Privacy Policy

Last updated: April 5, 2026

Dark Castle Group, LLC ("we", "our", or "us") operates the Sipher mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

1. Information We Collect

We collect information that you provide directly to us when you:

• Create an account: Email address, username, and password (hashed and salted using industry-standard algorithms)
• Set up your profile: Phone number, birthday, gender, avatar image, bio, and social media links (all optional)
• Communicate: Messages, voice notes, photos, videos, and documents you send through the App
• Make calls: Call metadata such as call duration, call type (audio or video), and timestamps. We do not record or store the content of your calls
• Leave voicemails: Audio recordings you choose to leave when a call is not answered, along with automated transcriptions
• Share your location: Precise GPS coordinates when you choose to share your live location with specific contacts
• Post stories: Photos, videos, text, and voice recordings you share as stories, visible to your contacts for 24 hours
• Play games: Game selections and interactions within in-chat games (Game Station)
• Use the camera: Photos and videos captured using the in-app camera, including any edits, filters, or crops applied before sending
• Customize your experience: Chat wallpaper selections, ringtone preferences, theme settings, and notification preferences

2. End-to-End Encryption

Sipher uses end-to-end encryption (ECDH P-256 key exchange with AES-256-GCM) for all messages, voice notes, and media shared between users. This means:

• Only you and the intended recipient(s) can read your messages
• We cannot access the content of your encrypted communications
• Encryption keys are generated on your device and never leave it
• Each conversation uses unique encryption keys
• Group chat messages are encrypted for each participant individually

Certain features require server-side processing and are therefore not end-to-end encrypted. These include: AI assistant conversations, voicemail recordings, voicemail transcriptions, story content, and voice translation requests. We clearly identify which features operate outside of E2E encryption.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App and its features
• Create and manage your account
• Facilitate communication between users, including message delivery, calls, and voicemail
• Process and deliver voicemail transcriptions
• Enable real-time voice translation when requested
• Power the AI assistant feature
• Send push notifications about messages, calls, contact requests, and voicemails
• Detect and prevent fraud, abuse, or violations of our Terms of Service
• Comply with legal obligations

4. Voice and Video Calls

Sipher supports voice and video calls between users. Key points about call data:

• Call audio and video streams are transmitted peer-to-peer using WebRTC when possible, or relayed through our servers when a direct connection cannot be established
• We do not record, store, or have access to the audio or video content of your calls
• Call metadata (participants, duration, call type, and timestamps) is stored to display your call history
• Real-time call captions are processed locally and are not stored on our servers
• You can delete your call history at any time

5. Voicemail

When a call is not answered, you may choose to leave a voicemail. Key points about voicemail data:

• Voicemail audio recordings are stored on our servers so the recipient can listen to them
• Voicemails are not end-to-end encrypted, as they must be stored on our servers for delivery
• Voicemails are automatically transcribed using third-party AI services (OpenAI) to provide text versions for convenience
• You can delete voicemails at any time

6. Location Sharing

Sipher offers a live location sharing feature that allows you to share your precise GPS coordinates with specific contacts in real time. Key points about location data:

• Location sharing is always opt-in — your location is never collected or shared without your explicit action
• You choose the duration for each sharing session (15 minutes, 1 hour, 8 hours, or indefinitely)
• You can stop sharing your location at any time, and you can pause all active location shares
• Location data is stored on our servers only while actively sharing and is deleted when the sharing session ends or expires
• Only the specific users you choose to share with can see your location
• Location coordinates are transmitted to our servers to relay to your chosen contacts
• Maps are rendered using Apple Maps; Apple's privacy policy governs the mapping service

7. Stories

Sipher allows you to post stories (photos, videos, text, and voice recordings) visible to your contacts. Key points about stories:

• Stories are automatically deleted from our servers after 24 hours
• Stories are visible only to users you have added as contacts
• You can delete any story at any time before it expires
• Story media (photos, videos, voice recordings) is stored on our servers for the 24-hour duration
• Stories are not end-to-end encrypted
• You can see who has viewed your story
• Story replies are handled as regular encrypted messages

8. In-Chat Games (Game Station)

Sipher includes interactive games that you can play with other users within a chat. Key points about game data:

• Game interactions (moves, selections, and results) are transmitted as messages within your conversation
• Game data shared between users is encrypted in the same manner as regular messages
• No game data is used for advertising, profiling, or analytics purposes
• Games do not collect any additional personal information beyond what is described in this policy

