ArcaneChat Terms & Privacy Policy

ArcaneChat server is designed to never collect or store any sensitive information. ArcaneChat messages cannot be accessed by us or other third parties because they are always end-to-end encrypted, private, and secure. Our Terms of Service and Privacy Policy are available below.

• Terms of Service
• Privacy Policy of ArcaneChat App
• Privacy Policy of arcanechat.me server

---

Terms of Service

ArcaneChat Messenger (“ArcaneChat”) utilizes security and end-to-end encryption to provide private messaging, and other services to users. You agree to our Terms of Service (“Terms”) by installing or using our apps, services, or website (together, “Services”).

About our services

Minimum Age. You must be at least 13 years old to use our Services. The minimum age to use our Services without parental approval may be higher in your home country.

Account Registration. To create an account you must register anonymously for our Services no private data is required, a random username and password is generated for you and kept in your ArcaneChat app.

Privacy of user data. ArcaneChat does not collect your personal data or content in any way.

Please read our Privacy Policy to understand how we safeguard the information you provide when using our Services. For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy.

Fees and Taxes. You are responsible for data and mobile carrier fees and taxes associated with the devices on which you use our Services.

Using ArcaneChat

Legal and Acceptable Use. You agree to use our Services only for legal, authorized, and acceptable purposes. You will not use (or assist others in using) our Services in ways that: (a) violate or infringe the rights of ArcaneChat, our users, or others, including privacy, publicity, intellectual property, or other proprietary rights; (b) involve sending illegal or impermissible communications such as bulk messaging.

Keeping Your Account Secure. ArcaneChat embraces privacy by design and does not have the ability to access your messages. You are responsible for keeping your device and your ArcaneChat account safe and secure. If you lose your phone and account backups, your data is lost forever.

Third-party services. Our Services may allow you to access, use, or interact with third-party websites, apps, content, and other products and services. When you use third-party services, their terms and privacy policies govern your use of those services.

Disclaimers and Limitations

Disclaimers. YOU USE OUR SERVICES AT YOUR OWN RISK AND SUBJECT TO THE FOLLOWING DISCLAIMERS. WE PROVIDE OUR SERVICES ON AN “AS IS” BASIS WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND FREEDOM FROM COMPUTER VIRUS OR OTHER HARMFUL CODE. ARCANECHAT DOES NOT WARRANT THAT ANY INFORMATION PROVIDED BY US IS ACCURATE, COMPLETE, OR USEFUL, THAT OUR SERVICES WILL BE OPERATIONAL, ERROR-FREE, SECURE, OR SAFE, OR THAT OUR SERVICES WILL FUNCTION WITHOUT DISRUPTIONS, DELAYS, OR IMPERFECTIONS. WE DO NOT CONTROL, AND ARE NOT RESPONSIBLE FOR, CONTROLLING HOW OR WHEN OUR USERS USE OUR SERVICES. WE ARE NOT RESPONSIBLE FOR THE ACTIONS OR INFORMATION (INCLUDING CONTENT) OF OUR USERS OR OTHER THIRD PARTIES. YOU RELEASE US, AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, PARTNERS, AND AGENTS (TOGETHER, “ARCANECHAT PARTIES”) FROM ANY CLAIM, COMPLAINT, CAUSE OF ACTION, CONTROVERSY, OR DISPUTE (TOGETHER, “CLAIM”) AND DAMAGES, KNOWN AND UNKNOWN, RELATING TO, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH ANY SUCH CLAIM YOU HAVE AGAINST ANY THIRD PARTIES.

