Privacy Policy

1. overview

mono is a private, end-to-end encrypted messaging application built on radical privacy. this privacy policy explains what limited information we collect, why we collect it, how we protect it, and what rights you have over it.

under normal operation of the service, we are architecturally unable to read your messages. our servers only receive encrypted ciphertext, and we do not possess the private keys required to decrypt your conversations. this policy reflects that commitment.

2. who we are

mono is operated by:

• - steve urrego (natural person, operator and data controller)
• - cra 36 # 18 sur 130, medellín, colombia
• - contact: contact@monochat.app

for purposes of the european union general data protection regulation (gdpr), the california consumer privacy act (ccpa), the lei geral de proteção de dados (lgpd, brazil), and the colombian ley 1581 de 2012 (habeas data), the operator identified above acts as the data controller.

eu representative (gdpr article 27)

before the service actively serves users in the european union or the european economic area, we will designate a representative established in the union pursuant to gdpr article 27. until such designation is in force, eu residents may contact us directly at contact@monochat.app for any data protection inquiry. this section will be updated with the representative's name, address, and contact details as soon as the designation is formalized.

3. information we collect

mono is designed around data minimization. we collect only what is strictly necessary to operate the service. specifically:

• - anonymous user identifier. a randomly generated firebase authentication user id. this id is not linked to your name, email, phone number, or any personal data.
• - encrypted message content. messages you send are encrypted on your device using modern industry-standard end-to-end encryption before they reach our servers. we store only the encrypted ciphertext; we cannot read it.
• - encrypted media. images, videos, and files attached to messages are encrypted on-device before upload to firebase storage. we store only the encrypted binaries.
• - public encryption keys. your public key is shared with your conversation partner to enable end-to-end encryption. your private key never leaves your device.
• - connection metadata. chat identifiers, timestamps, and session state required to enforce the 18-hour time-to-live and message limits.
• - usage analytics (non-identifying). firebase analytics events such as app opens, message sends, and feature interactions, without any personally identifiable information.
• - device attestation signals. firebase app check provides anti-abuse signals that confirm requests come from legitimate instances of mono. no personal data is transmitted.

information we deliberately do not collect

mono does not collect any of the following, by design:

• - names, usernames, or display names
• - email addresses or phone numbers
• - profile pictures, avatars, or biometric data
• - address book, contacts, or social graph
• - precise location or ip-based geolocation for advertising
• - advertising identifiers (idfa / gaid)
• - message content in plaintext (only encrypted ciphertext reaches our servers)
• - browsing history or cross-app behavior
• - payment or billing information. mono is free; if paid features are ever introduced, payment will be handled exclusively by the app store platforms (apple, google), and we will not receive card or billing data directly.

4. how we use your information

we use the limited information we collect only for:

• - operating the service. routing encrypted messages, enforcing the one-conversation-at-a-time rule, rotating keys, deleting expired chats, and destroying conversations when you cut the line.
• - security and abuse prevention. detecting bots, rate-limiting suspicious activity, and banning abusive users via signals from firebase app check and server-side rules.
• - aggregate analytics. understanding how mono is used in aggregate (feature adoption, session counts, regional usage) to improve the product.
• - legal compliance. responding to valid legal requests, preserving data when required by law, and complying with applicable data protection regulations.

we do not sell your data. we do not share it with advertisers. we do not build advertising profiles, and we do not share usage profiles with third parties for targeting purposes.

5. legal bases for processing

where the gdpr applies (eu and uk residents), we rely on the following legal bases under article 6(1):

• - contract (art. 6(1)(b)). processing necessary to deliver the mono service you requested.
• - legitimate interests (art. 6(1)(f)). fraud prevention, service security, and aggregate analytics to improve the product, balanced against your privacy rights.
• - legal obligation (art. 6(1)(c)). processing required to comply with laws, court orders, or regulatory requests.
• - consent (art. 6(1)(a)). where you explicitly agree, such as accepting non-essential cookies on our website.

where the colombian ley 1581 de 2012 applies, the legal basis is your prior, express, and informed authorization given by accepting these terms and using mono.

