ChatIt · Privacy Policy

Privacy Policy

Last updated: May 5, 2026 · Effective date: May 5, 2026

This Privacy Policy explains what data ChatIt collects, how we use it, and the rights you have over it. We've tried to write this in plain language. If anything is unclear, email us at support@chat-it.net.

The short version: Your messages are end-to-end encrypted and we cannot read them. We collect the minimum information needed to run the service (your username, encrypted message data, device tokens for notifications) plus standard advertising identifiers because the app is supported by ads. We don't sell your personal data.

1. Who we are

"ChatIt," "we," "us," and "our" refer to the operator of the ChatIt mobile application and the website at chat-it.net. We are based in Israel.

For all privacy-related questions, requests, and complaints, contact support@chat-it.net.

2. What data we collect

2.1 Account information

When you create an account, we collect:

Username — the identifier you choose (in the form @username:global.chat-it.net).
Password — stored only as a salted hash; we never see your actual password.
Display name and avatar — if you set them. These are optional and visible to people you chat with.
Recovery email or phone number — only if you choose to add one in Settings.

2.2 Messages and content you send

ChatIt uses the Matrix protocol with end-to-end encryption (Olm/Megolm) for one-on-one and private chats. Messages, voice notes, images, and other media you send in encrypted rooms are encrypted on your device before they reach our servers. We store only the encrypted ciphertext; we cannot decrypt or read this content.

For unencrypted public rooms (if you choose to join one), message content is stored on our server in readable form and is visible to all members of the room.

2.3 Technical and device data

IP address — temporarily logged by our servers for security and abuse prevention; logs are deleted after 30 days.
Device push token — sent to Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver notifications. The token does not include the message content; only an encrypted notification.
Device model, OS version, and app version — to help us debug issues.
Crash reports — if a crash occurs, anonymous diagnostic data may be sent so we can fix it.

2.4 Advertising data (Google AdMob)

ChatIt is supported by ads served by Google AdMob. AdMob may collect:

Your device's advertising identifier (IDFA on iOS, Advertising ID on Android), if you have not opted out.
IP address, approximate location (derived from IP), device type, and ad interaction data.

Google uses this information to show ads and measure ad performance. You can opt out of personalized advertising in your device's privacy settings (iOS: Settings → Privacy → Tracking; Android: Settings → Google → Ads). Google's privacy policy: policies.google.com/privacy.

3. How we use your data

We use the data above to:

Operate the messaging service (deliver your messages, sync across devices, send notifications).
Authenticate you and keep your account secure.
Prevent abuse, spam, and violations of our Terms.
Diagnose crashes and improve the app.
Show ads and measure their performance (via AdMob).
Respond to your support requests.
Comply with legal obligations.

4. Apple App Store Privacy summary

For Apple's privacy nutrition label, the data we collect breaks down as follows:

Data type	Used for	Linked to you?	Used to track you?
User ID (username)	App functionality	Yes	No
Email or phone (optional, recovery only)	Account, support	Yes	No
User content (encrypted messages, voice, photos)	App functionality	Yes (encrypted; we cannot read)	No
Diagnostics (crashes, performance)	App functionality	No	No
Advertising data & identifiers (AdMob)	Third-party advertising	Yes	Yes (if you allow tracking)
IP address (server logs, 30 days)	Security, fraud prevention	Yes	No

5. Google Play Data Safety summary

For Google Play's Data Safety section:

Data collected: User ID, optional email/phone, encrypted message content, photos and voice recordings (encrypted), device IDs, advertising ID, crash logs, IP address.
Data shared with third parties: Advertising ID and ad-interaction data are shared with Google AdMob.
Data is encrypted in transit: Yes — all communication uses HTTPS/TLS.
End-to-end encryption: Yes — for one-on-one and private chats.
You can request data deletion: Yes — see Section 8.

6. Who we share data with

We share data only with the following service providers, and only as needed to run the app:

Apple Push Notification service (APNs) — to deliver push notifications on iOS.
Firebase Cloud Messaging (Google) — to deliver push notifications on Android.
Google AdMob — to serve advertisements.
Hosting provider — our servers run on infrastructure that hosts the encrypted data.
Law enforcement — only when legally compelled and only data we actually have (we cannot hand over content of encrypted messages, because we cannot read them).

We do not sell your personal information to anyone.

7. How long we keep data

Account data: until you delete your account.
Messages: kept on the server (encrypted) until you delete them or your account.
Server logs (IP, request data): 30 days.
Push tokens: until your device unregisters, or up to 90 days of inactivity.
Backups: rotated and overwritten within 30 days.

8. Your rights and how to delete your account

You can:

Access your account data — email support@chat-it.net from the email tied to your account, if any, or send a request from inside the app.
Correct your display name, avatar, and other profile data anytime in Settings.
Delete individual messages, or your entire account, from inside the app (Settings → Account → Deactivate account) or via our web form: chat-it.net/chatit/delete-account.html.
Object to advertising tracking — disable Allow Apps to Request to Track (iOS) or opt out of personalized ads (Android).
Withdraw consent at any time by deleting the app and your account.

Account deletion removes your account and associated personal data within 30 days. Encrypted message data sent to other users will remain on their devices unless they also delete it.

9. EU/EEA, UK, and California users

If you are in the EU/EEA or UK: Our legal bases under GDPR are (a) performance of contract — to provide the messaging service, (b) legitimate interests — security and abuse prevention, (c) consent — for advertising tracking, and (d) legal obligation. You have the rights of access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local supervisory authority.

If you are in California (CCPA/CPRA): You have the right to know, delete, correct, and limit the use of sensitive personal information, and to opt out of "sale" or "sharing" of personal information. We do not sell personal information. Some advertising activity may qualify as "sharing" under California law; you can opt out via your device's tracking settings.

10. Children's privacy

ChatIt is not intended for children under 17. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13 without verifiable parental consent, we will delete it promptly. Parents or guardians who believe their child has provided us with information should contact support@chat-it.net.

11. International data transfers

Our servers are located in Europe. If you use ChatIt from another country, your data will be transferred to and processed in the country where our servers are located. Where data is transferred from the EU/EEA, we rely on the European Commission's adequacy decisions or standard contractual clauses.

12. Security

We protect your data using:

End-to-end encryption for message content (Olm/Megolm).
TLS encryption for all data in transit.
Encrypted storage on the server side.
Password hashing with industry-standard algorithms.
Restricted server access and regular security updates.

No system is perfectly secure. If we ever suffer a breach affecting your data, we will notify you and the relevant authorities as required by law.

13. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "Last updated" date at the top of this page and, for significant changes, notify you in the app. Continued use of ChatIt after the update means you accept the new policy.

14. Contact

For privacy questions, data requests, or complaints:

Email: support@chat-it.net
Web: chat-it.net
Postal mail: available on request via email.