Privacy Policy
aesmsg is built so your private content stays private — encrypted on your device, opaque to our servers, and readable only by the recipient you choose.
Overview
aesmsg is a privacy-first encryption layer over the messaging channels you already use. You encrypt content locally on your device, then share an opaque link to the resulting ciphertext — and only the intended recipient can decrypt it. This policy explains what the aesmsg apps and backend do, and just as importantly do not do, with your data.
Because aesmsg runs on a zero-knowledge backend, there is very little data for this policy to describe. The product is designed so the sensitive parts of your message never reach our servers in a form anyone could read.
What we process
When you create a secure link, your message and any attachment are encrypted on your device first. Only the resulting ciphertext, together with a small amount of operational metadata, is uploaded to our backend. The backend stores only:
- A message identifier
- The encrypted ciphertext
- The creation time
- The expiry you chose
- The maximum number of opens you allowed
- The link status — for example active, expired, or revoked
That is the complete list. This metadata is what lets a link expire, enforce its open limit, and be revoked. It is not the contents of your message.
What we never have access to
Your private content never reaches us in a readable form. We do not have access to, and the backend never stores:
- Plaintext messages
- Private keys
- Message previews
- Unencrypted attachments
Encryption keys are generated on your device. Your private key stays on your device and never leaves it unless you explicitly export an encrypted backup. Decryption happens locally on the recipient's device after a biometric unlock, so only the intended recipient can decrypt a message — never us, and never the channel you sent the link through.
Connection and abuse-prevention data
To keep aesmsg available and to prevent abuse, our backend briefly processes limited technical data about each request — including a salted, non-reversible hash of your IP address — purely to enforce rate limits. We do not store raw IP addresses, and we do not use this data to identify you or build a profile of you. Our hosting provider may also keep standard server logs that include IP addresses for a limited period for security and reliability.
Legal bases for processing
Where the EU General Data Protection Regulation (GDPR) applies, we rely on the following legal bases for the limited processing described in this policy:
- To transmit a secure link you create and enforce its expiry and open limit — performing the service you request (Article 6(1)(b)).
- To keep the service secure, enforce rate limits, and prevent abuse — our legitimate interests (Article 6(1)(f)).
- To meet legal obligations that may apply to us — compliance with a legal obligation (Article 6(1)(c)).
Data retention and deletion
You control how long a secure link lives and how many times it can be opened. When you create a link you can set it to self-destruct after 10 minutes, 1 hour, 24 hours, 7 days, or a custom duration, and you can cap the number of times it may be opened.
You can also revoke a link manually at any time. Revoking a link purges its ciphertext from our servers immediately. When a link reaches its expiry or its open limit, it stops working at once — it can no longer be opened or decrypted by anyone through the service — and its ciphertext is then purged automatically by a routine cleanup process shortly afterwards. Anything we hold in the meantime is only ever opaque ciphertext sealed to the recipient — useless without the recipient's private key, which never reaches us.
A minimal metadata record — the message identifier, timestamps, open count, and final status such as expired or revoked — may be retained so the link reliably stays closed. It never contains your message.
Data that stays on your device
Some information never leaves your device at all. Your private keys, your saved contacts, your list of links, and your app settings are stored locally on your device and, where supported, encrypted at rest. We do not receive, store, or have access to this on-device data. If you uninstall the app or wipe your identity, this data is removed from the device.
No tracking, analytics, or accounts
aesmsg has no user accounts, no analytics or tracking SDKs, no advertising, and no third-party data brokers. We do not build profiles of you, and we do not sell or share your data. The aesmsg website (aesmsg.com) sets no cookies and runs no analytics or tracking scripts.
Consistent with this, the App Store privacy label for the aesmsg iOS app is declared "Data Not Collected". The only technical data we process is the transient, security-only connection data described above, which is never used to identify you, track you, or build a profile.
Service providers and international transfers
Running aesmsg relies on a small number of infrastructure providers. None of them ever receive your plaintext, your private keys, or anything that would let them read your messages:
- A cloud hosting and database provider stores the encrypted ciphertext and minimal metadata, and keeps standard server logs.
- If you choose to enable notifications, Apple Push Notification service and Google Firebase Cloud Messaging may deliver content-free alerts that contain no message content.
- The Apple App Store and Google Play distribute the app and may collect download and diagnostic data under their own privacy policies.
Our infrastructure — including the servers that store ciphertext and metadata — is located in the European Union (Germany). Any data the third-party providers above process on their own systems is handled under their respective privacy policies and safeguards.
International users and your rights
aesmsg is operated by CODIFY d.o.o. and is available internationally. We aim to comply with applicable privacy laws, including the GDPR, wherever you use the app.
Where the GDPR applies, you have the right to access, correct, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to lodge a complaint with your local data protection authority. In Croatia, that authority is the Personal Data Protection Agency (AZOP, azop.hr).
Because our backend is zero-knowledge and we operate without accounts, we hold essentially no personal data tied to your identity — only opaque ciphertext and the minimal metadata described above. As permitted under Article 11 of the GDPR, we are not required to collect additional information solely to identify you, and we may be unable to link a request to specific data without more detail from you. In practice you exercise control directly: choose a short expiry, cap the number of opens, or revoke a link to purge its ciphertext immediately.
To make a request or ask a question about your data, contact us using the details below and we will respond.
How we protect your data
Security is the core of how aesmsg is built. Content is encrypted on your device with strong, modern encryption before it is ever uploaded; data is encrypted in transit; our servers hold only opaque ciphertext and minimal metadata; and we keep that ciphertext only for as long as your link lives. Because we never hold plaintext or private keys, even a full compromise of our servers would not expose your messages.
Children
aesmsg is intended for adults and is not directed to children. We do not knowingly collect personal data from children, and the service is not offered to anyone under the minimum age required in their country — 16 in much of the European Union, and 13 in the United States. If you believe a child has provided us with personal data, contact us and we will address it.
Changes to this policy
We may update this policy from time to time. When we make a material change, we will revise the "last updated" date at the top of this page and highlight the change here, and where appropriate we will notify users in the app before it takes effect.
Contact
aesmsg is provided by CODIFY d.o.o., Nova Cesta 138/1, 10110 Zagreb, Croatia (OIB 59253184772). For any question or request about this policy or your personal data, reach our privacy contact: