← Back to Home
Privacy Policy
Last Updated: February 4, 2026
🔒 It's Me is designed with privacy at its core. Your cryptographic identity and contacts are encrypted and stored locally on your device. We cannot read, access, or recover your data.
Information Storage
What's Stored on Your Device
The following information is created and stored locally on your iPhone only:
- Your Identity: Your display name, cryptographic key pair, and PIN hash, stored in the iOS Keychain with hardware-level protection (
kSecAttrAccessibleWhenUnlockedThisDeviceOnly)
- Your Contacts: Names, fingerprints, verification seeds, device secrets, and exchange metadata — encrypted at rest with AES-256-GCM using a device-bound key
- Contacts Encryption Key: A 256-bit AES key stored in the iOS Keychain, bound to your physical device and not included in iCloud backups
- Device Secrets: Per-contact secrets stored in the iOS Keychain, used to detect phone changes
- Verification History: When you last verified each contact
Contacts Encryption at Rest
All contact data is encrypted before being written to storage using AES-256-GCM. The encryption key is stored in the iOS Keychain and is bound to your physical device — it does not transfer via iCloud backup. This means:
- Contact data stored on your device is encrypted and unreadable without the key
- If your device is backed up to iCloud, the encrypted contacts are included but cannot be decrypted on a different device
- When transferring to a new device, the encryption key is included in the identity export (QR code transfer)
Information We Collect
Analytics Ping
The app sends a minimal, periodic analytics ping when launched. This helps us understand app usage in aggregate. The ping contains:
- A one-way hash of your device fingerprint — this is a SHA-256 hash, not your actual identity. We cannot reverse it to identify you.
- Use of the app — limited, non-content usage events such as whether the app has been set up or a contact has been added or deleted.
- App version and build number
- Your IP address — visible to our server as part of normal internet communication. We may infer approximate country and city from IP addresses for aggregate diagnostic analysis.
The ping does not include your name, contacts, verification codes, messages, or any personal content. The hashed identifier is used only to estimate unique users in aggregate and is not used for tracking, profiling, or advertising.
Online Contact Exchange
When you use the online contact exchange feature (adding contacts remotely), the following occurs:
- Encrypted payloads are temporarily stored on our server. These payloads are encrypted end-to-end — the server cannot decrypt or read them. Only the intended recipient, using a code shared out-of-band, can decrypt the payload.
- A one-way hash of your device fingerprint is sent as an identifier to match invites. This is the same SHA-256 hash used in pings — we cannot reverse it.
- Invite data is automatically deleted after 24 hours or upon successful exchange, whichever comes first.
At no point does the server have access to your name, your contacts' names, or any unencrypted identity information.
Real-Time Exchange (WebSocket)
For real-time online exchanges, a WebSocket relay server is used to facilitate direct encrypted communication between two devices. The relay:
- Forwards encrypted messages between matched devices
- Cannot decrypt or read any payload content
- Does not store messages — they are relayed in real-time and discarded
- Room identifiers are derived from invite codes and are meaningless to the server
What's NOT Collected
We do not collect, transmit, or have access to:
- Your name or identity information
- Your contacts or who you communicate with
- Your verification codes or identifiable verification history
- Your device model, OS version, or hardware identifiers
- Any content of your exchanges (all payloads are end-to-end encrypted)
How Your Data is Protected
- Identity Encryption: Your private key and PIN hash are stored in the iOS Keychain with hardware-level encryption, bound to your physical device
- Contacts Encryption: All contact data is encrypted at rest with AES-256-GCM using a device-bound key stored in the Keychain
- Biometric Protection: Face ID or Touch ID is required to access the app and your cryptographic identity
- End-to-End Encryption: All data exchanged during online contact setup is encrypted with AES-256-GCM. The encryption key is derived from a code shared directly between users — the server never sees this code.
- API Authentication: All requests to our server are authenticated with HMAC-SHA256 signatures to prevent tampering and unauthorized access
Camera Usage
The app requests camera access to scan QR codes when adding contacts or importing an identity. Camera data is processed in real-time and is never stored, recorded, or transmitted.
Face ID / Touch ID Usage
Biometric authentication is used to verify that you are the device owner before accessing your cryptographic identity. Biometric data is handled entirely by iOS and is never accessible to the app.
Bluetooth Usage
The app uses Bluetooth Low Energy (BLE) for in-person contact exchange when both users are nearby. Bluetooth is used only during the exchange process to discover and communicate with the other device. All data transmitted over Bluetooth is encrypted end-to-end. No Bluetooth data is stored or transmitted to any server.
Third-Party Services
It's Me uses no third-party analytics, advertising, or tracking services:
- No Google Analytics, Firebase, or similar analytics platforms
- No crash reporting services
- No advertising networks
- No social media integrations
- No cloud storage or sync services
The only server communication is our own exchange server (for online contact setup) and a minimal analytics ping as described above.
Data Sharing
We do not share any data with third parties. The minimal analytics data we collect (hashed device fingerprint and app usage information) is used solely by us to understand aggregate app usage.
Data Retention
- On-device data: Remains until you delete the app. You can also reset all data from within the app's settings.
- Online exchange data: Automatically deleted after 24 hours or upon successful exchange.
- Analytics pings: Stored in server logs. These contain only hashed identifiers, app usage information, and country/city.
Children's Privacy
The app does not knowingly collect personal information from anyone, including children under 13. The analytics ping contains only a hashed device identifier and general app usage information — no personal information.
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last Updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this Privacy Policy, you can contact:
Email: hello@im.cc