Last updated: April 20, 2026
ConfiMsg ("the App", "we", "our") is a zero-knowledge encrypted messaging service. This Privacy Policy explains how we handle information when you use our Android application and website at confimsg.com.
We do not collect, store, or process:
All messages are encrypted on your device using AES-256-GCM before being transmitted. The decryption key is generated locally and embedded only in the URL fragment (the part after "#"). URL fragments are never sent to our servers by any browser or HTTP client. This means we have no technical capability to read your messages — ever.
Our servers store only:
This data is permanently deleted after the message is opened once, or after a set expiration period (default: 7 days).
We collect an anonymous device identifier solely to enforce rate limits and prevent abuse. This identifier is not linked to your identity, messages, or any personal information, and is not shared with third parties.
The App requests the following Android permissions:
We do not use any third-party analytics, advertising SDKs, or tracking services. The App does not contain ads.
Encrypted messages are automatically deleted from our servers after they are opened once (self-destruct), or after 7 days if not opened. We do not retain any personal data.
The App is not directed at children under 13. We do not knowingly collect any information from children.
We may update this Privacy Policy from time to time. Changes will be posted at https://confimsg.com/static/html/privacy.html. Continued use of the App after changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, contact us at: privacy@confimsg.com