Limitation of liability. THE ARCANECHAT PARTIES WILL NOT BE LIABLE TO YOU FOR ANY LOST PROFITS OR CONSEQUENTIAL, SPECIAL, PUNITIVE, INDIRECT, OR INCIDENTAL DAMAGES RELATING TO, ARISING OUT OF, OR IN ANY WAY IN CONNECTION WITH OUR TERMS, US, OR OUR SERVICES, EVEN IF THE ARCANECHAT PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR AGGREGATE LIABILITY RELATING TO, ARISING OUT OF, OR IN ANY WAY IN CONNECTION WITH OUR TERMS, US, OR OUR SERVICES WILL NOT EXCEED ONE HUNDRED DOLLARS ($100). THE FOREGOING DISCLAIMER OF CERTAIN DAMAGES AND LIMITATION OF LIABILITY WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. THE LAWS OF SOME STATES OR JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES, SO SOME OR ALL OF THE EXCLUSIONS AND LIMITATIONS SET FORTH ABOVE MAY NOT APPLY TO YOU. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN OUR TERMS, IN SUCH CASES, THE LIABILITY OF THE ARCANECHAT PARTIES WILL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

Availability of Our Services. Our Services may be interrupted, including for maintenance, upgrades, or network or equipment failures. We may discontinue some or all of our Services, including certain features and the support for certain devices and platforms, at any time.

Ending Terms

Ending these Terms. You may end these Terms with ArcaneChat at any time by deleting ArcaneChat Messenger from your device and discontinuing use of our Services. We may modify, suspend, or terminate your access to or use of our Services anytime for any reason, such as if you violate the letter or spirit of our Terms or create harm, risk, or possible legal exposure for ArcaneChat. The following provisions will survive termination of your relationship with ArcaneChat: “Disclaimers”, “Limitation of Liability”, “Availability” and “Ending these Terms”.

---

Privacy Policy of ArcaneChat App

This is the privacy policy for the ArcaneChat app. You can find the privacy policy for arcanechat.me server here.

Summary

ArcaneChat is an e-mail app that follows a strict privacy-by-design approach. All communication data remains on the end devices or on the e-mail servers selected by the user.

Requirement	Implementation
Confidentiality	End-to-end encryption by implementing Autocrypt and Verified groups. User-friendly end-to-end encryption means that the requirements of the GDPR are already implemented at the technical level, Privacy by Design.
Data minimization	No upload of contact lists from your phone.
Data avoidance	No processing of personal data, no personal data is ever sent to the ArcaneChat server.
Legal basis	There is no need to obtain consent for address book matching, Art.7 GDPR, as no address book data is transferred. Therefore, no additional legal basis is required.
Data to third parties	We only receive the token for the push notification and forward it to the provider of your operating system.
Data from third parties	Easy implementation in companies: ArcaneChat does not process personal data on behalf of the controller and therefore does not require any instruction or data processing agreement. Easy connection with the own corporate e-mail server.
DPIA	No data protection impact assessment needs to be carried out for ArcaneChat Art.35 GDPR, as no specific additional data is processed beyond the e-mail messenger process. The risk to the rights and freedoms of natural persons is limited to the internal company data processing of the e-mail communication and that of the e-mail providers.
Documentation	Inclusion of the measures implemented by ArcaneChat in the record of processing activities may have a positive impact on possible evidence, Art.30 GDPR as well as certification processes, Art.25 (4) GDPR,Art.42 GDPR. The documentation of processing activities related to Messenger communication is omitted and shifts only to the record of processing activities of your e-mail provider, Art.30(2) GDPR.

Detailed data protection information

1. Name and contact information of the data controller

Responsible for the processing of your personal data is

    Asiel Diaz Benitez
    Reichsgrafen Str. 20
    79102 Freiburg
    Germany

E-mail: adb@arcanechat.me

2. Processing when using the ArcaneChat e-mail messenger

All data is stored locally on your device or with your e-mail provider. Neither we nor ArcaneChat developers have any possibility to access the end user's data, as all communication is end-to-end encrypted. Only for the optional Push Notification (see 2.2) the Push Notification Token is processed by the ArcaneChat server.

2.1 Sign up with your e-mail provider

ArcaneChat communication works through your e-mail account. In order to establish the connection, the app needs the access data. These are only stored locally on your end device:

• e-mail address
• your password

The legal basis for the processing is Art.6 (1) lit.b GDPR, as you have a usage contract with us by using our services.

Security procedures are in place to protect the confidentiality of the data: Only the bare data needed to fulfil the user request of login are stored, encryption takes place as well as local sandboxing, see 2.3 for further details.

