Effective Date: February 18, 2026
At Secria, your privacy is our highest priority. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Secria application ("App"), including our web app, iOS app, and Android app. For the secria.me website privacy policy, please refer to our Website Privacy Policy.
We collect minimal information necessary to provide our services effectively and securely. This may include:
What We Collect:
Why We Collect It:
This data is never sold.
What We Collect:
We collect only the data you provide when logging in. This includes your account name, selected subscription plan, login timestamps, and message transmission times.
Why We Collect It:
To operate the service, maintain account functionality, and troubleshoot any issues that may arise.
Privacy Note:
By default, we do not keep permanent IP logs associated with your account. Temporary server logs may exist for abuse prevention and security purposes but are not linked to your account and are not retained long-term. We do not collect device fingerprints or background telemetry. No data is sold, tracked, or shared for marketing. All collected usage data is minimal and limited strictly to what's needed for core functionality.
Permissions (Mobile):
On iOS and Android, the Secria App may request the following device permissions:
Permissions (Web):
The Secria web app runs in your browser and does not request any special device permissions beyond standard network access. No browser extensions or plugins are required.
Local Storage:
Your encryption keys and decrypted message content are stored locally on your device (or in your browser's local storage for the web app) and are never transmitted to our servers in unencrypted form. On mobile, uninstalling the App removes locally stored data. On web, clearing your browser data will remove locally stored keys.
Third-Party SDKs:
Secria does not include any third-party analytics, advertising, or tracking SDKs on any platform. We do not use Firebase Analytics, Google Analytics, Facebook SDK, or any similar tools.
What We Collect:
Secria does not collect or access the content of your messages. All message content is secured using end-to-end and zero-knowledge encryption, making it technically inaccessible to us at any point—whether in storage or transit.
If You Share Logs:
In rare cases where you explicitly provide debug logs for support, those may include limited metadata or diagnostic data but never message content. This is entirely voluntary and used solely to resolve technical issues.
Why We Collect Diagnostic Data (When Shared):
Only to operate and troubleshoot the service effectively, in situations where you've chosen to involve us. We do not and cannot access message content, even under legal request.
Encryption:
We use end-to-end encryption and a zero-knowledge architecture to ensure your communications remain private, secure, and unreadable to anyone but you and your verified contacts.
What We Collect:
If you subscribe to premium services, payments are processed by one of the following third-party providers depending on your platform:
Why We Collect It:
Note: Secria does not store your payment card details, billing address, or any financial information. All payment processing is handled entirely by Apple, Google, or Stripe.
We use your information to:
Legal Compliance & Security:
We may share your data with trusted third-party vendors (e.g., payment processors, cloud hosting) solely to help us operate our platform.
These vendors are contractually required to implement adequate safeguards and only process your data in accordance with our instructions.
We may disclose your data if required to comply with applicable laws, respond to a court order, or other legal process, or to protect our rights and property.
If we receive a law enforcement request for user data, we only disclose the minimal information necessary to comply, in keeping with our legal obligations.
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. You will receive notice of any significant changes in ownership or data practices.
We do not sell your personal information to third parties.
We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or to comply with legal obligations.
For inactive accounts (e.g., no login activity for 2+ years), your data may be deleted in accordance with our data retention and backup policies.
In certain regulated contexts (e.g., financial or legal requirements), we may keep relevant records longer, but only to meet those specific obligations.
We implement rigorous security measures to protect your information, including:
User Responsibility: While we strive for the highest level of security, no system is foolproof. We urge you to protect your account credentials and private keys and to use caution when sharing information online.
Depending on your location, you have specific rights regarding your personal information under applicable privacy laws.
Under the General Data Protection Regulation, you have the right to:
Our legal basis for processing is legitimate interest (operating the service) and, where applicable, your consent.
Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:
To exercise any of these rights, please contact us at hq@secria.me. We will respond to all valid requests within 30 days. You will not be charged a fee for exercising your rights.
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete that information.
Secria uses local storage and session tokens to maintain your authenticated session and store your encryption keys securely in your browser. We do not use third-party cookies, tracking pixels, or advertising cookies.
We use internal, self-hosted tools to monitor service health and aggregate usage metrics (e.g., total storage used, email volume). These metrics are anonymized and are never shared with third parties. We do not use Google Analytics, Mixpanel, or any external analytics platform.
You can configure your browser to refuse cookies or clear local storage at any time. However, doing so will require you to log in again and may require re-importing your encryption keys.
Secria operates globally. Your data may be transferred to and processed in countries outside your own, which may have different data protection laws.
We ensure that appropriate safeguards (e.g., standard contractual clauses, encryption) are in place to protect your information during such transfers.
We reserve the right to update or modify this Privacy Policy at any time.
Notice of Material Changes: If we make significant updates, we will notify you via in-platform alerts, email, or other prominent means.
The Effective Date at the top of this Policy indicates the most recent revision date.
If you have questions or concerns about this Privacy Policy or our data practices, please reach out to us at:
By using Secria's services, you acknowledge that you have read and understood this Privacy Policy. Thank you for trusting Secria as your secure communication platform.