šŸ” Cherami

Privacy Policy

Last updated: June 25, 2025

Our Commitment to Privacy

At Cherami, privacy isn't just a featureā€”it's our foundation. We built this service because we believe you should be able to share sensitive information without worrying about who else might see it.

Zero-Knowledge Architecture

Cherami uses end-to-end encryption with a zero-knowledge architecture. This means:

  • Messages are encrypted in your browser before being sent to our servers
  • We never receive or store your encryption keys
  • We cannot decrypt or read your messagesā€”even if we wanted to
  • If you lose your message link, we cannot recover it

What We Collect

Message Metadata

  • Encrypted message content (which we cannot decrypt)
  • View count and expiration settings
  • Creation timestamp
  • Optional self-note (encrypted with your message)

Technical Information

  • Basic server logs (IP addresses are not associated with messages)
  • Error logs for debugging (no message content)
  • Aggregate usage statistics

Payment Information (Paid Plans)

  • Payment processing is handled by Stripe
  • We store only your email and subscription status
  • We never store credit card details

What We Don't Collect

  • Unencrypted message content
  • Encryption keys or passwords
  • Personal information (unless you create a paid account)
  • Tracking cookies or advertising identifiers
  • Device fingerprints
  • Analytics or behavioral data
  • Third-party cookies

Cookie Usage

We respect your privacy and only use essential cookies required for the service to function:

  • Authentication: To keep you securely logged in
  • Security: For two-factor authentication and session management
  • Functionality: To remember your subscription tier

We do NOT use:

  • Analytics cookies (no Google Analytics, etc.)
  • Advertising or marketing cookies
  • Social media tracking cookies
  • Any third-party cookies

For full details, see our Cookie Policy.

Message Deletion

Messages are automatically deleted from our servers:

  • After all allowed views have been used
  • When the expiration time is reached
  • Within 10 minutes after final viewing

Deleted messages are permanently removed and cannot be recovered.

Data Security

  • All connections use HTTPS/TLS encryption
  • Servers are hosted in secure data centers
  • Regular security audits and updates
  • Principle of least privilege for system access

GDPR Compliance

For users in the European Union:

  • Right to Access: You can request what data we have about you
  • Right to Erasure: Messages auto-delete; account data can be deleted on request
  • Right to Portability: Export your account data anytime
  • Right to Rectification: Update your account information
  • Legal Basis: Legitimate interest (free tier) or contract (paid tiers)

Law Enforcement

Due to our zero-knowledge architecture:

  • We cannot decrypt messages even if legally compelled
  • We can only provide encrypted data and metadata
  • We will notify users of requests unless legally prohibited
  • We publish a transparency report annually

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify users of significant changes via our website.

Contact Us

For privacy concerns or data requests:

Email: privacy@cherami.link
Company: Redwood Digital LLC
Response time: Within 30 days