6. data retention

mono enforces automatic data destruction. retention periods are:

• - encrypted messages and media: retained only while the conversation is active. deleted immediately when you or your partner cuts the line, and automatically after 18 hours of chat inactivity. only the last 15 messages are ever visible; older messages are permanently deleted (fifo).
• - anonymous user document: retained while your account is in active use. automatically deleted 30 days after last activity, but only if you have no active conversation (state = available and no active chat). if you are in an active conversation, your user document persists until the conversation ends.
• - public encryption keys: retained for the duration of the chat in which they are used. destroyed on deep wipe together with the conversation.
• - firebase analytics events: retained according to firebase default settings (14 months). no personally identifiable information is included.
• - cloud functions and server logs: retained for up to 30 days for debugging and abuse detection, then automatically purged by google cloud logging.
• - app check tokens: ephemeral; exist only in memory during active requests.

7. international data transfers

mono uses firebase (google cloud platform) as its primary infrastructure. data is stored and processed in google cloud data centers located in the united states.

when your data is transferred from your country to the united states, we rely on:

• - standard contractual clauses (sccs) adopted by the european commission for transfers from the european economic area and the united kingdom;
• - google cloud's data processing and security terms, which incorporate gdpr article 28 requirements for sub-processors;
• - your explicit authorization under the colombian ley 1581 de 2012 and decreto 255 de 2022 for international transfers.

because the content of your messages is end-to-end encrypted before transit, no readable personal content ever crosses borders — only encrypted ciphertext does.

8. third-party services

mono relies on the following sub-processors and third-party services:

• - google firebase (google llc and google ireland ltd.). authentication, firestore database, cloud storage, analytics, app check, and cloud functions. firebase acts as a data processor under gdpr article 28. firebase privacy & security.
• - vercel inc. hosting provider for the monochat.app website. server-side logs include ip addresses for security purposes, automatically purged. vercel does not process encrypted message content.
• - godaddy, llc. domain registrar for monochat.app. godaddy processes only domain registration information, not user data.
• - apple inc. and google llc (app stores). distribute the mono app. they may collect download and installation metrics independently of mono. we do not control or access those records.

we do not integrate third-party advertising networks, analytics sdks beyond firebase, or social platform sdks.

9. your rights

depending on where you reside, you may have the following rights over your personal data. we recognize these rights globally, regardless of your jurisdiction.

universal rights

• - right to access: request a copy of your data
• - right to rectification: correct inaccurate data
• - right to erasure / deletion
• - right to restriction of processing
• - right to object to processing
• - right to data portability (where technically feasible)
• - right to withdraw consent at any time
• - right to lodge a complaint with a supervisory authority

colombia (ley 1581 de 2012)

colombian residents have the rights to know, update, rectify, and request deletion of their personal data; to revoke authorization; and to file complaints with the superintendencia de industria y comercio (sic).

european union and united kingdom (gdpr)

eu/uk residents may exercise all rights under gdpr articles 15 through 22, including automated decision-making safeguards. complaints can be filed with your local data protection authority.

california (ccpa / cpra)

california residents have the right to know, delete, correct, and limit the use of sensitive information. mono does not sell personal data, and we do not share it for cross-context behavioral advertising. we do not discriminate against users who exercise their privacy rights.

brazil (lgpd)

brazilian residents have all rights under the lei geral de proteção de dados, including anonymization and information about shared entities.

practical consideration

because mono does not collect personal identifiers, we may be unable to associate a request with a specific user account. if you provide your anonymous user id (visible in the app's info screen) we can act on data tied to that identifier. if you have no active user id because your data has already been destroyed, there is nothing for us to access, rectify, or delete — it no longer exists.

how to exercise your rights

send a request to contact@monochat.app. we will respond within 30 days (extendable to 60 days for complex requests, with notice). we do not charge fees for reasonable requests.

