Privacy Policy — YoMatrix Messenger
Effective date: 28 May 2026 · This policy covers the YoMatrix Messenger feature, currently distributed as part of Matrix Vault for iOS. A standalone YoMatrix app is planned; this policy will be re-issued for that app at launch.
YoMatrix Messenger is end-to-end encrypted. The server routes ciphertext between you and your contacts; we cannot read your messages, calls, stories, reactions, or attachments. This policy describes the metadata we necessarily process and the much larger set of data we do not collect.
1. Who we are
YoMatrix is a product of NAB, the developer of Matrix Vault. Until a standalone YoMatrix app ships, the messenger is delivered inside the Matrix Vault iOS app. Our servers are operated on dedicated hardware in Germany.
2. The very short version
- End-to-end encryption: Curve25519 ECDH, HKDF-SHA-256, AES-256-GCM, with per-message ephemeral keys for forward secrecy.
- No phone number. No email. No contact-book upload.
- No analytics, no telemetry, no third-party SDKs, no advertising identifiers.
- Metadata we process: your handle, your public keys, encrypted message envelopes en route, your APNs push token.
3. Account model
YoMatrix accounts are not based on a phone number or email. You pick a globally-unique handle (a @username, 3–20 characters) at first launch. Your device generates a Curve25519 identity keypair and an Ed25519 signing keypair. Only the public halves are uploaded to the server. The private halves never leave your device.
4. What we process to route messages
- Your handle and public keys — so that other users can encrypt messages to you and verify your signed prekeys.
- Prekey bundles — a signed prekey (rotated weekly) and a pool of one-time prekeys, enabling X3DH-style asynchronous key agreement.
- Encrypted message envelopes — opaque ciphertext addressed to a recipient handle. Stored briefly when the recipient is offline (default 30-day retention), deleted after delivery or expiry.
- Connection state — whether you have an active connection, so the server can route in real time vs queue.
- Read anchors — opaque per-conversation pointers so already-delivered messages are not redelivered.
5. What we cannot see
- Plaintext messages, attachments, voice notes, or media of any kind.
- Stories, story metadata, story viewers (story metadata is encrypted client-side along with content; the server stores opaque labels only).
- Plaintext group membership (groups route as pairwise encrypted messages; the server never learns who is in a group as a set).
- Reactions, poll votes, message edits and retractions, typing indicators in any decodable form.
- Your contact list (we do not have one).
- Call media (WebRTC peer-to-peer where possible; TURN-relayed when needed, in encrypted form only).
6. Voice and video calls
WebRTC peer-to-peer when network conditions allow. When peer-to-peer is not possible, our TURN server relays encrypted media packets without ability to decrypt. Call signaling (offer / answer / ICE candidates) is conveyed inside the standard end-to-end-encrypted message channel.
7. Bots
Official bots (reminders, weather, translation, dictionary, currency, etc.) are themselves peers in the encrypted messaging system. Anything you send to a bot is necessarily readable by that bot's operator (us), because the bot must process the request to reply. Each bot's behaviour is documented in the App's Bots screen.
8. Email Bots
If you activate an Email Bot, inbound mail at @username@matrixvault.app or @username@yomatrix.app is received by our mail server, validated against SPF / DKIM / DMARC, packaged into an end-to-end encrypted in-app message, and delivered to you. We do not retain plaintext mail; the original message is discarded after the encrypted in-app envelope is queued for delivery.
9. Push notifications
When notifications are enabled, your APNs device token (an opaque identifier issued by Apple) is registered with our server. Push payloads are encrypted envelopes; no plaintext content is included.
10. Third parties
- Apple Push Notification service (APNs). Required to deliver notifications. Apple's privacy policy.
- Apple App Store. Required for distribution.
No advertising networks, no analytics SDKs, no data brokers, no social-graph integrations.
11. Data location
Servers in Germany (Hetzner Online GmbH). All routing and offline-message storage occurs there.
12. Your rights
- Erasure. Use in-App account deletion to remove your handle, prekeys, and any queued offline ciphertext.
- Handle reservation. A released handle enters a 90-day cooldown before anyone can re-claim it, to reduce impersonation risk on contacts who still have you saved.
- Withdrawal of consent. Uninstall the App.
13. Children's privacy
YoMatrix is intended for users aged 13 and older. We do not knowingly collect data from children under 13.
14. Changes
Material changes will be surfaced inside the App and reflected by an updated Effective date on this page.
15. Contact
Privacy questions: privacy@matrixvault.app