Privacy Policy
Last updated: March 14, 2026
At Jolkr, privacy is not a feature — it is the foundation of everything we build. This policy explains what data we collect, why, and how we protect it.
The short version: We collect the absolute minimum data needed to run the service. We never sell your data. Messages in end-to-end encrypted chats cannot be read by anyone except the participants — not even us.
1. Information We Collect
Account information
- Email address (for authentication and password recovery)
- Username and optional display name
- Profile avatar (if you choose to upload one)
Messages and content
- Messages sent in end-to-end encrypted conversations are stored in encrypted form. We cannot decrypt or read them.
- Messages in unencrypted server channels are stored to provide the service (message history, search).
- Files and attachments you upload are stored on our infrastructure.
Technical data
- IP address (temporarily, for rate limiting and abuse prevention)
- Device information when registering push notification tokens
- Basic connection metadata needed to deliver messages in real time
2. What We Do NOT Collect
- We do not use analytics or tracking scripts
- We do not use advertising cookies or third-party trackers
- We do not build user profiles for marketing purposes
- We do not read, scan, or analyze your encrypted messages
- We do not sell, rent, or share your data with third parties
3. End-to-End Encryption
Direct messages and group DMs use end-to-end encryption (E2EE) by default. This means:
- Messages are encrypted on your device before they leave it
- Only the intended recipients can decrypt and read the messages
- Jolkr servers only store the encrypted ciphertext
- We have no ability to decrypt your messages, even if compelled by law
4. How We Use Your Data
We use the data we collect solely to:
- Provide and maintain the Jolkr service
- Authenticate your account and manage sessions
- Deliver messages and notifications to your devices
- Prevent abuse and enforce our terms of service
- Send password reset emails when requested
5. Data Storage and Security
- All data is stored on infrastructure controlled by Jolkr
- All connections use TLS encryption in transit
- Passwords are hashed using industry-standard algorithms (Argon2)
- We perform regular security reviews of our codebase
- Our source code is open and available for inspection on GitHub
6. Data Retention
We retain your data only as long as your account is active. When you delete your account:
- Your profile information is permanently deleted
- Your messages in encrypted conversations remain encrypted and unreadable
- We may retain minimal logs for up to 30 days for abuse prevention
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data in your profile
- Delete your account and associated data
- Export your data in a portable format
8. Children's Privacy
Jolkr is not intended for children under the age of 13. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it.
9. Changes to This Policy
We may update this privacy policy from time to time. When we make significant changes, we will notify users through the application. The "last updated" date at the top reflects the most recent revision.
10. Contact
If you have questions about this privacy policy or your data, you can reach us at:
- Email: [email protected]
- GitHub: Open an issue