10. age requirements

mono is intended exclusively for users aged 18 or older. we do not knowingly collect or process data from individuals under 18.

because the children's online privacy protection act (coppa, us), the gdpr article 8 child consent provisions (eu), the california age-appropriate design code, and similar laws target users under 13 to 18, our 18-and-over policy places mono outside the scope of these frameworks.

if we discover that a user under 18 has used mono, we will terminate the associated data and account. parents or guardians who believe a minor has used mono can contact us at contact@monochat.app and we will investigate and take action within 7 business days of receiving a verifiable request.

11. security

security is the foundation of mono. we implement the following measures:

• - end-to-end encryption (e2ee). all message content is encrypted on your device using industry-standard end-to-end encryption, including elliptic-curve key exchange and authenticated symmetric encryption. our servers see only ciphertext.
• - perfect forward secrecy (pfs). each conversation uses unique keys. when a chat is destroyed, its keys are destroyed with it. compromising your device today does not compromise past conversations.
• - hardware-backed key storage. on supported devices, private keys are stored in dedicated secure-enclave hardware, inaccessible even to compromised operating systems. on other devices, keys live in the system keychain with the strictest device-locked accessibility setting available.
• - anti-screenshot protection. the app applies platform-level safeguards to prevent screenshots and screen recordings from capturing message content. effectiveness varies across operating systems and devices.
• - device attestation. every server request is gated by a cryptographic attestation that the request originates from a legitimate mono installation, blocking bot networks and scraping attempts.
• - server-side access controls. server-side rules enforce that users can only read and write their own data and the messages of conversations they participate in.
• - rate limiting and brute-force resistance. connection attempts are rate-limited, and the connection-key keyspace is large enough that exhaustive search is cryptographically infeasible.

no system is perfectly secure. we do not warrant that the service will be free of vulnerabilities. we continuously monitor and improve our security posture.

12. data breach notification

if a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay, and within 72 hours of becoming aware, as required by gdpr article 33 and colombian law.

because message content is end-to-end encrypted, even in the unlikely event of a server compromise, the attacker would obtain only ciphertext, not readable messages.

13. cookies and web analytics (monochat.app only)

this section applies only to the monochat.app website, not to the mobile and desktop app.

• - essential cookies. required for the website to function (language preference, theme selection). cannot be disabled.
• - firebase analytics cookies. used to collect aggregate anonymized metrics about how visitors interact with monochat.app. may be rejected.

the mobile and desktop app does not use cookies. it stores preferences locally using operating-system-provided mechanisms (userdefaults on apple platforms).

14. future monetization

mono is currently free of charge, with no advertising, no subscriptions, and no in-app purchases. we reserve the right to introduce optional paid features, subscription tiers, or non-intrusive contextual advertising in the future.

any future monetization will respect the following principles:

• - no advertising personalized using your message content
• - no sale of personal data to third parties
• - any future contextual advertising would be based solely on in-app context (e.g. country or coarse region), with no sharing of identifying data beyond the technical minimum required for ad delivery
• - no weakening of end-to-end encryption
• - no removal of the data minimization principle
• - material changes will trigger a new version of this policy and reasonable notice

15. changes, governing law, and contact

changes to this policy

we may update this privacy policy periodically. the "effective date" at the top reflects the latest version. material changes will be announced via the app or website at least 30 days before taking effect. continued use of mono after the effective date constitutes acceptance of the updated policy.

governing law and jurisdiction

this privacy policy is governed by the laws of the republic of colombia, in particular ley 1581 de 2012 (habeas data), decreto 1377 de 2013, and decreto 255 de 2022. any dispute arising from this policy shall be submitted to the competent courts of medellín, antioquia, colombia, without prejudice to any mandatory consumer protection rights you may have under the laws of your country of residence.

language and translations

this privacy policy was drafted in english. translations into other languages are provided for convenience. in case of any discrepancy between the english version and a translation, the english version prevails.

contact us

for questions, requests, or concerns about this privacy policy or your data:

• - email: contact@monochat.app
• - postal: cra 36 # 18 sur 130, medellín, colombia
• - data controller: steve urrego (natural person)

we aim to respond to all requests within 30 days.