Skip to main content Voidlogue Privacy Policy Skip to main content

Legal

Privacy Policy

Effective: 1 April 2026 · Last updated: 1 April 2026

Short version: we store as little as possible, we cannot read your messages, and we will never sell your data. This document explains the details.

Who we are

Voidlogue is operated by Voidlogue Ltd. ("Voidlogue", "we", "our"). We build private communication tools: Conversation (ephemeral encrypted messaging) and Revelation (encrypted legacy delivery). Our services are available at voidlogue.com.

Questions: privacy@voidlogue.com

What we store — and what we don't

What we store

  • A cryptographic identity hash. When you sign in with Google, we compute SHA-256(google_sub + server_pepper) and store only this hash. We never store your email address, your Google ID, your name, or any other personally identifiable information in our database.
  • Encrypted ciphertext. Message content is encrypted in your browser before it leaves your device. We store the resulting ciphertext and IVs. We cannot decrypt them. Neither can our staff.
  • Session tokens. Standard browser session cookies to keep you signed in. These expire when you log out or after an inactivity period.
  • Subscription records. If you subscribe, we store a payment reference and your plan tier (free / personal / duo). Billing is handled by Paystack — we receive only a payment confirmation, not your card details.
  • Aggregate platform metrics. User counts, plan distributions, message volumes. No individual-level analytics.

What we do not store

  • Your email address — it exists only in your browser session and is never written to our database
  • Message content in plaintext — ever, under any circumstances
  • Your Google ID or OAuth token
  • IP addresses in application logs (request IDs only)
  • Browsing history or behavioural analytics
  • Personal security field values (Revelation) — only their SHA-256 hashes

Conversation messages

Conversation operates on an N=1 model: only one message exists per conversation at any time. When you send a reply, the previous message is permanently and irreversibly deleted from our servers. There is no message history, no inbox, and no archive. Messages that have been deleted cannot be recovered by us or by you.

Revelation messages

Revelation messages are encrypted before leaving your device and persist on our servers until explicitly deleted by the recipient after opening, or by you before delivery. We cannot read the content of any Revelation message.

The dead-hand delivery mechanism operates by sending periodic aliveness checks to your registered account. If you stop responding, a grace period begins after which delivery is triggered. This process does not involve any inspection of message content.

Who we share data with

  • Paystack — payment processing. Paystack receives your billing email and payment method. We receive only a payment confirmation reference.
  • Fly.io / DigitalOcean — infrastructure hosting. Encrypted data at rest. No access to decryption keys.
  • Google — authentication only, via OAuth2. We do not share user data with Google beyond the OAuth2 handshake.
  • Nobody else. We do not sell, rent, or share your data with advertisers, data brokers, or analytics providers.

If compelled by a valid legal process, we can provide: the identity hash of an account (not the underlying email or Google ID), the plan tier, timestamps of account creation and last active session, and encrypted ciphertext (which we cannot decrypt).

We cannot provide: message content (it is encrypted and we hold no keys), the email address associated with an account, or the identity of a user's conversation partners (we store only hashed room identifiers).

We will notify affected users of legal requests where we are legally permitted to do so.

Your rights

Under GDPR, the Nigeria Data Protection Act 2023, and the Kenya Data Protection Act 2019, you have the right to access, correct, or delete your personal data. Because we store so little, the practical exercise of these rights is straightforward:

  • Account deletion: Available from Settings → Delete Account. This permanently removes your identity hash, session tokens, subscription record, and all data associated with your account. Encrypted messages may persist briefly in infrastructure backups before being purged.
  • Data access: Contact privacy@voidlogue.com to request a summary of stored data.
  • Portability: You can export your account data from Settings.

Cookies

We use one session cookie (_voidlogue_key) to maintain your login session. No tracking cookies, advertising cookies, or third-party analytics cookies are used.

Age requirement

Voidlogue is not intended for users under 16. If you are aware of a user under 16 using our service, contact privacy@voidlogue.com.

Changes to this policy

We will post any changes to this page and update the "Last updated" date. For material changes we will notify active users via in-app notice. Continued use of the service after changes constitutes acceptance.

Contact

Privacy questions: privacy@voidlogue.com

General contact: hello@voidlogue.com