← Porta

Privacy Policy

Last updated: March 13, 2026

1. What We Collect

Porta collects the minimum information necessary to operate:

• Email address — used for authentication and account recovery.
• Display name — shown to your contacts.
• Device identity keys — used to establish encrypted sessions via the Signal Protocol.

We do not collect your contacts, location, browsing history, or any analytics data.

2. Message Privacy

All messages are end-to-end encrypted using the Signal Protocol (X3DH key agreement + Double Ratchet). This means:

• Messages are encrypted on your device before being sent.
• Only you and your recipient can read them.
• Porta servers cannot decrypt your messages — ever.
• Messages are ephemeral and automatically deleted after 24 hours.

3. Data Storage

• Messages are stored only on your device, encrypted with AES-256-GCM.
• The server temporarily holds encrypted messages for delivery, then deletes them after acknowledgment.
• Media files are encrypted client-side before upload and auto-deleted from the server.
• We use PostgreSQL with encrypted connections. No message content is stored in plaintext.

4. What We Don't Do

• We don't sell your data.
• We don't show ads.
• We don't track you across apps or websites.
• We don't share data with third parties.
• We don't use your data for AI training.

5. Account Deletion

You can delete your account at any time from Settings. This permanently removes all your data from our servers, including your profile, keys, and any pending messages.

6. Contact

Questions about privacy? Reach us at [email protected]