Chat Encryption Terms
Our Commitment to Your Privacy
At Cleset, protecting your privacy and securing your data is our utmost priority. We believe that your conversations should remain completely private, which is why we've implemented military-grade end-to-end encryption for all chat communications. This means your messages are protected from the moment they leave your device until they reach your intended recipient – and no one else, not even Cleset, can access them.
Zero Knowledge Promise: We've designed our system so that even we cannot read your messages. Your privacy is built into the very architecture of our platform.
How Our Advanced Encryption Works
Every message you send through Cleset is protected by state-of-the-art encryption technology. Here's what happens behind the scenes to keep your conversations secure:
The Encryption Process
- Local Encryption: Your messages are encrypted directly on your device using advanced cryptographic algorithms before they ever leave your phone or computer
- Secure Transmission: Encrypted messages travel through our servers, but remain completely unreadable to anyone except the intended recipient
- Recipient Decryption: Only the person you're messaging can decrypt and read your messages using their unique private key
- Perfect Forward Secrecy: Each conversation uses unique encryption keys, so even if one conversation were compromised, your other messages remain secure
What This Means for You
- 🔒 Complete Privacy: Cleset employees, administrators, and systems cannot access the contents of your encrypted messages under any circumstances
- 🛡️ Protection from Breaches: Even if our servers were compromised by hackers, your messages would remain encrypted and unreadable
- 👥 Truly Private Conversations: Only you and your intended recipient can read your conversations – no exceptions
- 💻 Local Control: Message decryption happens entirely on your device, ensuring your data never exists in readable form on our servers
Your Role in Maintaining Security
While we provide the strongest possible encryption, your security also depends on following these important practices:
Essential Security Practices
- 🔐 Secure Your Account: Use a strong, unique password and enable two-factor authentication to protect your account from unauthorized access
- 🔑 Protect Your Keys: Never share your encryption keys, account credentials, or device access with others – this could compromise all your encrypted messages
- 📱 Keep Devices Secure: Use device locks, keep your apps updated, and be cautious about who has physical access to your devices
- 🚨 Report Issues Immediately: If you suspect any security breach, unauthorized access, or suspicious activity, contact us immediately at security@cleset.com
- 📋 Follow Terms of Service: Use our encrypted chat service responsibly and in compliance with our general Terms of Service
⚠️ Critical: Private Key Backup
Your private key is the only way to decrypt your messages. If you lose your private key, your encrypted messages are permanently lost – we cannot recover them.
- Always back up your private key in a secure location before uninstalling the app
- Consider using a secure password manager or encrypted storage for your backup
- Never store your private key in plain text or share it with anyone
Understanding Key Management
Your encryption keys are the foundation of your message security. Here's what you need to know:
How Keys Work
- 🔑 Generated on Your Device: Your unique encryption keys are created locally on your device using secure random number generation
- 💾 Stored Locally: Your private key never leaves your device and is stored in your device's secure storage
- 🔄 Automatic Key Exchange: Public keys are safely shared with your contacts to enable encrypted messaging
- 🔒 Your Responsibility: You are the sole guardian of your private key – we cannot access, recover, or reset it
Important Recovery Information: Unlike traditional services where we can reset your password, lost encryption keys cannot be recovered by Cleset under any circumstances. This is by design to ensure your maximum privacy and security.
Data We Collect and Why
We are committed to collecting only the minimum data necessary to provide our service. Here's exactly what we can and cannot see:
What We CAN See (Metadata Only)
- 📅 Message Timestamps: When messages were sent and received (used for delivery confirmation and troubleshooting)
- 👤 User Identifiers: Who sent and received messages (necessary for message routing)
- 📱 Device Information: Basic device and connection data (used for service optimization and security monitoring)
- 📊 Service Analytics: Usage patterns to improve our service (always anonymized and aggregated)
What We CANNOT See
- ❌ Message Content: The actual text, images, or files you share
- ❌ Private Keys: Your decryption keys remain on your device only
- ❌ Decrypted Data: Any readable version of your communications
Data Retention Policy
We retain metadata only as long as necessary for service operation and legal compliance. Encrypted messages are deleted from our servers according to your retention settings, and we cannot decrypt them even while they're stored.
Legal Compliance and Your Rights
We are committed to protecting your privacy while operating within legal frameworks:
Our Legal Obligations
- ⚖️ Law Enforcement Cooperation: We will respond to valid legal orders as required by law
- 🔐 Technical Limitations: We cannot decrypt your messages even if legally required to do so – this is a technical impossibility, not a choice
- 📋 Transparency: We may provide metadata when legally required, but never message content
- 🛡️ User Protection: We will challenge overly broad requests and fight to protect your privacy within legal bounds
Your Ongoing Responsibilities
- You remain responsible for the content you share, even though it's encrypted
- Use our service in compliance with all applicable laws and regulations
- Respect the privacy and rights of others in your communications
Continuous Security Improvements
Security is an ongoing commitment, not a one-time implementation:
Our Security Practices
- 🔬 Regular Security Audits: We conduct frequent security assessments and penetration testing
- 📈 Encryption Updates: We continuously improve our encryption methods to stay ahead of emerging threats
- 🔔 Transparent Communication: We will notify you of any significant changes to our encryption methods
- 🏆 Industry Standards: We follow and exceed industry best practices for secure communications
Update Notifications: Any significant changes to how your data is encrypted will be communicated to you at least 30 days in advance when possible, giving you time to understand and prepare for changes.
Important Limitations and Considerations
We want you to have realistic expectations about digital security:
Security Realities
- 🛡️ Strong but Not Perfect: While our encryption is extremely robust, no digital system is 100% secure against all potential threats
- 📱 Device-Dependent Security: Your messages are only as secure as the devices you use to access them
- 🔓 Recipient Control: Once decrypted, recipients can share message content outside our platform
- 🎯 Targeted Attacks: Advanced persistent threats may target individual devices rather than our encryption
Best Practices for Maximum Security
- Keep your devices updated with the latest security patches
- Be mindful of who you communicate with and what you share
- Consider the sensitivity of information before sharing, even in encrypted form
Getting Help and Support
We're here to help you understand and use our encryption features effectively:
Additional Resources
- 📚 Visit our Help Center for detailed guides on using encryption features
- 🔍 Check our Security Blog for updates on our latest security improvements
- 📖 Review our comprehensive Privacy Policy for more details on data handling
Our Promise to You
At Cleset, we believe privacy is a fundamental right. We've built our entire platform around the principle that your conversations should remain yours alone. This commitment drives every technical decision we make and every feature we develop.
We will continue to invest in the strongest possible security measures, maintain transparency about our practices, and fight to protect your privacy in an increasingly connected world.