Privy Terms of Service

1. Acceptance of Terms

By accessing or using Privy ("Service," "Platform," "Application," "we," "us," or "our"), you ("User," "you," or "your") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

These Terms constitute a legally binding agreement between you and Privy. By creating an account, accessing, or using any part of the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy.

2. Service Description

Privy is an end-to-end encrypted messaging platform that provides:

• Secure Messaging: End-to-end encrypted communications using Signal Protocol (X3DH key agreement and Double Ratchet algorithm)
• User Authentication: Email-based registration and multi-factor authentication
• Friend Management: Friend requests, contacts, and blocking functionality
• Privacy Features: Sealed sender, message padding, timing obfuscation, and metadata minimization
• Hosted Service: Professionally managed infrastructure for reliable, secure messaging

2.1 Zero-Knowledge Architecture

Due to our end-to-end encryption implementation, we cannot recover your messages if you lose your device or encryption keys. You are solely responsible for maintaining access to your account and backing up your encryption keys.

3. Eligibility

You must be at least 13 years of age to use this Service. If you are between 13 and 18 years of age (or the age of legal majority in your jurisdiction), you may only use the Service with the permission and under the supervision of a parent or legal guardian who agrees to be bound by these Terms.

By using the Service, you represent and warrant that:

• You are legally able to enter into binding contracts
• You are not prohibited from using the Service under any applicable laws
• You have not been previously suspended or banned from using the Service

4. Account Registration and Security

4.1 Account Creation

To use the Service, you must:

• Provide a valid email address
• Create a secure password (we use Argon2id hashing)
• Complete email verification
• Generate cryptographic keys (identity keys, signed pre-keys, one-time pre-keys)

4.2 Account Security

You are responsible for:

• Maintaining the confidentiality of your account credentials
• All activities that occur under your account
• Notifying us immediately of any unauthorized access or security breach
• Using strong, unique passwords
• Protecting your device and encryption keys

We are not liable for any loss or damage arising from your failure to protect your account credentials or encryption keys.

4.3 Device Fingerprinting

For security purposes, we collect device fingerprints including:

• IP address and geolocation data (city, region, country)
• User agent, browser, and operating system information
• Device characteristics (screen size, color depth, hardware specs)
• Session metadata for authentication and fraud prevention

This data is used solely for security, fraud prevention, and service delivery. See our Privacy Policy for details.

5. Acceptable Use Policy

5.1 Permitted Uses

You may use the Service for lawful communication purposes consistent with these Terms.

5.2 Prohibited Uses

You agree NOT to use the Service to:

Illegal Activities:

• Violate any local, state, national, or international law or regulation
• Engage in any illegal activity or promote illegal activities
• Distribute child sexual abuse material (CSAM) or engage in child exploitation
• Facilitate human trafficking, terrorism, or organized crime
• Engage in fraud, money laundering, or other financial crimes
• Distribute controlled substances or engage in illegal drug trade

Harmful Content:

• Transmit content that is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another's privacy, or tortious
• Distribute malware, viruses, or other malicious code
• Engage in phishing, social engineering, or other deceptive practices
• Share non-consensual intimate images or engage in "revenge porn"
• Engage in cyberbullying, stalking, or harassment

Service Abuse:

• Use automated systems (bots) for bulk messaging, spam, or auto-dialing
• Attempt to bypass rate limits or security measures
• Reverse engineer, decompile, or attempt to extract source code
• Interfere with or disrupt the Service or servers
• Attempt to gain unauthorized access to any part of the Service
• Impersonate any person or entity or falsely state affiliation

Intellectual Property Violations:

• Infringe upon the intellectual property rights of others
• Share copyrighted content without authorization
• Use the Service's trademarks without permission

5.3 Enforcement

We reserve the right to:

• Investigate suspected violations of these Terms
• Suspend or terminate accounts that violate these Terms
• Cooperate with law enforcement when legally required
• Remove users who abuse the Service

Note on Encrypted Content: Due to our end-to-end encryption, we cannot proactively monitor message content. We rely on user reports and metadata analysis to identify prohibited conduct.

6. Intellectual Property Rights

6.1 Service Ownership

The Service, including all software, designs, graphics, text, and other content (excluding user-generated content), is owned by Privy and protected by United States and international copyright, trademark, patent, and other intellectual property laws.

6.2 User Content

You retain all rights to the content you create and share through the Service. By using the Service, you grant us a limited license to:

• Store and transmit your encrypted messages
• Process necessary metadata for message delivery
• Perform technical operations necessary to provide the Service

We do NOT claim ownership of your content. Due to end-to-end encryption, we cannot access your message content.

6.3 Open Source Components

Privy uses several open-source components. The Service's source code may be made available under applicable open-source licenses. Use of open-source components is subject to their respective licenses.

7. Privacy and Data Protection

7.1 Privacy Policy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference. By using the Service, you consent to our data practices as described in the Privacy Policy.

