Chat Encryption Terms

Zero Knowledge Promise: We've designed our system so that even we cannot read your messages. Your privacy is built into the very architecture of our platform.

The Encryption Process

• Local Encryption: Your messages are encrypted directly on your device using advanced cryptographic algorithms before they ever leave your phone or computer
• Secure Transmission: Encrypted messages travel through our servers, but remain completely unreadable to anyone except the intended recipient
• Recipient Decryption: Only the person you're messaging can decrypt and read your messages using their unique private key
• Perfect Forward Secrecy: Each conversation uses unique encryption keys, so even if one conversation were compromised, your other messages remain secure

What This Means for You

• 🔒 Complete Privacy: Cleset employees, administrators, and systems cannot access the contents of your encrypted messages under any circumstances
• 🛡️ Protection from Breaches: Even if our servers were compromised by hackers, your messages would remain encrypted and unreadable
• 👥 Truly Private Conversations: Only you and your intended recipient can read your conversations – no exceptions
• 💻 Local Control: Message decryption happens entirely on your device, ensuring your data never exists in readable form on our servers

Essential Security Practices

• 🔐 Secure Your Account: Use a strong, unique password and enable two-factor authentication to protect your account from unauthorized access
• 🔑 Protect Your Keys: Never share your encryption keys, account credentials, or device access with others – this could compromise all your encrypted messages
• 📱 Keep Devices Secure: Use device locks, keep your apps updated, and be cautious about who has physical access to your devices
• 🚨 Report Issues Immediately: If you suspect any security breach, unauthorized access, or suspicious activity, contact us immediately at security@cleset.com
• 📋 Follow Terms of Service: Use our encrypted chat service responsibly and in compliance with our general Terms of Service

⚠️ Critical: Private Key Backup

Your private key is the only way to decrypt your messages. If you lose your private key, your encrypted messages are permanently lost – we cannot recover them.

• Always back up your private key in a secure location before uninstalling the app
• Consider using a secure password manager or encrypted storage for your backup
• Never store your private key in plain text or share it with anyone

How Keys Work

• 🔑 Generated on Your Device: Your unique encryption keys are created locally on your device using secure random number generation
• 💾 Stored Locally: Your private key never leaves your device and is stored in your device's secure storage
• 🔄 Automatic Key Exchange: Public keys are safely shared with your contacts to enable encrypted messaging
• 🔒 Your Responsibility: You are the sole guardian of your private key – we cannot access, recover, or reset it

Important Recovery Information: Unlike traditional services where we can reset your password, lost encryption keys cannot be recovered by Cleset under any circumstances. This is by design to ensure your maximum privacy and security.

What We CAN See (Metadata Only)

• 📅 Message Timestamps: When messages were sent and received (used for delivery confirmation and troubleshooting)
• 👤 User Identifiers: Who sent and received messages (necessary for message routing)
• 📱 Device Information: Basic device and connection data (used for service optimization and security monitoring)
• 📊 Service Analytics: Usage patterns to improve our service (always anonymized and aggregated)

What We CANNOT See

• ❌ Message Content: The actual text, images, or files you share
• ❌ Private Keys: Your decryption keys remain on your device only
• ❌ Decrypted Data: Any readable version of your communications

Data Retention Policy

We retain metadata only as long as necessary for service operation and legal compliance. Encrypted messages are deleted from our servers according to your retention settings, and we cannot decrypt them even while they're stored.

Our Legal Obligations

• ⚖️ Law Enforcement Cooperation: We will respond to valid legal orders as required by law
• 🔐 Technical Limitations: We cannot decrypt your messages even if legally required to do so – this is a technical impossibility, not a choice
• 📋 Transparency: We may provide metadata when legally required, but never message content
• 🛡️ User Protection: We will challenge overly broad requests and fight to protect your privacy within legal bounds

Your Ongoing Responsibilities

• You remain responsible for the content you share, even though it's encrypted
• Use our service in compliance with all applicable laws and regulations
• Respect the privacy and rights of others in your communications

Our Security Practices

• 🔬 Regular Security Audits: We conduct frequent security assessments and penetration testing
• 📈 Encryption Updates: We continuously improve our encryption methods to stay ahead of emerging threats
• 🔔 Transparent Communication: We will notify you of any significant changes to our encryption methods
• 🏆 Industry Standards: We follow and exceed industry best practices for secure communications

Update Notifications: Any significant changes to how your data is encrypted will be communicated to you at least 30 days in advance when possible, giving you time to understand and prepare for changes.

Security Realities

• 🛡️ Strong but Not Perfect: While our encryption is extremely robust, no digital system is 100% secure against all potential threats
• 📱 Device-Dependent Security: Your messages are only as secure as the devices you use to access them
• 🔓 Recipient Control: Once decrypted, recipients can share message content outside our platform
• 🎯 Targeted Attacks: Advanced persistent threats may target individual devices rather than our encryption

Best Practices for Maximum Security

• Keep your devices updated with the latest security patches
• Be mindful of who you communicate with and what you share
• Consider the sensitivity of information before sharing, even in encrypted form

Contact Information

• 🛡️ Security Issues: security@cleset.com
• 🔒 Privacy Questions: privacy@cleset.com
• ❓ General Support: support@cleset.com

Additional Resources

• 📚 Visit our Help Center for detailed guides on using encryption features
• 🔍 Check our Security Blog for updates on our latest security improvements
• 📖 Review our comprehensive Privacy Policy for more details on data handling