Effective 2026-05-23. Cipher version 1.0.
Summary: Cipher does not collect personal data. Cipher does not operate any backend server. Cipher does not embed any third-party SDK that initiates a network call at runtime. The following document spells this out in plain English.
Cipher is published by Zhang Jiahao operating as Atrium. Contact: jasperabundant@gmail.com.
None. The privacy nutrition label declares every category as "Data Not Collected." We have no analytics, no crash-reporting SDK, no telemetry, no tracking.
| Item | Storage | Leaves device? |
|---|---|---|
| Identity / signing private keys | iOS Keychain (this-device-only) | No. |
| Public identity keys | Your iCloud public zone | Yes — publication only, no private bytes. |
| Chat messages (ciphertext) | CloudKit Shared Zone owned by you | Yes — only as encrypted ciphertext that we cannot read. |
| Local conversation metadata (last-read timestamp, theme, etc.) | Core Data + NSPersistentCloudKitContainer (your iCloud) | Mirrored to your iCloud only. |
| PIN digest, biometric flags | iOS Keychain (this-device-only) | No. |
CloudKit relays ciphertext between your device and the contact you're chatting with. Apple's published policy applies. Apple cannot decrypt your messages because the keys never leave your device.
Cipher uses Apple's StoreKit 2. Apple processes payments and provides Cipher with a signed receipt confirming entitlement. Cipher does not store payment cards, billing addresses, or any subsequent identifying information from those receipts.
Cipher is rated 17+. It is not intended for users under 13.
Because we hold no personal data about you, there is nothing for us to export, correct, or delete on a request. To remove every piece of data Cipher has ever stored, tap "Burn all chats" in Settings.
If we materially change this policy, the new version will be published at this URL and Cipher will display an in-app notice the next time you open the app.
Email: jasperabundant@gmail.com.