Secret privacy policy

Back to app page

Privacy Policy - Secret

Last updated: April 2026

The short version

Secret is designed so that we cannot read your messages. Your private content is encrypted on your device before it ever leaves it. We store the minimum possible data to make the app function, and no more.

What we collect and why

On our server, we store

  • Anonymous random ID (UUID). This identifies your account. It has no connection to your name, email address, phone number, or any personal information.
  • Public cryptographic keys. These allow your partner's device to establish a secure encrypted channel with yours. They are mathematical values, not personal data.
  • Encrypted message blobs. We cannot read these. The content is encrypted on your device using the Signal Protocol (Double Ratchet + X3DH). What reaches our server is opaque ciphertext.
  • Current mood signal (a number 1-4). This is deleted and replaced each time you update it. We do not keep a history.
  • Temporary invite codes. These include an optional short personal note you choose to attach when creating an invite. This note is plaintext and visible to our server until the invite is accepted or expires within 24 hours, after which it is deleted.
  • Standard server logs. These are retained for 30 days for security and abuse prevention.

On your device, we store

  • Private cryptographic keys. These are held exclusively in your device's secure enclave (iOS Keychain / Android Keystore). They never leave your device.
  • Display name. Stored locally only. It is never sent to our server.
  • App passcode. Stored locally only as a cryptographic hash. We cannot recover the original.
  • Encrypted message history. Stored in a locally encrypted database on your device.

We do not collect

  • Your name, email address, phone number, or any contact information
  • Your location
  • Device identifiers or advertising IDs
  • Biometric data of any kind. Face ID and Touch ID are handled entirely by your device's operating system. We never see or store biometric information.
  • Usage analytics or behavioral tracking
  • Crash reports sent to third parties

How your messages are protected

Every message is encrypted on your device using the Double Ratchet Algorithm, as used in Signal, before transmission. Only the intended recipient's device holds the private key required to decrypt it. Our server stores and relays ciphertext only, which means we are technically incapable of reading your messages.

Mood tags attached to messages are encrypted as part of the message payload. Our server never sees them.

Message retention

Messages are deleted from our servers immediately after delivery to your partner's device. If a message is not delivered within its expiry window, it is deleted automatically. We do not retain message content after delivery.

Invite codes

When you create an invite, an optional personal note you write is stored on our server in plaintext until the invite is accepted or expires. Do not include sensitive information in this note. The invite code and note are permanently deleted once used or expired.

Third parties

We do not share any data with third parties. We do not use advertising networks, analytics services, or data brokers. We do not sell data.

Push notifications, if enabled, contain no message content - only a signal that a new event has occurred. Notification delivery is handled by Apple (APNs) or Google (FCM) according to their respective privacy policies.

Data security

Private keys are stored in hardware-backed secure storage (iOS Secure Enclave / Android StrongBox where available). The local message database is encrypted with a key derived from your device's secure storage. After 10 failed passcode attempts, the app performs a local wipe of all keys and data.

Your rights

You can delete all data associated with your account by uninstalling the app and contacting us to request server-side deletion of your anonymous account record. Because your account is identified only by an anonymous UUID, you will need to provide that ID, visible in app settings, to make a deletion request.

You may also wipe your local data at any time from within the app.

Children

Secret is not directed at children under 13. We do not knowingly collect information from children under 13.

Changes

If we make material changes to this policy, we will update the date above and notify you within the app.

Contact

joeapter@gmail.com