privacy policy

Last updated: May 12, 2026

This Privacy Policy explains what information komachat collects, how we use it, and what choices you have. We tried to write it like a human, not a lawyer.

If you have questions, email [email protected].

tl;dr

Your messages are end-to-end encrypted. They're encrypted on your device before they're sent; our servers only ever store the encrypted version and we cannot read them. (One exception: if you choose a profile photo, that image is uploaded and is publicly viewable — see §2.5.)
We collect the minimum a messaging app needs: your handle, display name, character pick, optional bio, optional profile photo, your (encrypted) messages, who you message, who you've saved as contacts, and a push token so we can notify you.
We don't sell your data. We don't run ads. We don't use third-party analytics. We don't share with anyone beyond what's necessary to run the service (Apple for push delivery and sign-in; Supabase for our database).
You can delete your account at any time — from inside the app, or by emailing us. Either way your data is removed within 30 days.

1. Who we are

komachat is a manga-styled messaging app made by Austin Self ("we," "us"). The service is operated from the United States. By using komachat you agree to this Privacy Policy.

2. What we collect

2.1 Account information

When you sign in with Apple, Apple sends us a stable opaque identifier and — only if you choose to share them — your name and email. We store:

The Apple opaque identifier (this is your account ID)
The email you shared, if any — used only to send you account-related messages (we currently send none) and to reach you about a support request. If you used Apple's "Hide My Email," that's the private relay address.
We do not retain the name Apple may pass us — you set your own display name during onboarding (below).

You then create:

Handle (e.g. @yourname) — publicly visible to other users
Display name — publicly visible to your contacts and group members
Character — your manga avatar, publicly visible
Profile photo — optional. If you pick one instead of a character, the image you choose is uploaded to our storage and is publicly accessible by its URL (see §2.5). The same applies to a group photo you set on a group chat.
Bio — optional, max 140 characters, publicly visible

2.2 Messages (end-to-end encrypted)

Messages in komachat are end-to-end encrypted. Before a message leaves your device, it's encrypted on-device for each recipient (using HPKE / AES-GCM via Apple's CryptoKit). Our servers store and relay only the encrypted blob — we cannot read your messages, and neither can anyone who gets hold of our database. The encryption keypair for each device:

The private key is generated on your device and stored in the iOS Keychain. It never leaves your device, and we never see it. If you have iCloud Keychain enabled, iOS may sync it to your other Apple devices through Apple's own end-to-end-encrypted iCloud Keychain — that's between you and Apple; it doesn't pass through us.
The public key is uploaded to our servers so other people's devices can encrypt messages to you. A public key isn't secret and can't decrypt anything.

So that the service can function, we do store the following alongside the encrypted message content: which conversations exist and who's a member of each; reply/edit/delete metadata and reactions; the message's mood-style tags (the "expression" and "panel style" used to draw the manga panel); and per-recipient delivery and read-receipt timestamps.

We also store, tied to your account: your contacts list and any nicknames you've set; which users you've blocked; whether you've pinned, muted, or archived each conversation; and when you last opened the app (for the "online" / "last seen" indicator).

The one way a message's plaintext can reach us: if a recipient reports your message for abuse. Their device — which can already read the message — sends us its decrypted copy of that message so we can review it. See §2.6. (This is the same trade-off as any conversation: anyone you message can repeat or screenshot what you said.)

Fallback: if a participant's device hasn't published a public key yet (for example, a very old app version), messages in that conversation are sent without end-to-end encryption — still over an encrypted connection (TLS), but stored in plaintext on our servers. The app's normal state is fully end-to-end encrypted.

2.3 Device information

To deliver push notifications, we store:

A device push token from Apple (a long string unique to your app installation on your device)
The device type ("ios")

When you receive a notification, the notification payload we hand to Apple's push service carries the encrypted message — your device decrypts it locally (in a notification extension) to show you the preview, so Apple's servers never see the plaintext either. (For the rare non-encrypted fallback described in §2.2, the preview text would be in the payload.)

We don't collect your geolocation, device model, advertising identifier, or any tracking identifiers. Like any internet service, our infrastructure providers necessarily see your device's IP address to route requests, but we don't store IP addresses in the app or use them to identify or profile you.

2.4 What we do NOT collect

We don't access your device's contacts/address book, microphone, camera, or location.
We don't read your photo library. The only image we ever receive is one you explicitly pick as a profile or group photo — and only that image (see §2.5). The app uses the system photo picker, which doesn't give us access to anything else.
We don't use third-party analytics (no Google Analytics, no Mixpanel, no PostHog, no anything — there are no analytics SDKs in the app).
We don't place advertising trackers, and we don't track you across other apps or websites.
We don't require or accept payment information at this time.

