BeChat Privacy Policy

Last Updated: January 2026

1. Introduction

BeChat ("we", "our", or "the app") is a privacy-focused messaging application that uses end-to-end encryption to protect your communications. This privacy policy explains how we collect, use, and protect your information.

We are committed to protecting your privacy and ensuring that your personal data is handled responsibly. This policy applies to all users of BeChat and describes our practices regarding data collection, use, and disclosure.

2. Data Collection

2.1 Information We Collect

  • Account Information: Your unique PIN (generated during registration) and cryptographic keys. The PIN is used solely for identification and is not linked to any personal information.
  • Messages: All messages are end-to-end encrypted and stored locally on your device. Encrypted message metadata (sender, recipient, timestamp) is stored on our servers for delivery purposes only.
  • Contacts: Contact PINs you add are stored locally on your device. We do not have access to your contact list.
  • Device Information: Device name, type, and fingerprint for authentication and security purposes.
  • Usage Data: Last seen timestamp (optional), online status. This information is only shared with your contacts if you enable it.
  • Media Files: Photos, videos, and audio files you choose to share are encrypted before transmission.

2.2 Information We Do NOT Collect

  • Personal identifiable information (name, email, phone number, address)
  • Message content (we cannot read your encrypted messages)
  • Location data (except when voluntarily shared)
  • Analytics or tracking data
  • Browsing history or app usage patterns
  • Contact lists from your device
  • Biometric data

3. Permissions Explained

3.1 Camera Permission

Why we need it: To allow you to take photos and videos to share in conversations.

How we use it: Camera access is only used when you explicitly choose to capture media within the app. We do not access your camera in the background.

You can revoke this permission: At any time through your device settings.

3.2 Storage Permission

Why we need it: To allow you to select and share photos, videos, and audio files from your device.

How we use it: Storage access is only used when you choose to attach media to messages. All media is encrypted before transmission. We do not scan or index your media files.

You can revoke this permission: At any time through your device settings.

3.3 Internet Permission

Why we need it: To send and receive encrypted messages through our servers.

How we use it: All network communication is encrypted. We use this permission only for message delivery and synchronization.

3.4 Notification Permission

Why we need it: To notify you of new messages when the app is not in the foreground.

How we use it: We only send notifications for new messages. Notification content does not include message text for privacy reasons.

4. How We Use Your Information

  • Message Delivery: Encrypted messages are transmitted through our servers but cannot be read by us. We only route encrypted data between devices.
  • Authentication: Your device credentials authenticate you with our servers using secure protocols.
  • Presence: Your online/last seen status is shared with your contacts (if enabled). You can disable this feature at any time.
  • Account Management: Device information is used to manage your account and prevent unauthorized access.

5. Data Security

We implement industry-leading security measures to protect your data:

  • End-to-End Encryption: All messages are encrypted on your device. Only you and your recipient can decrypt messages.
  • Local Storage: Messages are stored encrypted in your device's local database. We never have access to your local data.
  • Zero Knowledge: Our servers cannot decrypt your messages or media. Encryption keys never leave your device.
  • Secure Media: Photos and videos are encrypted before upload. Media files are deleted from our servers after successful delivery.
  • Perfect Forward Secrecy: Session keys rotate automatically, ensuring that past messages remain secure even if current keys are compromised.
  • Secure Authentication: We use modern token-based authentication. Tokens expire regularly and can be refreshed securely.
  • Transport Security: All data in transit is protected with strong encryption.

6. Data Sharing

We do NOT:

  • Sell your data to third parties
  • Share your data with advertisers
  • Use your data for marketing purposes
  • Access or read your encrypted messages
  • Share your data with government agencies unless required by law
  • Use third-party analytics or tracking services

We only share encrypted message metadata with:

  • Our servers: For message routing and delivery (encrypted in transit). Our servers cannot decrypt message content.
  • Your contacts: Online status and read receipts (if enabled). You can disable these features.

6.1 Third-Party Services

BeChat does not use third-party analytics, advertising, or tracking services. We may use third-party infrastructure providers for server operations, but these providers do not have access to your encrypted data.

7. Data Retention

  • Messages: Stored locally on your device until you delete them.
  • Server Data: Encrypted messages are deleted from servers after successful delivery. Message metadata may be retained for up to 90 days for delivery confirmation.
  • Account Data: Retained while your account is active. When you deactivate your account, all associated data is deleted within 30 days.
  • Media Files: Encrypted media files are deleted from our servers after successful delivery.

8. Your Rights

You have the right to:

  • Access: Request a copy of the data we have about you (limited to metadata, as we cannot access message content)
  • Deletion: Delete your messages and conversations at any time. Deactivate your account to delete all associated data.
  • Correction: Update your account information and device settings
  • Control: Control your online status visibility, read receipts, and notification preferences
  • Block: Block unwanted contacts
  • Report: Report abusive messages or users
  • Data Portability: Export your messages (stored locally on your device)
  • Withdraw Consent: Revoke permissions at any time through your device settings

To exercise these rights, contact us at privacy@betweet.eu.

9. Children's Privacy

BeChat is not intended for users under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@betweet.eu.

10. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable data protection laws.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Posting a notice in the app (for significant changes)

Your continued use of BeChat after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this privacy policy, please contact us at:

Email: privacy@betweet.eu
Support: support@betweet.eu

We will respond to your inquiry within 30 days.

13. Legal Compliance

BeChat complies with:

  • General Data Protection Regulation (GDPR): We comply with EU data protection laws.
  • California Consumer Privacy Act (CCPA): California residents have applicable privacy rights.
  • App Store policies: We comply with all platform privacy and security requirements.

If you are located in the European Economic Area (EEA), you have additional rights under GDPR. Please contact us to exercise these rights.

14. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach
  • Notify relevant data protection authorities as required by law
  • Provide details about the nature of the breach and steps we're taking to address it

Note: Due to our zero-knowledge architecture, even in the event of a server breach, attackers would not be able to decrypt your messages.