Obscure's Privacy Policy

Your privacy matters. Protect yourself with a secure VPN.
Sponsored

Privacy Policy

Effective date: May 11, 2026

Obscure (“we”, “our”, or “us”) provides a secure messaging app. This Privacy Policy explains how Obscure accesses, collects, uses, stores, and shares information when you use the Obscure mobile application and related backend services.

If you have questions about this Privacy Policy or want to request deletion of your data, contact us at:

Developer: IJ Roy
Email: ijroy037@gmail.com

Information We Collect

 

Account information

When you create or use an Obscure account, we collect:

  • Username
  • Password, stored only as a hashed password on our server
  • Authentication tokens used to keep you signed in
  • Public encryption key used to deliver encrypted messages to you

 

We do not store your plain-text password.

Messages and chat data

Obscure is designed for encrypted messaging. When you send messages, our server may store:

  • Room ID or chat ID
  • Sender user ID
  • Sender alias inside a room
  • Message timestamp
  • Encrypted message content
  • Encryption metadata, such as encrypted key envelopes and initialization vectors
  • Room membership information, including member status, aliases, join requests, and optional join notes

Message content is encrypted before being sent to the server. Our server stores encrypted message payloads and does not need the plain text message content to deliver messages.

Media and attachments

If you send attachments, images, videos, audio, PDFs, or other supported files, the app may:

- Read the selected file from your device after you choose it
- Encrypt the file before upload
- Upload the encrypted file to cloud storage
- Store metadata such as file type, file key, and file URL

Received media may be downloaded, decrypted on your device, and stored temporarily in the app cache so you can view or open it.

Camera access

Obscure requests camera access only for QR code scanning. The camera is used to scan another user’s QR code so you can start a chat. We do not use the camera for advertising, analytics, background monitoring, or unrelated purposes. QR scan results may contain user identifiers or usernames needed to start a chat.

Notifications and device identifiers

To provide message notifications, Obscure uses Firebase Cloud Messaging. We may collect and store:

  • Firebase Cloud Messaging token
  • Android device ID
  • Device platform, such as Android
  • Token creation and last active timestamps

This information is used only to send push notifications and manage notification delivery.

Local device storage

Obscure stores some information locally on your device, including:

  • Username
  • Authentication token
  • Biometric lock preference
  • Local encryption keys
  • Encrypted local database passphrase
  • Cached decrypted media files used for display or opening attachments

Sensitive local values are stored using Android encrypted storage or Android Keystore where supported.

How We Use Information

We use collected information to:

  • Create and authenticate accounts
  • Provide secure messaging functionality
  • Deliver messages and media attachments
  • Manage rooms, direct messages, memberships, and join requests
  • Provide QR-based contact discovery
  • Send push notifications
  • Protect accounts and app sessions
  • Maintain, debug, and improve app reliability
  • Prevent abuse and unauthorized access

Sharing of Information

We do not sell personal information.

We may share or process information with service providers required to operate the app, including:

  • Firebase Cloud Messaging for push notifications
  • Cloud database or backend hosting providers for account, room, and encrypted message storage
  • Cloud object storage or CDN providers for encrypted media storage
  • Network and infrastructure providers used to route app traffic

These providers process data only as needed to operate the app and related services.

Encryption and Security

Obscure uses encryption to protect user data. Messages and media are encrypted before being sent to the backend. The backend stores encrypted content and related delivery metadata.

Passwords are stored as hashed passwords, not plain text. Authentication tokens and local app secrets are stored using encrypted local storage where available.

No method of transmission or storage is completely secure, but we use reasonable technical and organizational measures to protect user data.

Data Retention

We retain account information while your account remains active.

Encrypted messages, encrypted media metadata, room data, public keys, and notification tokens may be retained as long as needed to provide the messaging service, maintain chat history, support account functionality, prevent abuse, or comply with legal obligations.

Media files stored in app cache on your device may be removed by the operating system, by clearing app data, or by uninstalling the app.

Data Deletion

You may request deletion of your account and associated data by contacting us at: ijroy037@gmail.com

When we receive a deletion request, we will take reasonable steps to delete or anonymize account data associated with your account, unless we are required to retain certain information for legal, security, fraud prevention, or operational reasons.

You can also remove locally stored app data by clearing the app’s storage from Android settings or uninstalling the app.

Permissions Used

Obscure may request the following permissions:

  • Internet: required to connect to the backend, send messages, upload/download encrypted media, and receive app data.
  • Camera: used only for QR code scanning to start chats.
  • Notifications: used to show message notifications.

Third-Party Services

Obscure may use third-party services, including Firebase Cloud Messaging and cloud hosting/storage providers. These services may process technical data necessary to provide messaging, notifications, hosting, storage, and delivery.

Children’s Privacy

Obscure is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate action.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and make the updated policy available through the app listing or another accessible location.

Contact Us

If you have questions, privacy requests, or data deletion requests, contact:

Developer: IJ Roy
Email: ijroy037@gmail.com