TruCrypt ← Back to site

Privacy Policy

Black Line Technology Inc. (Delaware)  ·  Effective: June 22, 2026  ·  Last updated: June 22, 2026

Black Line Technology Inc. ("TruCrypt", "we", "us") operates the TruCrypt iOS application (the "App"). This policy explains what we collect, how we use it, who we share it with, and your choices. Contact: privacy@gettrucrypt.com.

The defining fact of TruCrypt is that your message content is end-to-end encrypted: it is encrypted on your device and we hold no key to decrypt it. We cannot read your messages. Much of this policy follows from that.

1. The short version

Message contentEnd-to-end encrypted. We store ciphertext only and cannot decrypt it.
Your private keysGenerated and stored on your device; never sent to us (except a backup you create, encrypted with a password only you know).
Vault filesEncrypted and stored only on your device. Never uploaded to us.
What we hold on our serversAccount data (email, username) and message metadata (sender/recipient IDs, timestamps, conversation/Room membership), push token, subscription tier.
Analytics / trackingNo tracking SDKs in the app. Our website uses cookieless analytics only (see Section 6).
Payment cardsWe never see them. Subscriptions are processed by Apple.
Selling dataWe do not sell your personal data.

2. Information we collect

  • Account: your email address and a password (handled by our auth provider and stored only as a salted hash — we never see it in plaintext).
  • Profile: a username and any details you add.
  • Message & file content: the messages you send (1:1 and group "Rooms") and voice messages — all end-to-end encrypted (see Section 4).
  • Metadata (visible to us, not encrypted): sender/recipient user IDs, conversation and Room IDs and membership, message timestamps and delivery state, your device push token, and your subscription tier.
  • Security log: security-relevant events on your own account (sign-in, key-backup created/restored, account deletion). We do not store your IP address — only a one-way SHA-256 hash of it with a per-user secret, so it cannot be reversed or correlated across users. Auto-deleted after 90 days. Viewable in Settings → Security History.
  • Website: if you submit your email through a form on gettrucrypt.com (e.g. newsletter/contact), we use it to respond to you. Our website also uses privacy-focused, cookieless analytics (see Section 6).

3. Device permissions (only with your consent)

PermissionWhyLeaves your device?
MicrophoneRecord voice messages.Audio is encrypted on-device before sending; we store ciphertext only.
CameraScan a QR code to import an encryption key.No — processed on-device.
ContactsFind which contacts already use TruCrypt.Yes — see below.
Face ID / Touch IDUnlock the App / verify identity locally.No — handled by iOS; never shared with us.

Contacts matching. If you grant Contacts access, the App reads your contacts' email addresses and sends them to our server to check which belong to existing TruCrypt users. This is optional — you can decline and add people manually, and revoke access anytime in iOS Settings. We use these email addresses only to return matches at the time of lookup; we do not store the contacts you don't match.

4. How encryption works and what we can access

  • Each user has an RSA-3072 key pair, generated on the device at signup. The private key never leaves your device in usable form.
  • Every message uses a fresh AES-256 key, wrapped for each recipient with their public key (AES-256-GCM + RSA-OAEP-SHA256).
  • On our servers, message content is stored as ciphertext. There is no master key and no key escrow — we cannot decrypt your messages, and neither can our hosting provider.
  • Lock-screen notifications are decrypted locally on your device; push providers only carry encrypted content.
  • Key backup (optional): you can export an encrypted backup of your private key (AES-GCM + PBKDF2-SHA256, 100,000 iterations) under a password you choose, saved where you pick. We never receive your backup file or password.
  • On-device plaintext: so the App feels instant, your device keeps a local, file-protected decrypted copy of your messages and your Vault files. "End-to-end encrypted" means we can't read your content — not that there is no plaintext on your own device. This is wiped on logout or account deletion.

5. How we use information

To create and secure your account, deliver messages and notifications, provide subscription features, detect and respond to security events and abuse, provide support, and comply with law. We do not use your information for advertising or profiling, and we do not sell it. We do not use end-to-end encrypted content for advertising or to train models.

6. Analytics & cookies

The TruCrypt app contains no analytics or usage telemetry, no advertising identifiers, no location data, no payment card details, and no identity/KYC documents, and uses no third-party tracking SDKs (no Sentry, Crashlytics, Firebase, Mixpanel, PostHog, Datadog, or Segment).

Our website (gettrucrypt.com) uses Cloudflare Web Analytics — a privacy-focused, cookieless tool that measures aggregate traffic and performance without using cookies, fingerprinting, or tracking you across sites. We do not use advertising or cross-site tracking cookies.

7. Who we share information with

We do not sell your data. We share the minimum necessary with providers who process it on our behalf:

ProviderPurposeWhat they can access
Supabase (hosting, database, auth; on AWS, US)Stores account data, message ciphertext, metadata; handles auth.Ciphertext + metadata. Not message content.
OneSignalPush notification routing.Routing metadata + an encrypted payload blob.
AppleAPNs delivery; App Store / StoreKit subscriptions.Notification transport; subscription/payment (Apple handles all card data — we never receive it).

We may disclose information if required by valid legal process or to protect rights and safety. Because content is end-to-end encrypted, a legal request to us can only yield ciphertext and metadata — never message content.

8. Where your data is processed

Account data and metadata are processed and stored in the United States (AWS, us-west-2). If you are outside the US, your information is transferred to and processed in the US. Where required, EEA/UK transfers rely on the Standard Contractual Clauses in place with our subprocessors.

9. How long we keep information

  • Account data and message metadata: while your account is active.
  • Message ciphertext: to deliver and sync; delivery-tracking rows are pruned once acknowledged.
  • Security log: auto-deleted after 90 days.
  • On account deletion: server-side rows are removed and on-device data is wiped. Provider backups may persist briefly before expiring.

10. Your rights and choices

  • Delete your account in the App: Settings → Delete Account — removes server-side data and wipes local data.
  • Access / export: we can provide the plaintext metadata we hold. Your message content is readable only on your device (you hold the keys).
  • Correction: update your profile in the App.
  • Withdraw permissions anytime in iOS Settings.
  • EEA/UK/California: you may have rights to access, correct, delete, restrict, object, and port your data, and to complain to your data protection authority. California residents have CCPA/CPRA rights; we do not sell or share personal information as defined there. Contact privacy@gettrucrypt.com.

11. Security

We protect your information through the architecture itself: end-to-end encryption of content, on-device key storage, TLS in transit, encryption at rest for our database, row-level access controls scoping data to your account, and a minimal subprocessor footprint. Even a compromise of our servers exposes ciphertext and metadata — not your message content.

12. Children

The Services are not intended for persons under 18, and we do not knowingly collect personal information from children under 13 (COPPA). If you believe a child has provided us data, contact us and we will delete it.

13. Changes

We may update this policy and will post the new version here with a revised date. Material changes will be communicated in the App or by other reasonable means.

14. Governing law & contact

This policy is governed by the laws of the State of Delaware, USA. Questions or requests: privacy@gettrucrypt.com — Black Line Technology Inc., 100 Wilshire Blvd, Ste 700, Santa Monica, CA 90401, USA.

TruCrypt
Privacy Policy Terms iOS App
© 2026 Black Line Technology Inc.