Privacy
Privacy Policy
Effective 19 April 2026
Lominn is a private messaging app, designed so that we never learn what you say. Your messages are encrypted on your device with the Signal Protocol before they leave it; our server routes an opaque encrypted envelope to the recipient and cannot read its contents. This policy explains what information Lominn does handle, why we handle it, and how long we keep it.
Information you give us
- Account details. When you register we store a username, an email address, and a cryptographic hash of your password (bcrypt, cost 12). We never store your password itself.
- Public keys. Your device generates Signal Protocol key bundles — identity keys, signed pre-keys, one-time pre-keys, and Kyber post-quantum pre-keys. Only the public components are uploaded. Private keys never leave your device and live in hardware-backed storage (Secure Enclave on iOS, Android Keystore on Android) where the hardware supports it.
Information handled while messages move
- Ciphertext. Messages are end-to-end encrypted. The server stores and forwards opaque encrypted payloads and cannot decrypt them. The same is true of our operators, our employees, and anyone who gains access to our infrastructure.
- Minimal routing metadata. To deliver a message we temporarily store a sender ID, a recipient ID, a message ID, and the send, delivery, and read timestamps. This is the smallest set of data needed to route a message and display delivery receipts.
- Offline queue. If the recipient is offline, their encrypted messages are queued on our server until their device reconnects, then delivered and purged.
What Lominn does not collect
We do not collect or store:
- Your IP address or connection logs beyond what is needed to keep your connection alive in the moment.
- Your contacts, address book, location, or persistent device identifiers.
- Advertising identifiers, marketing profiles, or behavioural analytics.
- The plaintext content of messages, voice notes, or attachments — ever.
Lominn contains no third-party trackers, no advertising SDKs, and no product analytics tools.
How long we keep data
| Data | Retention |
|---|---|
| Delivered and read messages (ciphertext + metadata) | Deleted 30 days after you read them |
| Undelivered messages | Held only until the recipient's device reconnects |
| Consumed one-time pre-keys | Deleted 7 days after use |
| Authentication refresh tokens | 7 days |
| Authentication audit events | 14 days; no IP addresses are recorded |
When you delete your account, we delete your profile, your uploaded public-key bundle, and any messages queued for you. Messages already delivered to other people live on their devices and can only be removed by them.
Who we share data with
We do not sell, rent, or share personal data with advertisers, marketers, data brokers, or analytics providers. We do not use your data to build profiles about you.
A small set of infrastructure providers process data on our behalf so Lominn can run:
- Alwyzon — hosts our servers, database, and message queue.
- Let's Encrypt — issues the TLS certificate that protects the connection between your device and our server.
- Our email provider — carries messages you send to our support or privacy addresses.
None of these providers has access to the content of your Lominn messages.
Law enforcement requests
Because Lominn uses end-to-end encryption, we cannot produce the content of any message, past or present, in response to a legal request — we don't have it. What we can be compelled to produce is the limited data described above, bounded by the retention windows listed. We review every request we receive for legal validity and narrow scope, and we will challenge ones that are not.
Security
- Messages use the Signal Protocol (X3DH / PQXDH + Double Ratchet) for end-to-end encryption, with post-quantum protection and perfect forward secrecy.
- Transport is TLS 1.3 between your device and our server.
- Passwords are hashed with bcrypt (cost 12) and never stored or transmitted in plaintext.
- Private keys and session tokens live in the Secure Enclave (iOS) or the Android Keystore where the hardware supports it.
No system is perfect. If you believe you have found a vulnerability, please write to security@lominn.com.
Your rights
Depending on where you live, you may have the right to access, export, correct, or delete your personal data, and to object to its processing. You can delete your account directly from the Settings screen in the Lominn app at any time. For anything else, write to privacy@lominn.com and we will respond within 30 days.
Children
Lominn is not intended for people under 16. If you believe a child has created an account, please contact us and we will remove it.
Changes to this policy
If we change this policy, we will update the effective date at the top and post the revised version on this page. Material changes will be announced in the app before they take effect.
Contact
Questions about this policy, or about the data we hold on you:
privacy@lominn.com