Privacy First

Privacy Policy.

Plain English Policy · Updated April 2026

TL;DR

The Short Version

We collect almost nothing. We can't identify you. We can't read your messages. We can't recover your data. That's by design.

What We Collect

Stored Data

The server stores only what is strictly necessary for the protocol to function:

  • Opaque SHA-256 hashes used as room and access identifiers — these cannot be reversed to recover your phone number or PIN
  • AES-256-GCM ciphertext — encrypted on your device before transmission, unreadable without your credentials
  • Room metadata — active/inactive status and optional TTL expiry timers
  • Rate limiting counters — temporary, IP-based, deleted within 48 hours

No email addresses. No phone numbers. No names. No accounts. No profile data. We do not know who you are.

What We Don't Collect

Explicitly Not Collected

Real phone numbers
PINs or passwords
Plaintext messages
Encryption keys
User profiles or accounts
Contact lists
Location data
Device fingerprints
Browsing history
Usage analytics

Cookies & Storage

One session cookie is used exclusively for CSRF protection. It contains no identifying information and expires when you close your browser.

SessionStorage holds up to 6 keys during an active session: your phone, room ID, room hash, sender hash, access hash, and — if paid tiers are enabled — a random extension secret used to redeem a dedicated number. Every one of these is automatically cleared on logout, panic (/x), or room expiry.

No tracking cookies. No localStorage persistence. No fingerprinting tokens.

Analytics & Tracking

Zero third-party analytics. No Google Analytics, no Mixpanel, no Plausible, no trackers, no pixels, no external scripts of any kind.

Server-side aggregate metrics (total rooms created, total messages sent) are collected for operational monitoring only. These metrics have no individual correlation — they cannot be traced back to any user or session.

Our Content Security Policy enforces this at the browser level, blocking all external scripts.

IP Address Handling

IP addresses are used exclusively for rate limiting to prevent abuse and denial-of-service attacks. They are stored in an in-memory cache (ETS) and automatically expire within 48 hours.

IP addresses are never correlated with rooms, messages, or user activity. They are never written to the database. They are never logged to disk in production.

Third-Party Services

None. Fonts (Outfit, Inter, JetBrains Mono) are self-hosted — they ship from the same server that serves the site, so your browser makes no requests to Google, Cloudflare, jsdelivr, or any other third-party CDN on page load.

No external APIs, no cloud-hosted analytics (not even privacy-friendly ones), no advertising networks, no error-reporting services. The only network traffic your browser generates while using sTELgano is to stelgano.com.

Data Retention

Retention Schedule

Messages
Deleted on reply

Hard-deleted immediately when a reply is sent (N=1 invariant). The previous message row is permanently removed from the database in the same transaction. No deferred cleanup.

Rooms
TTL-based expiry

Rooms expire based on their configured time-to-live. An hourly job deactivates expired rooms and, in the same transaction, hard-deletes their messages and every stored (room_hash, access_hash) record.

IP Logs
48 hours maximum

Stored only in volatile memory for rate limiting. Never persisted to disk or database.

Everything Else
Not applicable

Email, phone numbers, names, profiles, chat history, encryption keys — none of these are collected, so there is nothing to retain.

GDPR / CCPA

Regulatory Compliance

sTELgano is compliant by design with GDPR, CCPA, and similar data protection regulations.

There is no personal data to request, export, or delete because we cannot identify you. No accounts exist. No user profiles exist. The data we store (hashes and ciphertext) cannot be linked to any individual.

If you believe we hold data about you, you can contact us — but we will not be able to locate it, because we have no way to associate stored hashes with a real person.

COPPA

Children's Privacy

sTELgano is not directed at children under 13. We do not knowingly collect information from children.

Because no accounts exist and no personal information is collected, there is no age verification mechanism. However, the service is designed for adults who need private communication.

Policy Changes

Changes to This Policy

Because sTELgano has no accounts and no way to contact users, policy changes are communicated through the public git repository.

Every change to this policy is tracked as a commit with a clear description of what changed and why. You can review the full history of this document at any time.

Continued use of the service after changes are published constitutes acceptance of the updated policy.

Contact

Email
Privacy Questions
wycliffogembo.dev@gmail.com
Source Code
View on GitHub
Policy change history