Sign InSign Up

Privacy Policy

Last updated: February 2026

1. What We Collect

  • Account data: Email, display name, and profile image provided during registration.
  • Messages: All direct messages and group chats are end-to-end encrypted (E2E) and stored exclusively as ciphertext. We cannot read your messages.
  • Files: Uploaded files are stored securely on our self-hosted infrastructure. File attachments under 7MB are encrypted client-side (AES-256-GCM) before upload, providing end-to-end encryption for file sharing.

2. What We Do NOT Collect

  • We do not collect your location, contacts, or browsing history.
  • We do not build behavioral profiles or track your activity for advertising.
  • We do not require a phone number, government ID, or biometric data.
  • We do not sell, rent, or share your personal data with advertisers.

3. End-to-End Encryption

Direct messages and group chats use E2E encryption. Your encryption keys are generated and stored locally in your browser (IndexedDB). The server never has access to your private keys or plaintext message content for encrypted conversations.

  • Encryption keys are derived using ECDH P-256 key agreement and HKDF.
  • Messages are encrypted with AES-256-GCM.
  • Group messages use the Sender Keys protocol with symmetric chain key derivation.
  • Key backups are encrypted with a user-chosen passphrase using PBKDF2 (600,000 iterations).

4. Children's Privacy

Dimsocial is not intended for users under the age of 13. We do not knowingly collect personal data from anyone under 13. If we become aware that a user is under 13, we will take steps to delete their account and associated data.

5. Abuse Reports

When you report an E2E encrypted message, the decrypted content is submitted along with the encrypted envelope for cryptographic verification. Report data is only accessible to administrators and is used solely for moderation purposes.

6. Data Retention

  • Account data is retained while your account is active.
  • Messages are retained indefinitely unless deleted by the sender or an administrator.
  • Abuse reports are retained for moderation review.

7. Third-Party Services

  • Self-hosted file storage: File uploads are stored on Dimsocial infrastructure.
  • Resend: Transactional email delivery.
  • GIPHY: GIF search and sharing.

8. Your Rights

You may request deletion of your account and associated data by contacting support. E2E encrypted messages cannot be recovered after account deletion if no backup exists.

9. Contact

For privacy-related inquiries, contact us at support@dimsocial.com.