Privacy Policy

Your privacy isn't just our priority. It's our foundation. Here's exactly how we protect your data.

Effective Date: January 1, 2025

Who we are: Tangle is operated by Tangle, LLC, a Missouri limited liability company.

๐Ÿ”’Our Privacy Promise

We cannot read your chat content. End-to-end encryption is used for eligible sessions so only participants hold the keys.

๐Ÿ›ก๏ธIntroduction

Tangle, LLC is the data controller for the Tangle app and website. You can contact us at [email protected] or by mail at our business address.

Tangle is a private communication app that prioritizes your privacy through end-to-end encryption. This policy explains how we collect, use, and protect your information.

๐Ÿ“‹Information We Collect

Personal Information

  • User Tag: Your unique identifier within the app (limited to 2 changes per account)
  • Display Name: Full name for your profile
  • Contact List: Tags and names of users you've added as contacts (private, not shared)
  • Privacy Settings: Your call privacy preferences (anyone/contacts-only/nobody)
  • Burner Profile: Optional temporary tag and name for privacy (orange UI indicator when active)
  • Authentication: Google Sign-In, Apple Sign-In, or Firebase Email Auth

Communication Data (End-to-End Encrypted)

  • Messages: All chat content encrypted per-session and removed when chat ends
  • Media Files: Images and files shared in chats, encrypted with session key
  • Presence Data: Who's actively in the chat (30-second timeout rules)

Technical Data

  • Device Tokens: Push notification tokens for call-style invitation alerts
  • Device Permissions: Camera, photo library, notifications (with your consent)
  • Call History Records: Participants and timestamps to provide session history
  • Scheduled Chat Records: Participants and timing for one-time and recurring scheduled chats
  • App settings, crash logs, and basic diagnostic data necessary to operate the Service

โšกHow We Use Your Information

  • Communication: Enable live text sessions with call-style invitations
  • Contact Management: User lookup by unique tags and contact privacy controls
  • Notifications: Send chat invitations and scheduled chat reminders at exact times
  • Presence Tracking: Show who's actively in chat with 30-second timeout rules
  • Security: Maintain per-session encrypted communication channels
  • Consent Management: Unanimous approval system for adding participants or pausing chats

๐Ÿ”—Third-Party Services

We use Google Firebase services with strong security rules:

  • Authentication: Google Sign-In, Apple Sign-In, and Firebase Email Auth
  • Database: RTDB for encrypted message storage, Firestore for call documents and user info
  • Storage: Firebase Storage for encrypted media files with session keys
  • Messaging: Push notifications via Firebase Cloud Messaging for call-style invitations
  • Functions: Server-side chat scheduling, user lookup, and session management
  • Security Rules: Strict Firebase rules ensure only participants can access call documents

๐Ÿ”Data Security

  • Per-Session Encryption: Each call generates its own shared key for AES-256-GCM encryption
  • Access Control: Firebase rules ensure only invited participants can get session keys
  • Content Deletion: Messages and media removed from servers when sessions end
  • Security Caveat: No security method is perfect. We continuously improve our protections, but we cannot guarantee absolute security.

โš–๏ธYour Privacy Rights

  • Contact Control: Add, remove, and block users (blocks apply to account ID, not tags)
  • Privacy Settings: Control who can invite you to chat (anyone/contacts-only/nobody)
  • Burner Management: Create, change, or delete burner tags anytime
  • Session Control: Hang up to end chats and remove content access for everyone
  • Account Deletion: Delete your account through the profile page

California residents: You have rights to know, delete, correct, and opt out of certain sharing under the CCPA. We do not sell or share personal information for targeted advertising. You can exercise your rights by contacting us at [email protected].

EEA/UK residents: You have rights under GDPR including access, deletion, correction, portability, and objection. Our lawful bases include performance of a contract, legitimate interests, and your consent where required. You may lodge a complaint with your local supervisory authority.

๐Ÿ—‘๏ธData Retention

  • Session Data: Messages encrypted and stored during active sessions only
  • Automatic Deletion: When a session ends, we delete chat content from our servers. Participants can still copy or capture content on their devices.
  • History Records: Only lightweight records that chats occurred (no content)
  • Account Deletion: All data removed when account is deleted
  • User Control: Local history records can be cleared by users

๐ŸŒInternational Data Transfers

We are based in the United States. If you use the Service from outside the U.S., your information may be transferred to and processed in the U.S. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

๐Ÿ‘ฎRequests from Law Enforcement

We may receive legal requests for user information. Our policy is to require valid legal process and to notify affected users when legally permitted. Because chat content is end-to-end encrypted, we cannot decrypt or disclose it.

๐Ÿ‘ถChildren's Privacy

Tangle is not intended for children under 13. We don't knowingly collect information from children under 13.

๐Ÿ“งContact Us

For privacy questions: [email protected]

To report abuse or safety concerns: [email protected]

๐Ÿ”„Updates

We'll notify you of privacy policy changes through the app.