromise of any single key cannot expose past conversations.

Zero-knowledge architecture: Even if compelled by a court order, LoChat cannot provide the contents of your messages because we do not have access to them.

04

Section 04

Data Storage & Retention

Messages and media are stored in encrypted form on our servers only long enough to be delivered to the recipient. Once delivered, they are deleted from our servers.

Account data (username, phone/email, profile photo) is retained for as long as your account is active. If you delete your account, we will permanently erase your account data.

Server logs containing IP addresses and connection timestamps are retained for a maximum of 90 days for security and abuse prevention purposes, after which they are automatically purged.

05

Section 05

Third-Party Services

LoChat uses a limited number of third-party services strictly necessary for operating the platform:

We do not integrate advertising networks, social media trackers, or data analytics platforms that harvest user behavior.

  • Push notification providers (Apple APNs, Google FCM): to deliver message notifications. Only a device token and message count are shared — no message content.
  • Cloud infrastructure providers: our servers are hosted on reputable cloud providers bound by data processing agreements. All stored data is encrypted at rest.
06

Section 06

Cookies & Analytics

The LoChat website (lochat.com) uses only strictly necessary cookies for session management and security. We do not use advertising cookies or cross-site tracking cookies.

We may use privacy-preserving analytics tools that collect aggregate, anonymized data (such as page visit counts) without identifying individual users. No personal data is associated with analytics events.

07

Section 07

Children's Privacy

LoChat is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information without parental consent, please contact us at [email protected] and we will promptly delete the information.

08

Section 08

International Data Transfers

LoChat operates globally, which means your data may be transferred to and processed in countries other than where you reside. We ensure that all cross-border data transfers are conducted under appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized by applicable data protection law.

Regardless of where data is processed, the protections described in this policy apply to all users.

09

Section 09

Your Rights

Depending on your location, you may have certain rights regarding your personal data. These may include:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data ("right to be forgotten").
  • Portability: Request a machine-readable export of your data.
  • Objection: Object to specific types of data processing.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
10

Section 10

Security

We implement industry-standard technical and organizational measures to protect your data, including:

While no system is completely immune to security incidents, we are committed to promptly notifying affected users and relevant authorities in the event of a data breach, as required by law.

  • End-to-end encryption for all message content (as described in Section 3).
  • Encryption at rest (AES-256) for all server-stored data.
  • TLS 1.3 for all data in transit between your device and our servers.
  • Regular independent third-party security audits.
  • Strict internal access controls — only essential personnel may access metadata, subject to audit logging.
11

Section 11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes, we will notify you through the app, via email (if you have provided one), or by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of LoChat after the effective date of any changes constitutes your acceptance of the updated policy.