Updated: October 2024

Privacy Policy.

Your privacy isn't an afterthought—it's the core of our architecture. We build tools designed to protect your data with absolute mathematical precision.

The Zero-Knowledge Guarantee

Toggle the switch to see exactly what leaves your device versus what our servers see.

Send me the confidential financial report.

U2FsdGVkX19a
K0z8q1/9aB9bXz
+v3R/4P9mQx8L
wPqT1+9zM=
lock AES-256-GCM Encrypted Packet
psychology

1. Core Philosophy

At NyChat, we operate under a simple, non-negotiable premise: We cannot leak, lose, or sell data that we do not possess.

Most communication platforms are built to harvest metadata, analyze conversational graphs, and monetize user attention. NyChat is engineered as the antithesis to this model. We build "hostile-architecture" for data brokers—our systems are intentionally designed to be blind to the content passing through them.

filter_alt_off

2. Data Collection (Minimization)

To provide instantaneous WebSocket connections, we require a microscopic amount of operational data. We do not collect names, email addresses, phone numbers, or social graph data.

cancel

What We Don't Collect

  • - IP Addresses (Dropped immediately)
  • - Device Fingerprints
  • - Message Content
  • - Contact Lists
check_circle

What We Process

  • - Ephemeral WebSocket IDs
  • - Encrypted binary blobs
  • - Anonymous server load metrics
enhanced_encryption

3. Cryptography

All communication within NyChat utilizes AES-256-GCM symmetric encryption. The cryptographic keys required to decrypt messages are generated locally in your browser using the Web Crypto API.

These keys are embedded in the room URL (the portion after the `#` hash). Modern browsers explicitly prevent fragments after the hash from being sent to the server. Therefore, our servers mathematically cannot read your messages.

dns

4. Infrastructure & Third Parties

NyChat does not sell, rent, or monetize your usage data under any circumstances. We operate entirely free of advertising networks.

To ensure low-latency global delivery, we utilize top-tier infrastructure providers (Sub-processors) for raw traffic routing. These providers are bound by strict Data Processing Agreements (DPAs) and only handle encrypted, obfuscated packets.

local_fire_department

5. Data Retention (The Vanish Protocol)

NyChat operates entirely In-Memory (RAM). We do not provision persistent databases for message storage.

When an active room drops to zero participants (e.g., all users close their browser tabs), the server's garbage collector instantly drops the memory pointers associated with that room's WebSocket array. The encrypted ciphertext ceases to exist immediately.

gavel

6. User Rights (GDPR & CCPA)

Because we do not attach identities to accounts or retain persistent data, compliance with "Right to be Forgotten" or "Data Portability" requests is intrinsically solved by our architecture.

By simply leaving a room, you are executing your Right to be Forgotten automatically.

Contact the Data Protection Officer

For legal inquiries, contact: privacy@nychat.com