9. Camera and Photo Editing

Sipher includes an in-app camera with photo editing tools (filters and cropping). Key points:

• Photos and videos are captured and processed locally on your device
• Filters and crop edits are applied on your device before any data is transmitted
• We do not access your device's photo library unless you choose to select a photo to send or set as a wallpaper
• Camera access requires your explicit permission and can be revoked at any time through your device settings
• No facial recognition, biometric scanning, or biometric data collection is performed by the camera or photo editing features

10. Voice Translation

When you use the voice translation feature, your voice recordings are temporarily processed to provide translation services. Voice data is processed in real-time and is not stored permanently on our servers. Translation is powered by third-party AI services, and only the text content (not your voice recording) is sent for translation.

11. AI Assistant

The Sipher AI assistant uses OpenAI's API to process your queries. Key points:

• Messages sent to the AI assistant are processed by OpenAI according to their data usage policies
• Conversations with the AI assistant are not end-to-end encrypted, as they must be processed by the AI service
• AI conversations are stored on our servers and can be deleted at any time by clearing your chat history
• We do not use your private messages with other users to train or improve AI models

12. Private Vault and Hidden Chats

Sipher offers privacy features to protect sensitive conversations:

• Hidden chats can be locked behind a PIN or biometric authentication (Face ID / Touch ID)
• The Private Vault allows you to store chats, photos, videos, and documents behind password protection
• Vault passwords are stored securely and are not accessible to us
• Biometric data used for authentication (Face ID / Touch ID) is processed entirely by your device's operating system — we never receive, store, or transmit biometric data

13. Push Notifications

Sipher uses push notifications to alert you about new messages, incoming calls, contact requests, and voicemails. Key points:

• Push notification tokens are stored on our servers to deliver notifications to your device
• Notification content may include the sender's name but does not include message content for encrypted conversations
• Push notifications are delivered via Expo Push Notification Service and Apple Push Notification Service (APNs)
• You can disable push notifications at any time through your device settings or within the App

14. Disappearing Messages and Self-Destruct

Sipher supports invisible ink messages and self-destructing messages. When a message is set to self-destruct, it is permanently deleted from our servers and both devices after the specified time period. Invisible ink messages remain blurred until the recipient taps to reveal them.

15. Screenshot Alerts

Sipher may notify users when a screenshot is taken within certain conversations. This feature is designed to protect the privacy of shared content. No screenshot images are captured, stored, or transmitted by us — only a notification that a screenshot event occurred.

16. Third-Party Services

We use the following third-party services:

• OpenAI: Powers the AI assistant, voicemail transcription, and voice translation features
• RevenueCat: Manages subscriptions and in-app purchases
• Expo: App development framework and push notification delivery
• Apple Maps: Provides mapping and location display services
• Apple Push Notification Service (APNs): Delivers push notifications to iOS devices

Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their policies.

17. Data Storage and Security

We store your data on secure servers with industry-standard security measures, including:

• Encrypted databases for account information and metadata
• End-to-end encryption for message content, ensuring it cannot be read by us even if our servers were compromised
• Secure password hashing using industry-standard algorithms
• HTTPS/TLS encryption for all data transmitted between your device and our servers
• Regular security assessments and updates

18. Data Retention

We retain your data according to the following schedule:

• Account data: Retained for as long as your account is active
• Messages: Stored until you or the recipient deletes them
• Self-destructing messages: Permanently deleted after the specified time period
• Stories: Automatically deleted after 24 hours
• Live location data: Deleted when the sharing session ends or expires
• Voicemails: Stored until deleted by the recipient
• Call history: Stored until you delete it
• Account deletion: When you delete your account, all associated data is permanently removed from our servers within 30 days

19. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and all associated data
• Control your privacy settings (hide email, phone, birthday, online status)
• Stop sharing your location at any time
• Delete your stories, messages, voicemails, and call history at any time
• Block and unblock other users
• Export your data upon request
• Opt out of optional features like AI assistant, voice translation, or location sharing

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of your personal information. We do not sell your personal information.

20. Children's Privacy

Sipher is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at support@sipherapp.com so we can take appropriate action.

21. International Users

If you are accessing Sipher from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located. By using the App, you consent to the transfer of your information to the United States and acknowledge that data protection laws in the United States may differ from those in your country of residence.

22. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the "Last updated" date. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

23. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

• Email: support@sipherapp.com
• Website: sipherapp.com