7.2 End-to-End Encryption

All messages are end-to-end encrypted using Signal Protocol:

• We cannot read your messages
• We cannot provide message content to third parties (including law enforcement) because we do not have access to it
• Messages are encrypted on your device and decrypted only on the recipient's device

7.3 Metadata Collection

We collect minimal metadata necessary for service operation:

• Account information (email, username, tag)
• Delivery information (sender, recipient, timestamp - obfuscated ±5 minutes)
• Session information for authentication
• Device fingerprints for security

We do NOT collect:

• Message content
• Contact lists (stored locally on your device)
• Detailed communication patterns beyond what's necessary for delivery

7.4 Data Retention

• Messages: Encrypted messages are stored until delivered, then may be retained encrypted on our servers depending on your settings
• Metadata: Delivery metadata is retained for up to 30 days
• Account Data: Retained until account deletion
• Session Data: Session tokens expire after 7 days of inactivity

7.5 Data Location

Our servers are located in the United States. By using the Service, you consent to the transfer and processing of your encrypted data in the United States.

8. Third-Party Services

8.1 Email Service

We use SMTP services for sending verification emails and notifications. Your email address is processed according to our Privacy Policy.

8.2 Infrastructure Providers

We use third-party infrastructure providers for hosting and delivery. These providers have access only to encrypted data and minimal metadata necessary for service operation.

8.3 No Endorsement

We do not endorse any third-party services or content accessed through the Service. Third-party services are governed by their own terms and privacy policies.

9. Disclaimer of Warranties

TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

• MERCHANTABILITY: We do not warrant that the Service is suitable for any particular purpose
• FITNESS FOR A PARTICULAR PURPOSE: We make no guarantees about the Service's functionality
• NON-INFRINGEMENT: We do not warrant that the Service does not infringe third-party rights
• ACCURACY: We do not guarantee the accuracy, reliability, or completeness of any content
• AVAILABILITY: We do not guarantee uninterrupted, timely, secure, or error-free operation
• SECURITY: While we implement industry-standard security measures, we cannot guarantee absolute security

9.1 Encryption Disclaimer

While we use industry-standard encryption protocols (Signal Protocol):

• No encryption system is 100% secure
• Encryption does not protect against device compromise, malware, or user error
• We are not responsible for security breaches caused by factors outside our control
• You are responsible for protecting your devices and encryption keys

10. Limitation of Liability

10.1 Exclusion of Damages

WE SHALL NOT BE LIABLE FOR ANY:

• INDIRECT DAMAGES: Including but not limited to lost profits, lost data, loss of goodwill
• CONSEQUENTIAL DAMAGES: Any damages arising from use or inability to use the Service
• INCIDENTAL DAMAGES: Any unintended consequences of using the Service
• SPECIAL DAMAGES: Any damages beyond direct damages
• PUNITIVE DAMAGES: Damages intended to punish

This applies regardless of the legal theory (contract, tort, negligence, strict liability, or otherwise) and whether or not we were advised of the possibility of such damages.

10.2 Cap on Liability

IN NO EVENT SHALL OUR TOTAL AGGREGATE LIABILITY EXCEED THE GREATER OF:

• $100 USD, or
• The amount you paid us in the 12 months preceding the claim

10.3 Specific Exclusions

We are not liable for:

• Data Loss: Loss of messages, contacts, or other data (maintain your own backups)
• Unauthorized Access: Breaches caused by your failure to protect your credentials
• Third-Party Actions: Actions of other users or third parties
• Service Interruptions: Downtime, maintenance, or technical issues
• Government Actions: Seizure, blocking, or legal demands
• Force Majeure: Events beyond our reasonable control (natural disasters, wars, pandemics, internet outages)

10.4 No Consequential Liability for Encrypted Content

BECAUSE WE CANNOT ACCESS YOUR ENCRYPTED MESSAGES, WE CANNOT BE HELD LIABLE FOR:

• User-generated content
• Harm caused by messages sent through the Service
• Illegal activities conducted using the Service
• Decisions made based on information received through the Service

11. Indemnification

You agree to indemnify, defend, and hold harmless Privy, its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including attorney's fees) arising from:

• Your use of the Service
• Your violation of these Terms
• Your violation of any third-party rights, including intellectual property or privacy rights
• Your violation of any applicable laws or regulations
• Any content you submit, post, or transmit through the Service
• Any harm caused by your account to other users

This indemnification obligation survives termination of these Terms.

12. Modifications to the Service

We reserve the right to:

• Modify or discontinue any part of the Service at any time
• Change features, functionality, or availability
• Update security protocols or encryption methods
• Impose limits on features or storage

We will provide reasonable notice of material changes when feasible, but we are not obligated to provide advance notice for:

• Security updates
• Bug fixes
• Minor feature changes
• Emergency changes

Continued use of the Service after changes constitutes acceptance of the modifications.

13. Modifications to Terms

We may modify these Terms at any time. When we make changes:

• We will update the "Last Updated" date at the top of this document
• Material changes will be communicated via email or in-app notification
• You will be required to accept the new Terms to continue using the Service

Your continued use of the Service after Terms modifications constitutes acceptance of the revised Terms. If you do not agree to the modified Terms, you must stop using the Service.

