← Back to Home

Privacy Policy

Last updated: April 2026

1. Data Controller

AI&Workflow Solutions UG (haftungsbeschränkt)
[Address to be added — Virtual Office]
Email: [email protected]

2. Core Principle: Data Minimization by Design

PHANTOM is engineered from the ground up following the principle of data minimization (Privacy by Design) as defined in Art. 25 GDPR. Our technical goal is to collect as little personal data as possible — ideally none at all.

Technical implementation:

No phone number, no email address, no name required for registration
Identification exclusively via a cryptographically generated anonymous ID
All messages are end-to-end encrypted using post-quantum cryptography (ML-KEM-768 + X25519 via PQXDH)
The server cannot read or decrypt message contents
Sealed Sender Protocol: Even the server cannot see who sent a message

3. Data We Process

3.1 Data We Do NOT Collect

No names, phone numbers, or email addresses
No IP addresses (connections are routed through rotating proxies/Tor)
No location data
No contact books or address lists
No usage profiles, no tracking, no analytics
No advertising identifiers
No message contents (end-to-end encrypted)
No metadata about communication partners (Sealed Sender)

3.2 Temporarily Processed Data

The following data is stored temporarily on our server and automatically deleted:

Encrypted message envelopes: Opaque, encrypted data packets intended for the recipient. The server cannot read their contents. Automatic deletion after 72 hours or upon delivery (whichever comes first).
Prekey bundles: Public cryptographic keys needed for key exchange. They contain no personal data and are regularly rotated.
Encrypted file chunks: End-to-end encrypted file fragments. Automatic deletion after 24 hours.

3.3 Blockchain Data (Key Transparency)

To ensure key integrity, the root hash of a Sparse Merkle Tree is periodically published on the Base L2 blockchain. This is a 32-byte hash value that allows no inference about individual users or their communication. Blockchain data is inherently public and immutable.

4. Encryption Technology

Algorithms in use:

ML-KEM-768 + X25519 — Hybrid post-quantum key exchange (PQXDH)
ChaCha20-Poly1305 — Symmetric authenticated encryption
Ed25519 — Digital signatures
HKDF-SHA512 — Key derivation
Argon2id — Passphrase hardening (64 MiB, 3 iterations)
Double Ratchet — Perfect Forward Secrecy (new key per message)
Noise_IK — Transport encryption (client-server)
MLS (RFC 9420) — Encrypted group messaging

5. Local Data Storage

All data on your device is stored in an encrypted SQLite database. The key is derived from your passphrase via Argon2id. Without your passphrase, the data is mathematically impossible to decrypt.

No cloud synchronization takes place. Your data only leaves your device in encrypted form for the purpose of message delivery.

6. Self-Destruct Features

Disappearing messages: Timer from 30 seconds to 7 days, irrecoverably deleted after expiry
Dead Man's Switch: Automatic deletion of all data if the app is not opened within a configurable period
Blockchain Kill Switch: Remote deletion of all data via a cryptographically secured kill command stored on the Base L2 blockchain
Account deletion: Complete deletion of all local and server-side data at the tap of a button

7. Server Location

Our servers are located in Iceland (operated by FlokiNET ehf.), a country with one of the strongest data protection laws in the world and constitutionally protected communication secrecy. Iceland is within the European Economic Area (EEA) and subject to the GDPR.

8. Payment Data

8.1 Apple In-App Purchase

When you subscribe through the Apple App Store, payment is processed exclusively by Apple Inc. We receive no credit card data, bank details, or other payment information from Apple. We only receive an anonymized transaction confirmation.

8.2 Cryptocurrency Payments

When paying with Bitcoin (Lightning Network) or USDC (Base L2), no personal data is collected. Payment is processed via a blinded identifier that is cryptographically unlinkable to your PHANTOM identity.

9. Your Rights Under GDPR

Right of access (Art. 15 GDPR): Since we do not collect personal data, we cannot provide information about stored data there simply is none.
Right to erasure (Art. 17 GDPR): You can permanently and irrevocably delete your account and all associated data at any time via the app settings.
Right to data portability (Art. 20 GDPR): Due to end-to-end encryption and anonymous design, no attribution to a natural person is possible.
Right to complain: You have the right to lodge a complaint with a data protection supervisory authority.

10. Open Source and Verifiability

The entire source code of PHANTOM is publicly available. Every claim in this privacy policy can be verified by inspecting the source code. We believe that transparency is the best foundation for trust.

11. No Disclosure to Third Parties

We do not share any data with third parties. Because our technical architecture gives us no access to message contents or metadata, we cannot disclose such information neither to law enforcement nor to any other third party.

12. Children

PHANTOM is not intended for children under 16 years of age. We do not knowingly collect data from persons under 16.

13. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in law or technology. The current version is always available on this page.

14. Contact

For privacy-related inquiries:
AI&Workflow Solutions UG (haftungsbeschränkt)
Email: [email protected]