Data Retention Policy

C0mmun1ate is designed with the belief that the best way to protect user data is not to collect it in the first place. We retain only the minimal data necessary to operate the platform securely and reliably. Whenever possible, we give users full control over their data and offer ephemeral, decentralized storage consistent with the principles of end-to-end encryption and data sovereignty.

This Data Retention Policy outlines what data we retain, for how long, and why.

What We Do Not Retain

We do not retain the following:

  • Message content (messages, files, media) – these are end-to-end encrypted and stored only on the devices of communicating parties or in encrypted form on servers for delivery (if not yet received).

  • Contact lists – we do not upload or store your contacts.

  • Communication metadata – we do not log who you talk to, when, or for how long.

  • Message logs or backups – we do not create or access message archives.

Data We May Temporarily Retain

To provide reliable and secure communication, we may temporarily retain the following data:

Data TypePurposeRetention Period

IP address (temporary logs) Abuse prevention, spam defense Up to 30 days

Account creation timestamp Service records, anti-fraud Until account deletion

Server logs (anonymized) Service health, diagnostics Up to 14 days

Push notification tokens Enable mobile notifications Until disabled or removed by user

We do not link IP addresses to user identity beyond operational necessity, and never for marketing or tracking purposes.

User-Controlled Data Retention

Users and R00M administrators can control how long messages persist within R00MS. C0mmun1cate support:

  • Self-destructing messages (if enabled-feature coming soon)

  • R00M-based retention settings

  • Message redaction by users or admins

  • Encrypted storage of messages, with keys stored only on the user's device

When a user deletes their account, all associated data on our server (e.g., identity keys, profile info, stored media) is permanently erased. This action is irreversible.

Retention for Legal Compliance

We may be required to retain certain data under applicable laws, such as:

  • Legal hold in the event of a valid court order

  • Fraud or abuse investigations

  • Regulatory obligations (e.g., in jurisdictions requiring minimal service logs)

However, due to our data minimization practices, our ability to comply with such requests is highly limited. We do not retain message content or communication logs and will clearly explain the scope of what we can provide in response to lawful requests (see Law Enforcement Guidelines).