Privacy Policy

What we collect

ONYX stores only what is strictly necessary to operate the service:

• Username
• Password (hashed — we never store or see the original)
• Session tokens (used to keep you signed in)

We do not collect your IP address, phone number, email, or any personal identifiers beyond your chosen username.

Messages

Direct messages between two users are end-to-end encrypted. We cannot read them, and neither can anyone else — not by design, not by court order, not by any other means. Group chats and channels — whether hosted by ONYX or on a self-hosted server — do not use end-to-end encryption. Messages in those spaces are readable by the server operator. In direct messages, text is deleted from our servers 30 seconds after delivery to the recipient. Media files are stored until you choose to delete them.

Your data, your control

You can permanently delete your account and all associated data at any time directly from within the app. No email required. No waiting period. Gone immediately.

Third parties

We do not sell, share, or transfer your data to any third party. We do not use advertising networks or tracking services of any kind.

Self-hosted servers

If you or someone else runs a self-hosted ONYX server, the privacy practices of that server are the responsibility of its operator, not WARDCORE.

Contact

Questions about privacy? Write to us: wardcorebusiness@proton.me