Tinq — Privacy Policy

Effective Date: April 30, 2025
Jurisdiction: United Kingdom

1. Introduction

Tinq Chat (“Tinq”, “we”, “our”, or “us”) is committed to protecting your privacy and securing your personal data. This Privacy Policy describes what information we collect, how we use it, how we store it, and your rights regarding your data. By using Tinq, you agree to the practices outlined here and in our Terms of Service.

2. End-to-End Encryption

Tinq uses true end-to-end encryption (E2EE). Your messages and private files are encrypted on your device and can only be decrypted by your intended recipient. We cannot view, intercept, or decrypt your messages — even under legal demand. Your privacy is mathematically enforced by cryptography.

3. Data We Collect

To operate the platform securely and efficiently, we collect the following data:

• Username (stored encrypted)
• Hashed password and master password (PBKDF2/Bcrypt, never stored in plain text)
• Public encryption key
• Encrypted private key
• Salt used for encryption key derivation
• Registration IP and timestamp
• Last login IP and timestamp
• Ban status, reason, and expiration (if applicable)
• Login history (IP, timestamps, device/browser info)
• Friend list (usernames only)
• Friend requests sent/received
• Account preferences (message notifications, read receipts, online status, typing indicators, push notifications, etc.)
• Invite code used during registration
• Premium status (if applicable)
• Session history (session IDs, device/browser info, last activity, IP, OS)

We do not collect: message content, behavioral analytics, device fingerprinting, browsing history, location data, or third-party advertising data.

4. How We Use Your Data

• To create and manage your account
• To maintain platform security and prevent abuse
• To enable secure communication between users
• To manage friend requests and chat sessions
• To provide optional features such as 2FA, backup email, and premium tools
• To comply with UK legal obligations

5. Data Retention

Account-related data is stored until the user deletes their account or requests removal. Self-destructing messages are purged automatically after delivery or within 24 hours if undelivered. Upon account deletion, all personal data is erased within 30 days, unless legal retention requirements apply.

6. Security Measures

• All traffic is encrypted with TLS 1.3
• Passwords are hashed using Bcrypt or PBKDF2-SHA256
• Private keys are encrypted client-side before optional backup
• Strict access controls, logging, and server audits are enforced

While we follow best practices, no system is entirely immune to breaches. Users are responsible for securing their own devices and credentials.

7. Data Sharing and Legal Compliance

We do not sell or share your data with advertisers or third parties. If compelled by lawful court order, we may provide non-content metadata (e.g., IP addresses, registration timestamps, ban info). Message content cannot be disclosed as it is encrypted beyond our access.

8. Your Rights

Under the UK GDPR, you have the right to:

• Access your stored data
• Request correction or deletion of your data
• Withdraw consent at any time (where applicable)
• Lodge a complaint with the UK Information Commissioner’s Office (ICO)

9. Contact Us

For privacy-related concerns, questions, or requests, please email us at privacy@tinqapp.co.uk