← Back to Home

Privacy Policy

Last Updated: 13/March/2026

The App and related website at https://im.cc/ (together, the Services) are developed by Brian Cartmell (the Developer).

In this Privacy Policy, any person who accesses or uses the Services is referred to as you or your.

The Developer has prepared this Privacy Policy to help you understand what personal information the Developer collects, how the Developer uses it, who the Developer discloses it to, and how you can correct or change it.

"Personal information" means any information about an individual where that information can be linked to (or in conjunction with other data can be linked to) an identifiable individual. The Developer is located in New Zealand and will handle all personal information in accordance with this Privacy Policy and the New Zealand Privacy Act 2020.

Please read this Privacy Policy carefully before accessing or using the Services.

The Developer may update this Privacy Policy from time to time and will post the date the Developer has last updated it. Please refer to this page regularly to see any changes to this Privacy Policy. Any updated policy will apply from the time the Developer posts it on the website and will apply to all personal information the Developer already holds.

1. Collection

1.1 Device Information

When you access and use the App, the following types of information are created (together, the Device Information):

• Information related to your identity, including your display name, cryptographic key pair, and PIN hash
• Information related to your contacts (or your information if you are a contact of other users), including names, fingerprints, verification seeds, device secrets, and exchange metadata
• Your contacts' encryption key
• Information related to your device secrets, including per-contact secrets
• Information related to your verification history for each contact

1.2 Information Collected by the Developer

The Developer may collect information about your access to, and use of, the Services, including:

• Analytics Information: Information created as a result of specific actions you make in the App, including a one-way SHA-256 hash of your device fingerprint, single word descriptive event names (for example, "install", "unlock", "contact-add", "contact-verified", or "contact-delete"), App version and build number, and your IP address
• Online Contact Exchange Information: Where you use the online contact exchange feature, end-to-end encrypted payloads, a one-way SHA-256 hash of your device fingerprint, and invitation data
• Real-time Exchange Information: Where you use the real-time exchange and online verify feature, end-to-end encrypted payloads, and a room ID in the form of a SHA-256 hash derived from the invite code and encryption code
• Other personal information that you provide to the Developer through your dealings with the Developer
• Aggregate technical information that relates to your use of the Services but does not relate to you personally (if the Developer combines or connects aggregate information with your personal information so that it can directly or indirectly identify you, the Developer will treat the combined data as personal information which will be used in accordance with this Privacy Policy)

1.3 Sources of Personal Information

The Developer may collect personal information about you from the following sources:

• Directly, through your use of the Services, when you are prompted to provide information
• Indirectly, through your use of the Services, including by automated technologies and interactions
• Through your interaction with the Developer
• Provided by third parties authorised by you

1.4 What's NOT Collected

When you access and use the Services, certain types of information are not collected and are not accessible by the Developer including (without limitation):

• Your name (other than chosen display name) or other identifying information including email address, phone number, location or GPS data
• Your contacts from your device address book
• Your verification codes or identifiable verification history
• Your device model, OS version, or any other hardware identifiers

If you fail to provide the Developer with information that the Developer requests, including where required by the Services, then this may result in certain Services (or certain aspects of Services) not being available to you.

2. Use

The Developer may use your personal information:

• To provide you with, and assist you with using, the Services
• To enhance the delivery of the Services to you
• To contact you in relation to your use of the Services, including to respond to any queries and/or comments that you have sent to the Developer
• To monitor, develop and improve the Services
• To comply with our legal obligations
• For any other use that you authorise

The Developer uses the Analytics Information on an aggregated basis. The Analytics Information is collected and aggregated so you cannot be identified personally, and no personal information is stored about you through the Analytics Information. The Developer may use the Analytics Information to enhance the delivery of the Services to you or our other customers.

3. Disclosure of Information

The Developer may share personal information with other organisations or individuals:

• To the extent reasonably necessary to provide the Services to you
• Where the Developer engages third-party service providers, to the extent reasonably necessary for them to provide services to the Developer. For example, the Developer may use third parties to provide hosting, maintenance, backup, storage, technology infrastructure, and other services, which may require them to access personal information about you. If a service provider needs to access information about you to perform services on the Developer's behalf, they do so under instruction from the Developer, and the Developer will ensure that the third parties agree to use the personal information only as required to perform those services (and not for other purposes), and to process the personal information in accordance with applicable privacy laws
• When specifically authorised by you (or your authorised representative)
• If the Developer believes that sharing is reasonably necessary to:
  • Comply with any applicable law, regulation, legal process or governmental request
  • Enforce the Developer's terms, policies or legal rights
  • Protect the security or integrity of the Services
  • Safeguard the Developer and the rights and safety of others

4. Security

The Developer has implemented appropriate technical and organisational measures to protect your personal information against theft, loss or unauthorised access, use, modification, disclosure or disposal. However, no data transmission over the internet can be guaranteed to be completely secure. The Developer cannot guarantee the security of any information you transmit or receive through the Services. These activities are conducted at your own risk.

The Device Information is stored on your device, including in the iOS Keychain using hardware-encryption by iOS (as applicable), and is not stored in any cloud service controlled by the Developer.

The Analytics Information, Online Contact Exchange Information, and Real-time Exchange Information, is processed, relayed through and/or stored on the Developer's server.

5. Links to Other Sites

The Services may contain links to third party sites and applications. Some of these may request information from you or otherwise collect information from you. The Developer has no control over the content or privacy practices of those sites and applications and recommends you check any relevant privacy policies before providing your personal information to any third party.

6. Holding, Correcting and Updating Personal Information

Data Retention

The Developer will only retain your personal information for as long as reasonably necessary to fulfil the purposes it is collected for. In addition, the Online Contact Exchange Information is automatically deleted after 24 hours or upon successful exchange or cancellation, whichever is sooner.

Where Information is Held

Any personal information about you that the Developer collects will be held by:

• The Developer, on servers controlled by the Developer; or
• The service providers, described in section 3

Not all of those providers or environments are in New Zealand. Your personal information may be transferred, hosted and/or processed outside of New Zealand and the Developer will comply with its legal obligations relating to any international transfers of personal information.

Your Rights

You have rights of access to and correction of personal information that the Developer holds about you. You have the right to request access to your personal information, which enables you to receive a copy of the personal information that the Developer holds about you. You have the right to request correction of any of your personal information at any time and as often as necessary. The Developer relies on you to update or correct your personal information whenever necessary.

If you have any questions about how the Services work or regarding this Privacy Policy, or if you wish to access or correct personal information that the Developer holds about you, then please contact the Developer by sending an email to hello@im.cc.

The Developer may need to request specific information to help the Developer confirm the identity of a person making an access or correction request. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. The Developer may also request further information to speed up the response.

You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues in your country. The Developer would, however, appreciate the chance to deal with your concerns before you approach them, so please contact the Developer in the first instance at hello@im.cc.

For information about New Zealand's Privacy Act 2020 and how it protects the personal information of individuals in New Zealand, please visit: www.privacy.org.nz.