Privacy Policy

Last updated: 14 June 2026

Ninja Messenger is built on a simple principle: the best way to protect your data is to never collect it. This policy explains what that means in practice — what we do not gather, what stays on your device, and the few narrow cases where any data is touched at all.

1. No account, no identity collection

Ninja Messenger requires no phone number, no email address, and no sign-up. Your identity is a private @name generated and stored on your own device. We do not maintain a central user database, because there is no account for us to store.

2. What stays on your device

The following never leave your device in readable form:

Your cryptographic identity keys (Ed25519, X25519, and ML-KEM post-quantum keys)
Your message content, which is end-to-end encrypted before transmission
Your contacts, conversation history, and Ghost Mode ephemeral keys
Your recovery phrase, which is shown only to you and never transmitted

3. Message transmission

Messages are sealed on your device and routed peer-to-peer or through relay infrastructure to reach their recipient. Relays move encrypted data only; they cannot read message content, and we do not retain message logs. Relay operators may process transient connection metadata (such as ephemeral routing identifiers) solely to deliver a message, and this is not stored after delivery.

4. Optional VPN passes

If you purchase a VPN pass, your traffic is routed through servers we operate for the duration of that pass. We operate these on a no-logs basis: we do not record browsing history, destinations, or traffic content. Bandwidth is metered only to enforce the pass duration you purchased.

5. Payments

Purchases (Ninja Pro, founding tiers, VPN passes) are processed by our third-party payment provider. We receive confirmation that a purchase occurred and a license token to unlock the relevant feature on your device. We do not receive or store your full card details. The payment provider processes your payment information under its own privacy policy.

6. The founding waitlist

If you join the founding list, you voluntarily provide an email address so we can notify you at launch. This email is stored only for that purpose, is never linked to your @name, and you may request its deletion at any time. We send one launch notification and do not sell or share this list.

7. What we do not do

We do not track your location.
We do not profile you, build advertising identities, or run ads.
We do not sell, rent, or share personal data — we hold almost none to begin with.
We do not embed third-party analytics or trackers in the application.

8. Your rights

Because your identity and data live on your device, you control them directly: you can rotate your @name, clear conversations, or delete the application and its data entirely. For the limited data we do hold (a waitlist email or a purchase license record), you may contact us to access or delete it.

9. Children

Ninja Messenger is not directed to children under the age required by your jurisdiction, and we do not knowingly collect data from them.

10. Changes

We may update this policy as the product evolves. Material changes will be reflected by the “last updated” date above.

11. Contact

Questions about this policy can be sent to us via our channels or the contact path provided in the application.

// This document is a starting template and should be reviewed against the laws of each jurisdiction in which the app is offered.