AIPuna Janus: privacy-driven PII service.
Explore Janus
AIpuna Logo
AIpuna
🌍Language
Back to OctoChat

OctoChat Privacy Policy

How we collect, use, and protect your data in OctoChat

February 2026

This privacy policy explains how TOBG Services Ltd. ('we', 'us', 'our') collects, uses, and protects your personal data when you use OctoChat. We are committed to protecting your privacy and ensuring transparency about our data practices.

Data Controller

The data controller for OctoChat is:

TOBG Services Ltd.
20-22 Wenlock Road, London, N1 7GU, United Kingdom
Email: [email protected]

Data We Collect

Personal Information

  • Email address and username
  • Display name
  • Phone number (optional)
  • Avatar (photo upload, emoji, or AI-generated)

Communication Data

  • Chat messages (end-to-end encrypted)
  • Media attachments: images, videos, documents, voice messages (all E2E encrypted)
  • Message translations (cached locally and server-side per message)
  • Voice message transcripts
  • Call history and metadata
  • Contact and connection relationships
  • Blocked users list

Technical Data

  • Device tokens for push notifications (FCM) and VoIP
  • Device fingerprint (SHA-256 hash for session management)
  • User preferences (AI settings, language, theme, font size, notification settings)
  • Sentry crash and error diagnostics (no personally identifiable information included)

Financial Data

  • In-app wallet balance and transaction history
  • In-app purchase records via Google Play Billing or Apple StoreKit

App Permissions (Android)

OctoChat requests the following permissions on Android devices:

  • Camera: For taking photos and video calls
  • Microphone: For voice messages and voice/video calls
  • Bluetooth: For connecting to audio devices during calls
  • Biometric: For optional app lock with fingerprint or face recognition
  • Phone State: For managing call states and interruptions
  • Storage: For saving and sharing media files
  • Notifications: For message and call alerts
  • In-App Billing: For purchasing tokens and premium features

Third-Party Services

OctoChat uses the following third-party services:

  • •Firebase - Authentication and push notifications
  • •LiveKit - Voice and video call infrastructure (WebRTC)
  • •Cloudflare Turnstile - CAPTCHA and bot protection
  • •Sentry - Crash reporting and error diagnostics (no PII)
  • •AI Providers - Translation and writing assistant services (configurable server-side)
  • •Google Play Billing / Apple StoreKit - In-app purchases and subscription management

Security Measures

We implement the following security measures to protect your data:

  • XChaCha20-Poly1305 end-to-end encryption for all messages and media
  • X25519 public key exchange for secure key negotiation
  • Certificate pinning on all API communications
  • Encrypted local database (Drift/SQLite with encryption)
  • Screen recording and screenshot protection
  • Optional biometric authentication for app access
  • Multi-device encrypted key synchronization

Data Retention

We retain your data for as long as your account is active. Encrypted messages are stored on our servers to enable multi-device sync. You can request deletion of your data or account at any time. Transaction records are retained for 7 years as required by law.

Note: Because messages are end-to-end encrypted, we cannot access or read the content of your messages even while they are stored on our servers.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

Children's Privacy

OctoChat is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes through the app or by email. The date of the last update is shown at the top of this policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Email: [email protected]

Exercise Your Data Rights

Request Data Deletion

Request Account Deletion