Privacy Policy

Xent is designed with privacy as the core principle. Unlike most applications, we minimize data collection to the absolute essential: **We DO NOT collect:** - Your real name or identity - Phone numbers or email addresses - IP addresses or location data - Message contents or metadata - Contact lists or social graphs - Usage patterns or analytics - Device identifiers or fingerprints **Our zero-knowledge architecture means:** - We cannot read your messages - We cannot see who you communicate with - We cannot track your transfers - We cannot provide your data to third parties because we don't have it

We collect only the minimum information necessary to provide our service: **Account Creation:** - A randomly generated user ID - Your encrypted public key - Your chosen username (optional, can be random) **Service Operation:** - Encrypted message delivery timestamps (deleted after delivery) - Aggregated, anonymized usage statistics (number of messages sent, not content or recipients) All data is encrypted end-to-end and we do not have access to plaintext information.

The limited information we collect is used solely for: - Delivering encrypted messages to intended recipients - Maintaining service reliability and uptime - Preventing abuse and spam (using privacy-preserving techniques) - Improving our service through aggregated, anonymized metrics We NEVER use your information for: - Advertising or marketing - Selling to third parties - Profiling or tracking - Any purpose other than providing our core service

**Encryption:** All data is encrypted using industry-standard AES-256 encryption. Messages are encrypted end-to-end using the Signal Protocol, meaning only you and your intended recipient can read them. **Storage:** - Messages are stored only temporarily until delivered, then deleted from our servers - Your private keys never leave your device - Backups are encrypted client-side before upload **Infrastructure:** - Our servers are distributed globally with no single point of failure - We use secure, audited data centers - All connections are encrypted with TLS 1.3

We minimize the use of third-party services. When necessary, we select partners who share our commitment to privacy: **We DO NOT use:** - Google Analytics or any tracking services - Facebook SDK or social media integrations - Advertising networks - Third-party crash reporting that collects personal data **Limited third-party usage:** - Content delivery networks (CDN) for faster app updates - Push notification services (with encrypted payload)

Due to our zero-knowledge architecture, we have minimal ability to respond to law enforcement requests: **What we CAN provide:** - Confirmation of whether an account exists - Account creation date (approximate) - Last connection date (approximate) **What we CANNOT provide:** - Message contents (encrypted, we don't have keys) - Contact lists or communication patterns - Transfer details or transaction history - Real identity of users - IP addresses (not logged) We will challenge any request we believe is overbroad or unlawful. We publish a transparency report annually.

You have complete control over your data: **Right to Access:** You can export all your data at any time through the app settings. **Right to Delete:** Delete your account and all associated data permanently. Due to our architecture, this is immediate and irreversible. **Right to Portability:** Export your data in standard formats. **No Account Required:** You can use most features without creating an account.

Xent is not intended for use by children under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us with information, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any changes by: - Posting the new Privacy Policy in the app - Updating the "Last Updated" date - Sending an in-app notification for significant changes Your continued use of Xent after changes constitutes acceptance of the new policy.

If you have questions about this Privacy Policy or our privacy practices: **Email:** privacy@xent.app **PGP Key:** Available on our website **Secure Contact:** Through the Xent app directly We respond to all privacy-related inquiries within 48 hours.