Privacy Policy
Last updated: March 2026
At NoTrace, privacy is not a feature—it is our fundamental architecture. We believe your digital existence should remain yours alone, untracked and unlogged.
1. The "No-Data" Guarantee
We log interaction metadata (like "message sent" or "room created") using non-identifiable session IDs to prevent platform abuse. Our systems are designed to process temporary communication without ever knowing who you are or what you are saying.
We do not collect names, email addresses, phone numbers, or any form of PII. Nicknames are transient and exist only within the scope of a single session.
We do not log your IP address, browser user-agent, or geolocation. Your physical and digital location remains masked from our infrastructure.
2. Ephemeral Architecture
Communication is handled via temporary chat "rooms" which are stored in a volatile state and wiped completely after 24 hours. Messages exist in volatile memory and are purged aggressively to ensure no permanent record is created.
Data is stored in a real-time state synchronizer. Once a room expires or is manually "killed," all associated cryptographic keys and message histories are wiped.
When participants leave a room, our systems automatically trigger a cleanup process to remove local identifiers and presence data from the global state.
3. Local-First Security
Your communication is secured using industry-standard protocols. Security occurs at the edge—your device—ensuring that intermediate servers only see encrypted noise.
All messages are encrypted locally using AES-256-GCM. Because the key is derived from the room code, even the database administrator cannot read your messages—only those in the room with the "code" can decrypt them.
4. No Tracking / No Cookies
We do not use tracking pixels, analytics engines, or third-party advertising scripts. NoTrace uses zero persistent cookies. The only data stored on your device is strictly necessary for current session synchronization.