Privacy Policy

Last Updated: January 29, 2026

At Histeeria, privacy is not an afterthought; it is our foundation. This Privacy Policy explains what data we collect, why we collect it, and—most importantly—what we cannot see due to our zero-knowledge architecture.

1. Data Minimization

We adhere to the principle of data minimization. We only collect the absolute minimum information required to operate the service. Any data that can be end-to-end encrypted (E2EE) is encrypted on your device before it ever touches our servers.

2. Information We Collect

2.1 Account Information

To create an account, you must provide:

  • A username (public).
  • An email address (private, used only for recovery and authentication).
  • A public key (used for E2EE routing, does not decrypt messages).

2.2 Encrypted Content

Your messages, private notes, and private files are encrypted on your device using AES-256-GCM before upload. We store these encrypted blobs, but we do not possess the private keys required to decrypt them. Consequently, we cannot read your private communications even if compelled by law enforcement.

2.3 Public Content

Content you explicitly post to the public feed (e.g., Articles, Statuses) is stored in plaintext or encrypted with a public key to allow global visibility. You retain the right to delete this content at any time.

2.4 Usage Data

We may collect anonymous, aggregated telemetry (e.g., app crashes, api latency) to improve system performance. We do not track user behavior across third-party sites (no advertising pixels).

3. How We Use Your Information

  • To route and deliver encrypted messages.
  • To maintain your social graph (followers/following).
  • To prevent abuse and spam (e.g., rate limiting).

4. Data Sharing & Third Parties

We do not sell your data. We use trusted infrastructure providers solely to host the service:

  • Supabase/PostgreSQL: For encrypted database storage.
  • Railway: For backend API hosting.
  • Vercel: For web application delivery.

5. Your Rights

You have the right to request a copy of your data (Export) or delete your account (Erasure) at any time through the app settings. Deletion is permanent and removes your data from our active servers immediately.

6. Contact

For privacy concerns, contact our Data Protection Officer at privacy@histeeria.com.