14. Account Termination

14.1 Termination by You

You may terminate your account at any time by:

• Using the account deletion feature in the app
• Contacting our support team
• Ceasing to use the Service

Upon termination:

• Your account will be deleted
• Your messages may remain encrypted on our servers (we cannot delete what we cannot access)
• Some metadata may be retained for legal or security purposes as outlined in our Privacy Policy

14.2 Termination by Us

We may suspend or terminate your account if:

• You violate these Terms
• Your account is used for illegal activities
• We are required to do so by law
• We determine your use poses a security risk

We will provide notice when feasible, but immediate suspension may be necessary for security or legal reasons.

14.3 Effect of Termination

Upon termination:

• Your license to use the Service immediately terminates
• You must cease all use of the Service
• Sections of these Terms that by their nature should survive will remain in effect (including disclaimers, limitations of liability, indemnification)

15. DMCA and Copyright Policy

15.1 DMCA Compliance

We comply with the Digital Millennium Copyright Act (DMCA). If you believe content on the Service infringes your copyright, contact us with:

• Your contact information (name, address, email, phone)
• Description of the copyrighted work
• Description of the allegedly infringing content and its location
• Statement of good faith belief that use is unauthorized
• Statement under penalty of perjury that the information is accurate
• Your physical or electronic signature

Note: Due to end-to-end encryption, we cannot view message content. DMCA claims are limited to metadata and publicly visible content (usernames, profile information).

15.2 Counter-Notification

If your content was removed due to a DMCA claim and you believe it was wrongful, you may submit a counter-notification following DMCA procedures.

15.3 Repeat Infringers

We will terminate accounts of users who are repeat copyright infringers.

16. Export Controls and Sanctions

16.1 Export Compliance

The Service uses encryption technology subject to U.S. export control laws. You agree to comply with all applicable export and import laws and regulations.

You may not use the Service if you are:

• Located in a country subject to U.S. government embargo
• Listed on any U.S. government list of prohibited or restricted parties
• Subject to sanctions by the Office of Foreign Assets Control (OFAC)

16.2 Encryption Export

Strong cryptography is subject to export controls under the Export Administration Regulations (EAR). By using this Service, you represent that you are not located in, under the control of, or a national or resident of any restricted country.

17. Dispute Resolution

17.1 Governing Law

These Terms are governed by the laws of the United States and the State of [Your State], without regard to conflict of law provisions.

17.2 Informal Resolution

Before filing a lawsuit, you agree to contact us and attempt to resolve any dispute informally. Contact us at: support@privyapp.org

17.3 Arbitration Agreement

Disputes will be resolved through binding arbitration under the Federal Arbitration Act (FAA) and the rules of the American Arbitration Association (AAA).

Exceptions: Either party may bring a lawsuit in court for:

• Intellectual property disputes
• Small claims court matters (if eligible)
• Injunctive relief to stop unauthorized use or abuse

17.4 Class Action Waiver

You agree to resolve disputes with us only on an individual basis, and you waive your right to participate in class actions, class arbitrations, or representative proceedings.

17.5 Jurisdiction and Venue

If arbitration does not apply, you agree to submit to the personal and exclusive jurisdiction of the state and federal courts located in [Your State/County]. You waive any objection to venue or inconvenient forum.

18. Miscellaneous Provisions

18.1 Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and Privy regarding the Service and supersede all prior agreements.

18.2 Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will remain in full effect, and an enforceable term will be substituted that reflects our intent as closely as possible.

18.3 No Waiver

Our failure to enforce any provision of these Terms does not constitute a waiver of that provision or our right to enforce it in the future.

18.4 Assignment

You may not assign or transfer these Terms or your account without our written consent. We may assign these Terms to any affiliate or in connection with a merger, acquisition, or sale of assets.

18.5 Force Majeure

We are not liable for any failure or delay in performance due to circumstances beyond our reasonable control, including acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemics, strikes, or shortages of transportation, facilities, fuel, energy, labor, or materials.

18.6 Notice

We may provide notices to you via email, in-app notifications, or by posting on our website. You consent to receive communications electronically, and you agree that such electronic communications satisfy any legal requirement for written notice.

18.7 Language

These Terms are provided in English. Any translations are provided for convenience only. In the event of any conflict, the English version prevails.

18.8 Survival

Provisions that by their nature should survive termination will survive, including but not limited to: disclaimers, limitations of liability, indemnification, intellectual property rights, dispute resolution, and miscellaneous provisions.

19. Contact Information

For questions, concerns, or notices regarding these Terms:

Email: support@privyapp.org
Website: https://privyapp.org
Mail: [Your Physical Address]

19.1 Security Issues

To report security vulnerabilities, please contact: security@privyapp.org

Do not publicly disclose security issues until we have had an opportunity to address them.

19.2 DMCA Agent

For copyright infringement claims:
DMCA Agent: [Name]
Email: dmca@privyapp.org
Address: [Physical Address]

19.3 Law Enforcement

Law enforcement requests should be directed to: legal@privyapp.org

Note: Due to our zero-knowledge architecture, we cannot provide access to encrypted message content. We can only provide limited metadata as described in our Privacy Policy and as required by law.

20. Acknowledgment

IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SERVICE.