◂ Back

▸ PRIVACY POLICY

Last updated: April 25, 2026

Summary

FadeChats is built around the principle of zero retention. We do not store message content, we do not require accounts, and we do not build profiles. Below is a detailed breakdown of what we do and do not handle.

1. Information We Do NOT Collect

  • Names, emails, phone numbers, or any account information.
  • Message content (text, images, GIFs, stickers).
  • Conversation history or chat backups.
  • Browser fingerprints or cross-site tracking identifiers.
  • Behavioral analytics or marketing profiles.

2. Information We Temporarily Process

To operate the room and signaling, we temporarily store the following:

  • Room metadata: a randomly generated room ID, participant slot count, creation and expiration timestamps. Stored in Redis with a TTL of approximately 20 minutes from last activity. Automatically destroyed when the room empties or expires.
  • Session ID: a UUID generated client-side in your browser memory (not persisted) that identifies your current tab to the room. Discarded when you close the tab.
  • Invitation tokens: a SHA-256 hash of the invite token is stored for at most 10 minutes; the plaintext token never touches our storage.
  • WebRTC signaling messages: SDP offers/answers and ICE candidates relayed between peers during connection setup. Buffered briefly, then discarded once consumed.
  • IP-based rate limiting state: short-lived counters used to prevent abuse. Aggregated by IP address with TTL under one minute.

None of this data contains message content. Once the room ends, all related metadata is deleted from our systems.

3. How Messages Travel

After the initial WebRTC handshake, messages flow directly between participants' browsers via a peer-to-peer DataChannel encrypted with DTLS. Our servers do not see, log, or relay the message content. Images are streamed in chunks over the same encrypted channel.

4. Cookies

FadeChats does not set any cookies of its own. We do not use analytics cookies, advertising cookies, or session cookies for the chat application itself.

If you initiate the optional paid upgrade for a third participant, you will be redirected to a Stripe Checkout page hosted by Stripe. Stripe sets its own cookies on its own domain, governed by Stripe's privacy policy. FadeChats does not receive or share these cookies.

5. Third-Party Services

  • Vercel: hosts the application. May log basic request metadata (IP, timestamp, path) for security and performance, governed by Vercel's own policy.
  • Upstash Redis: stores ephemeral room metadata as described in section 2.
  • Stripe: processes the optional USD 0.99 upgrade. Card details never touch our servers.
  • Klipy: provides GIF and sticker search. Search queries you type are sent to Klipy from our server proxy. We do not associate them with any identifier.
  • STUN/TURN servers: assist WebRTC NAT traversal. Connection metadata may pass through these in order to establish peer-to-peer transport.
  • Google Fonts (self-hosted): the fonts used in the UI are downloaded at build time and served from our own domain. No requests go to Google at runtime.

6. Image Privacy

Images sent through the chat are transmitted over the encrypted P2P DataChannel. They are rendered in your browser only as long as you keep them open. Once you close an image preview, the in-memory blob is revoked. Images are never uploaded to or stored by FadeChats.

Note: we cannot prevent operating system screenshots, screen recordings, or third-party browser extensions from capturing content. The Service's anti-copy protections operate at the web layer only.

7. Your Rights (GDPR, CCPA, etc.)

Because FadeChats does not collect personal data tied to a user account, there is no profile to access, correct, port, or delete. The ephemeral metadata we temporarily process is automatically destroyed within minutes and is not linked to any identifiable user.

If you have specific concerns about data processed during your use of the Service, contact us at privacy@fadechats.app.

8. Children's Privacy

The Service is intended for users 18 years of age or older. We do not knowingly collect information from children under 18. If you believe a minor has used the Service, contact us so we can take appropriate action.

9. Security

We implement reasonable technical safeguards: HTTPS-only transport, strict Content-Security-Policy headers, rate limiting, hashed invitation tokens, and a zero-retention message architecture. No system is perfectly secure; we cannot guarantee absolute confidentiality.

10. Changes to This Policy

We may update this policy periodically. The "Last updated" date above reflects the most recent revision. Continued use of the Service after changes indicates acceptance of the updated policy.

11. Contact

For privacy questions or requests, contact privacy@fadechats.app.