Privacy Policy

Last updated: March 23, 2026

1. Introduction

AQYL ("AQYL," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our messaging service at im.aqyl.io and our mobile applications.

Our Core Privacy Principles:

  • End-to-End Encryption: Your messages are encrypted so only you and your recipients can read them
  • Self-Hosted Infrastructure: We control our own servers and infrastructure
  • No Data Harvesting: We do not sell your data or use it for advertising
  • Minimal Data Collection: We only collect what's necessary to provide our Services

2. Information We Collect

2.1 Account Information

When you create an AQYL account, we collect:

  • Email address (for account recovery and notifications)
  • Username (your unique identifier)
  • Display name (how others see you)
  • Profile picture (optional)
  • Phone number (optional, for account verification)

2.2 Messages and Content

We cannot read your messages. All messages, media, voice notes, and shared files are protected with end-to-end encryption using AES-256-GCM encryption with ECDH P-256 key exchange. Your encryption keys are generated on your device and never leave it.

We store encrypted message data on our servers only to deliver messages to recipients. Once delivered, messages are stored on recipients' devices. Server-side message storage is temporary and encrypted.

2.3 Technical Information

To provide and improve our Services, we collect:

  • Device type and model
  • Operating system and version
  • App version
  • IP address (for security and abuse prevention)
  • Connection timestamps (when you connect/disconnect)
  • Push notification tokens (for delivering notifications)

2.4 Usage Information

We collect anonymized usage data to improve our Services:

  • Features used (not the content)
  • Performance metrics and crash reports
  • Error logs (without message content)

2.5 Location Information

We only access your location when you explicitly choose to share it with a contact. Location data is end-to-end encrypted like other messages. We do not track your location in the background.

3. How We Use Your Information

We use your information solely to:

  • Provide, maintain, and improve our messaging Services
  • Create and manage your account
  • Enable you to communicate with other users
  • Deliver messages and notifications
  • Provide customer support
  • Detect, prevent, and address technical issues, fraud, and abuse
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not:

  • Sell your personal data to third parties
  • Use your data for targeted advertising
  • Share your data with data brokers
  • Profile you for marketing purposes
  • Read or analyze your message content

4. Information Sharing

We share your information only in these limited circumstances:

4.1 With Other Users

Your profile information (display name, username, profile picture, online status) is visible to your contacts. You can control visibility settings in the app.

4.2 Service Providers

We work with limited third-party service providers for:

  • Push notification delivery (Apple APNs, Google FCM)
  • Crash reporting and analytics
  • Email delivery (for account notifications)

These providers only receive the minimum information necessary and are contractually obligated to protect your data.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request. However, because your messages are end-to-end encrypted, we cannot provide message content even if legally compelled. We can only provide:

  • Account registration information
  • Connection timestamps
  • IP addresses

We will notify you of legal requests when legally permitted and will challenge requests we believe are overly broad or unlawful.

4.4 Safety and Security

We may share information to prevent fraud, address security vulnerabilities, or protect the safety of our users.

5. Data Security

We implement strong security measures to protect your data:

  • End-to-End Encryption: Messages encrypted with AES-256-GCM
  • Key Exchange: ECDH P-256 for secure key derivation
  • Transport Security: TLS 1.3 for all network communications
  • Local Key Storage: Encryption keys stored securely on your device
  • Server Security: Self-hosted infrastructure with strict access controls
  • Password Hashing: bcrypt with high cost factor

While we implement industry-leading security practices, no system is completely secure. We cannot guarantee absolute security and are not liable for breaches beyond our reasonable control.

6. Data Retention

We retain your data only as long as necessary:

  • Account data: Until you delete your account
  • Messages: Stored temporarily on servers until delivered, then deleted
  • Connection logs: Up to 90 days for security purposes
  • Crash reports: Up to 1 year for debugging

When you delete your account, we remove your profile information and associated data from our active systems. Some data may be retained in encrypted backups for a limited period or as required by law.

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of your personal information
  • Correction: Update or correct your account information in the app
  • Deletion: Delete your account and associated data
  • Data Portability: Export your data in a portable format
  • Restriction: Request limits on how we use your data
  • Objection: Object to certain data processing
  • Withdraw Consent: Withdraw consent for optional features

To exercise these rights, go to Settings in the app or contact us at [email protected].

8. Children's Privacy

AQYL is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will delete such information.

9. International Data Transfers

AQYL operates globally. Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app, by email, or by posting a notice on our website. The "Last updated" date at the top indicates when this policy was last revised.

Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

For legal inquiries: [email protected]