Privacy Policy

• We do not run any servers that hold your messages, your address book, your wallet keys, or your IP address.
• Every message is end-to-end encryptedon your device using MLS (RFC 9420) before it leaves the browser. Only your recipient’s wallet can decrypt it.
• Your wallet is your identity. No email, phone number, password, or seed phrase is collected.
• The only personal data we ever process is whatever you voluntarily put in a support email to support@mykeychat.com.
• We do not use cookies, analytics, advertising trackers, or fingerprinting on this website or in the extension.

Keychat (“Keychat”, “we”, “us”) is a non-profit open protocol and browser extension distributed by the Keychat Foundation. The data controller for the limited purposes described below is the Keychat Foundation.

Contact: support@mykeychat.com

From the extension: nothing. The extension runs entirely in your browser, stores message history in encrypted local storage (OPFS) on your device, and talks directly to the public XMTP relay network. Messages are encrypted with MLS before they are transmitted. We do not operate any backend that observes traffic, holds copies, or links your wallet to any other identifier.

From this website: nothing personal. We do not set cookies, run analytics scripts, or log IP addresses for tracking. Standard server access logs may exist transiently for security and abuse prevention; they are not used to profile visitors and are not retained beyond what is necessary for the operation of the site.

If you contact us: we receive whatever you put in your email — typically your wallet address (if you choose to share it), the question or issue, and your reply email address. We use this only to answer you.

• The contents of your messages (encrypted on your device, decryptable only by the recipient).
• Your contact list or social graph (we have no servers that see who messages whom).
• Your wallet’s private keys or seed phrase (held only by your wallet software).
• Your real-world identity (we do not link wallets to people).
• Your location, device fingerprint, or browsing history.

When you use Keychat, your encrypted messages travel through the XMTP decentralized network. XMTP node operators see only the ciphertext and routing metadata required to deliver a message — they cannot read the contents. Their handling is governed by the XMTP protocol; see xmtp.org.

Wallet connections (MetaMask, Coinbase Wallet, WalletConnect-compatible wallets) are handled by the wallet vendor directly; Keychat never sees your private key or any signing material beyond the public address and signatures you explicitly authorize.

We do not share data with advertisers, data brokers, or marketing networks. We do not sell anything to anyone.

For the minimal data we receive when you email us, the lawful basis under Article 6(1) of the GDPR is legitimate interest (responding to your inquiry) or, if applicable, consent. We do not engage in any processing activity that would require a different basis.

• Encrypted messages:stored locally on your device for as long as you keep the extension installed; copies on the XMTP network persist according to the protocol’s defaults and are not under our control.
• Support email correspondence: kept for up to 24 months for context on recurring issues, then deleted.

Under the GDPR, UK GDPR, CCPA, KVKK and similar regimes you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing or lodge a complaint with a supervisory authority. Because we collect almost no personal data, most requests reduce to: “please delete my support email thread,” which we’ll honor on request.

To exercise any right, email support@mykeychat.com. We respond within 30 days.

Keychat is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

When we change this policy we update the “Last updated” date at the top. Material changes that affect your rights will be announced on mykeychat.com.