BlindPost

Privacy Policy

Effective Date: March 21, 2026

Introduction

BlindPost ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use the BlindPost application. Our core principle is simple: we cannot read your messages, and we collect as little data as possible.

Information We Do NOT Collect

  • We do not collect your name, email address, or phone number.
  • We do not have access to the content of your messages — all messages are end-to-end encrypted using X25519 key exchange and AES-256-GCM.
  • We do not store your private keys on our servers. Your Ed25519 private key is generated and stored only on your device.
  • We do not track your location or access your contacts.
  • We do not use cookies or third-party analytics trackers.

Information We Store

  • Public Keys: Your Ed25519 public key is stored on relay servers to enable message routing.
  • Encrypted Message Blobs: Messages are stored as encrypted, opaque blobs on relay servers. We cannot decrypt or read these blobs.
  • Basic Metadata: Minimal routing metadata necessary for message delivery (e.g., timestamps). We strive to minimize metadata collection.

End-to-End Encryption

BlindPost uses the Blind Post protocol. All messages are encrypted on your device before transmission using X25519 key exchange and AES-256-GCM encryption. Relay servers handle only encrypted blobs and cannot read message content, identify senders, or determine recipients. This is a zero-knowledge architecture.

Data Sharing

We do not sell, trade, or share your data with third parties. Since we cannot access the content of your messages, there is nothing meaningful to share. We may only disclose information if required by law, but even then, we can only provide encrypted blobs that we cannot decrypt.

Data Security

Your security is our top priority. Your private key never leaves your device. All communication is encrypted end-to-end. Our servers are designed with a zero-knowledge architecture — they relay encrypted data without the ability to decrypt it.

Children's Privacy

BlindPost is not intended for use by children under 13. We do not knowingly collect any personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Your continued use of BlindPost after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

[email protected]