2.5 Profile and group photos

If you choose your own photo as your avatar (instead of one of our characters), or set a photo on a group chat, that image is uploaded to our storage and stored as-is — we don't filter or alter it. Like your character avatar and your handle, a profile/group photo is publicly accessible by its URL — it's shown to people you message and group members, and anyone who has the link can view it. Don't use a photo you wouldn't be comfortable being visible. You can change or remove it any time, which replaces the stored image.

2.6 Abuse reports

If you report another user or a specific message for abuse, we store: who you are, who you reported, the conversation involved (if any), the reason you picked, and — when you report a specific message — your device's decrypted copy of that one message. We need that copy because the messages themselves are end-to-end encrypted and our servers can't read them; the reporting device, which can read the message, sends along what it saw. We use reports only to review and act on abuse, and we keep them while the matter is open and for a reasonable period afterward for safety and recordkeeping (see §5). If you're the person reported, we may review the message that was reported; we don't otherwise look at your conversations.

3. How we use what we collect

We use the information we collect to:

Sign you in and recognize you across sessions.
Relay messages (in their encrypted form) between you and the people you choose to chat with.
Show your profile (handle, display name, character or photo, bio) to people you message.
Send push notifications when someone messages you (unless you've muted that chat or turned notifications off). The notification's content stays encrypted in transit and is decrypted on your device.
Display "online" / "last seen" indicators to your DM partners.
Review and act on abuse reports, keep the service safe, and enforce our Terms of Service.
Respond to your support requests.

We do not use your information to train AI models, build advertising profiles, or sell to third parties.

4. Who we share with

Your data lives with us (on the infrastructure below); we don't sell or hand it to anyone else. Two providers are involved in running the service:

Apple — for Sign in with Apple (your account is created from an Apple ID) and for push delivery. When we send you a notification, Apple's push service relays it; for end-to-end-encrypted conversations the payload it relays is encrypted, so Apple's servers don't see your message content. (Separately, if you have iCloud Keychain on, iOS syncs your komachat encryption key between your own Apple devices through Apple's end-to-end-encrypted iCloud Keychain — that's your iCloud, not something we share into.)
Supabase Inc. — our database and backend infrastructure provider. Supabase hosts the Postgres database, storage buckets, and edge functions that run komachat. They process data on our behalf under their terms and don't use it for their own purposes. Supabase's privacy practices: https://supabase.com/privacy.

We don't share with anyone else. We don't have a "partner network" or data brokers. We'd only disclose data to law enforcement or other authorities if legally compelled, and we'd tell you where we're permitted to.

5. How long we keep it

Active account data: while your account is active.
Deleted messages: removed from our database immediately when you delete them ("delete for everyone" replaces the content with a tombstone).
Account deletion: when you delete your account — from inside the app or by emailing us — your data is removed within 30 days. Some operational backups may retain a copy for up to 90 days before being expired.
Abuse reports: kept while the matter is open and for up to 12 months after it's resolved, for safety and recordkeeping. If a report led to action on an account, a minimal record of that may be kept longer.
Server logs: we retain minimal operational logs for up to 30 days for debugging and abuse prevention. Logs don't include message content.

6. Your rights

Regardless of where you live, you can:

Delete your account and all associated data — you can do this yourself from inside the app (in the You tab), or email us and we'll do it for you
Request a copy of all data we hold about you
Request that we correct anything inaccurate
Ask any question about how your data is handled

Email [email protected] with your handle to make any of these requests (account deletion you can also just do in-app). We respond within 30 days.

If you're in the EU/UK, you have rights under GDPR. If you're in California, you have rights under CCPA. All of these are honored by emailing the above address. We don't sell personal information and never have.

7. Children

komachat is not intended for users under 13. Apple Sign In already enforces a minimum age, but if we become aware that a user under 13 has signed up, we will terminate the account and delete its data.

If you are between 13 and 18, please review this policy with a parent or guardian.

8. Security

We use industry-standard practices to protect your data:

Message content is end-to-end encrypted and stored on our servers only as ciphertext — we can't read it (see §2.2)
All traffic between your device and our servers is encrypted via TLS
Database access is restricted via row-level security, so accounts can only read their own conversations and data
Push notification keys and database credentials are kept in encrypted secret management
We don't store passwords — Sign in with Apple handles authentication

That said, no security is perfect. If we ever experience a breach affecting your data, we'll notify you within 72 hours via the email Apple provides (if any) and in-app.

9. International transfers

komachat servers are located in the United States. By using komachat, you understand that your data is processed in the US. If you're outside the US, this means your data crosses an international border.

10. Changes to this policy

We may update this policy occasionally — for example, when we add new features or change service providers. If we make material changes, we'll notify you in-app before the change takes effect. The "Last updated" date at the top will always reflect the most recent version.

11. Contact

Questions, complaints, deletion requests: [email protected]

Mailing address available on request.