Legal

Privacy Policy

Effective date: 2026-06-06  ·  QRYPTUS

About QRYPTUS

QRYPTUS is a private peer-to-peer encrypted messaging application. It requires no account, no phone number, and stores no messages on any server. This policy describes what information is involved in operating the service and how it is handled.

Contact for privacy questions: info@qryptus.com

What we do NOT collect

QRYPTUS does not collect, store, or process any of the following:

  • Name, email address, or phone number
  • Account credentials — no registration is required
  • Message content — messages travel peer-to-peer and never pass through or are stored on our servers
  • Device identifiers, advertising IDs, or location data
  • Browsing history or usage analytics

What stays on your device

The following data is generated and stored locally on your device only. QRYPTUS servers never have access to it.

  • Cryptographic key pair — generated on first launch, stored in your device's secure storage. Your identity is derived from this key.
  • Passkey credential — stored in your device's secure enclave (Face ID / fingerprint). Never transmitted to our servers.
  • Message history (Basic and Advanced modes) — stored encrypted on your device's local storage. In Paranoid mode, no message history is retained.

Our signaling server

To establish a peer-to-peer WebRTC connection, our signaling server temporarily handles connection negotiation data:

  • Session room codes used to match peers
  • SDP offers, answers, and ICE candidates needed to set up the connection

This data is ephemeral. It is used only to introduce peers to each other and is not logged, stored, or associated with any identity. Once the peer connection is established, all communication bypasses the signaling server entirely.

Third-party services

QRYPTUS uses the following external services. Each may receive your IP address as a result of normal network requests.

Google Fonts
Typography resources are loaded from fonts.googleapis.com. Google may log your IP address when serving font files. See Google's Privacy Policy.
ANU Quantum Random Number Generator (QRNG)
QRYPTUS uses the Australian National University QRNG API (qrng.anu.edu.au) as a quantum entropy source for cryptographic key generation. Requests may include your IP address. See ANU's Privacy Policy.
WebRTC STUN servers
Peer-to-peer connection setup uses STUN (Session Traversal Utilities for NAT) servers to determine network paths. During this process, your IP address may be visible to STUN servers and exchanged with the peer you are connecting to. This is inherent to how WebRTC P2P works.

Cookies and tracking

QRYPTUS does not use cookies, analytics trackers, advertising trackers, or tracking pixels of any kind.

Data retention

We do not store personal data on our servers. Any data stored by the app resides on your device and is under your control. You can delete it at any time by clearing the app's site data or uninstalling the app.

Children's privacy

QRYPTUS is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through this service, please contact us and we will take steps to remove it.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of QRYPTUS after changes are posted constitutes acceptance of the updated policy.

Contact

If you have any questions or concerns about this Privacy Policy, please contact us:

info@qryptus.com