2.2 Heartbeat push notification

Push notifications can be sent to the user's phone at regular intervals to enable receipt of messages while the ArcaneChat app is not currently active. Current messages can then be retrieved on the end device.

In order to use push notifications, a unique identifier or token (Push Notification Token) is created after the app is downloaded and installed. This token allows ArcaneChat server to send notifications to the user's device. The token is then stored on our systems and sent to the device at regular intervals to cause the app to retrieve new messages.

2.3 Data in the app

The ArcaneChat app works in a data-saving way. All relevant data is stored exclusively on the respective end devices:

- chat histories (text messages, voice messages, media, ...).
- contacts
- settings

ArcaneChat servers have no access to this data, as data processing takes place only on the end devices.

2.4 App permissions

Within the app, you can enter, manage, and edit various information, tasks, and activities. The app also requires the following permissions:

Permission	Reason
Internet access	This is needed to send the messages to the communication partner.
Camera access	This is needed for you to take photos and send them via the app. In addition, the camera access allows you to scan QR codes.
Microphone access (optional)	This permission allows you to send voice messages.
Location access (optional)	This is needed if you want to share your location with a communication partner.
Contact access (optional)	This allows you to load and save contacts from your phone book into the app. The contact data is stored locally in the app and not forwarded and stored on ArcaneChat server.
Storage (optional)	You can save images and files from the app to your device.

The processing and use of the above permissions are performed to provide the service. The internet access is necessary for the use, therefore the legal basis of the processing is Art.6 (1) lit.a GDPR, as you have a usage contract with us by using our services.

The optional permissions only take place based on your consent according to Art.6 (1) lit.a GDPR and can also be reduced to individual services, e.g. only internet usage to send messages without pictures or location data. ArcaneChat does not receive any access to this data.

3. Platform dependent processing

Certain information is already processed automatically as soon as you use the app. We have listed below which personal data is processed exactly:

When you download the app, certain required information is transmitted to the app store you use ( e.g. Google Play or Apple App Store), in particular the username, the email address, the customer number of your account, the time of the download, payment information as well as the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.

For the rest, we refer to the data protection policies of the respective app store providers or responsible parties of the operating systems. We do not collect and/or process any other data.

Your personal data will not be transferred to third parties for purposes other than those listed below.

4. Rights of the data subject

As a data subject of a processing of personal data, you have the right to

1. request information about your personal data processed by us in accordance with Art.15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
2. in accordance with Art.16 GDPR of the GDPR, immediately request the correction of inaccurate or incomplete personal data stored by us;
3. pursuant to Art.17 GDPR of the GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
4. pursuant to Art.18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art.21 GDPR;
5. pursuant to Art.20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
6. in accordance with Art.7 (3) GDPR, to revoke your consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
7. complain to a supervisory authority in accordance with Art.77 GDPR of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace.

5. Up-to-dateness and modification of this data protection declaration

This data protection declaration is valid as of January 2025. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to revise this data protection declaration from time to time.

---

Privacy Policy of arcanechat.me server

Summary: No personal data asked or collected

ArcaneChat server neither asks for nor retains personal information. ArcaneChat server exist to reliably transmit (store and deliver) end-to-end encrypted messages between user's devices running the ArcaneChat messenger app.

ArcaneChat server:

• unconditionally removes messages after 20 days,

• prohibits sending out un-encrypted messages,

• does not store Internet addresses ("IP addresses"),

• does not process IP addresses in relation to email addresses.

Due to the resulting lack of personal data processing this server may not require a privacy policy.

Nevertheless, we provide legal details below to make life easier for data protection specialists and lawyers scrutinizing the server's operations.

1. Name and contact information

Responsible for the processing of your personal data is: Asiel Diaz Benitez

E-mail: adb@arcanechat.me

2. Processing when using ArcaneChat services

We provide services optimized for the use from ArcaneChat apps and process only the data necessary for the setup and technical execution of message delivery. The purpose of the processing is that users can read, write, manage, delete, send, and receive chat messages. For this purpose, we operate server-side software that enables us to send and receive messages.

