Privacy Policy

Scope

Xentrop is controlled private communication infrastructure. This policy explains what Xentrop relay infrastructure is not trusted with, what operational data may still exist, and what responsibilities remain with users, devices, networks, and deployment operators.

Xentrop uses bounded privacy claims. Server-blind architecture reduces infrastructure knowledge; it does not make all metadata disappear.

What Relay Infrastructure Is Not Trusted With

• Plaintext message content
• Plaintext media or profile data
• Private keys
• A hosted production contact graph
• Plaintext message-type headers
• Hosted identity recovery capsules
• .xbk backup passwords

Residual Metadata And Operational Data

The relay and network may still observe or process operational data needed to run the service, detect abuse, deliver messages, and maintain reliability. This may include:

• IP connection timing
• Opaque mailbox access
• Encrypted blob size and traffic volume
• Push timing where push providers are used
• Service health and abuse-control events
• Call transport timing, duration, and packet cadence
• Website or support telemetry such as browser, device, and request logs

Xentrop does not claim no metadata, metadata-free communication, correlation-proof communication, or traffic-analysis immunity against a global or active network adversary.

Contact Establishment

Production contact relationships are not maintained as a readable relay-side social graph. Contacts are established intentionally through paths such as QR exchange, invite link, manual key or safety-code exchange, old-device transfer, or .xbk backup restore.

Public-cloud phone OTP may be used as an abuse-control gate during signup. It is not production contact discovery, identity recovery, or enterprise onboarding.

Account Continuity

Account continuity is user-owned. Encrypted .xbk backup and old-device transfer can preserve identity, profile, contacts, conversations, messages, calls, and environment configuration without making Xentrop a server-side recovery authority.

If a user loses both their .xbk backup and old device, Xentrop cannot recover the account for them.

Data Retention

Messages are encrypted on the sender device, stored by the relay as opaque encrypted blobs, fetched and decrypted locally by the receiver device, and deleted from the relay after successful processing. Xentrop does not maintain plaintext message archives or a hosted production contact graph.

Operational logs, abuse-control records, support records, deployment records, and website logs may be retained for security, reliability, legal compliance, and support purposes.

Law Enforcement Requests

We comply with valid legal requests for data that Xentrop actually has. Server-blind relay architecture means Xentrop cannot decrypt message content, provide plaintext media, hand over private keys, or provide a hosted production contact graph or hosted identity recovery capsule.

Depending on the request and deployment, data that may exist can include opaque encrypted blobs awaiting delivery, operational logs, support records, deployment records, website logs, abuse-control records, and records required for legal or business compliance.

Third-Party Services

Xentrop may use third-party infrastructure where needed for hosting, website delivery, analytics, crash diagnostics, support, payments, or mobile push delivery. Where push is used, wake signals are designed to be generic and content-free.

• Push providers may observe token-related delivery events and wake timing.
• Operating systems, device vendors, carriers, and networks may observe device, connection, or transport-level behavior.
• Website and support tools may process ordinary web telemetry, support communications, and request metadata.

Contact

For privacy-related inquiries, contact us at privacy@xentrop.org