We process the following data and details:

• Outgoing and incoming messages (SMTP) are stored for transit on behalf of their users until the message can be delivered.

• E-Mail-Messages are stored for the recipient and made accessible via IMAP protocols, until explicitly deleted by the user or until a fixed time period is exceeded, (usually 4-8 weeks).

• IMAP and SMTP protocols are password protected with unique credentials for each account.

• Users can retrieve or delete all stored messages without intervention from the operators using standard IMAP client tools.

• Users can connect to a "realtime relay service" to establish Peer-to-Peer connection between user devices, allowing them to send and retrieve ephemeral messages which are never stored on the ArcaneChat server, also not in encrypted form.

2.1 Account setup

Creating an account happens in one of two ways on our mail servers:

• with a QR invitation token which is scanned using the ArcaneChat app and then the account is created.

• by letting ArcaneChat otherwise create an account and register it with a arcanechat.me mail server.

In either case, we process the newly created email address. No phone numbers, other email addresses, or other identifiable data is currently required. The legal basis for the processing is Art. 6 (1) lit. b GDPR, as you have a usage contract with us by using our services.

2.2 Processing of E-Mail-Messages

In addition, we will process data to keep the server infrastructure operational for purposes of e-mail dispatch and abuse prevention.

• Therefore, it is necessary to process the content and/or metadata (e.g., headers of the email as well as smtp chatter) of E-Mail-Messages in transit.

• We will keep logs of messages in transit for a limited time. These logs are used to debug delivery problems and software bugs.

In addition, we process data to protect the systems from excessive use. Therefore, limits are enforced:

• rate limits

• storage limits

• message size limits

• any other limit necessary for the whole server to function in a healthy way and to prevent abuse.

The processing and use of the above permissions are performed to provide the service. The data processing is necessary for the use of our services, therefore the legal basis of the processing is Art. 6 (1) lit. b GDPR, as you have a usage contract with us by using our services. The legal basis for the data processing for the purposes of security and abuse prevention is Art. 6 (1) lit. f GDPR. Our legitimate interest results from the aforementioned purposes. We will not use the collected data for the purpose of drawing conclusions about your person.

3. Processing when using our Website

When you visit our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted (usually 7 days):

• used type of browser,

• used operating system,

• access date and time as well as

• country of origin and IP address,

• the requested file name or HTTP resource,

• the amount of data transferred,

• the access status (file transferred, file not found, etc.) and

• the page from which the file was requested.

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. Our hoster will process your data only to the extent necessary to fulfill its obligations to perform under our instructions. In order to ensure data protection-compliant processing, we have concluded a data processing agreement with our hoster.

The aforementioned data is processed by us for the following purposes:

• Ensuring a reliable connection setup of the website,

• ensuring a convenient use of our website,

• checking and ensuring system security and stability, and

• for other administrative purposes.

The legal basis for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest results from the aforementioned purposes of data collection. We will not use the collected data for the purpose of drawing conclusions about your person.

4. Transfer of Data

We do not retain any personal data but e-mail messages waiting to be delivered may contain personal data. Any such residual personal data will not be transferred to third parties for purposes other than those listed below:

a) you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,

b) the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

c) in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as

d) this is legally permissible and necessary in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you,

e) this is carried out by a service provider acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 (1) GDPR) and with whom we have concluded a corresponding contract on commissioned processing (Art. 28 (3) GDPR), which obliges our contractor, among other things, to implement appropriate security measures and grants us comprehensive control powers.

5. Rights of the data subject

The rights arise from Articles 12 to 23 GDPR. Since no personal data is stored on our servers, even in encrypted form, there is no need to provide information on these or possible objections. A deletion can be made directly in the ArcaneChat email messenger.

If you have any questions or complaints, please feel free to contact us by email: adb@arcanechat.me

As a rule, you can contact the supervisory authority of your usual place of residence or workplace.

6. Validity of this privacy policy

This data protection declaration is valid as of January 2025. Due to the further development of our service and offers or due to changed legal or official requirements, it may become necessary to revise this data protection declaration from time to time.