Privacy Policy
Recursion is designed so message contents are end-to-end encrypted and the service does not require a phone number, email address, real name, contact list, location, advertising identifier, or social account.
Last updated: May 9, 2026
Who This Policy Covers
This Privacy Policy explains how Recursion handles data when you use the Recursion mobile app, encrypted messaging service, public ID system, usernames, chat rooms, invite links, and paid features.
Developer: Recursion. Privacy contact: privacy@recursion.se. Store support contact: support@recursion.se.
Our Privacy Position
We do not try to identify who you are. Recursion does not ask for your name, email address, phone number, address book, precise location, advertising ID, or government identity.
We do not store plaintext message content on the server. Private messages, room messages, and attachments are sent to the server as encrypted ciphertext. The server is a relay and cannot read encrypted message content.
We do not sell personal data or use third-party advertising SDKs. Recursion is not built around ads, tracking pixels, behavioral profiles, or data resale.
Important limitation: No internet service can truthfully promise that all activity is impossible to correlate. Networks, app stores, payment processors, operating systems, and hosting infrastructure may process connection, device, billing, or security metadata outside the encrypted message body. Recursion is designed to avoid collecting identifiers that tie message content to a real person or physical device.
Data We Do Not Collect
- No phone number is required.
- No email address is required to use the app.
- No real name is required.
- No contact list upload is required.
- No GPS or precise location is required.
- No advertising identifier is required.
- No third-party analytics SDK is required by the app.
- No plaintext private message, room message, or attachment content is stored on the Recursion server.
Data The Service Processes
To operate an encrypted relay, Recursion processes a small amount of service data:
- Public ID: a random public account identifier generated for messaging.
- Public cryptographic keys: public Ed25519 and X25519 keys used so other users can encrypt messages to you and verify safety numbers.
- Device ID and device token: random app credentials used to authenticate your app installation to the relay. These are not intended to identify your real-world device model, serial number, IMEI, IMSI, SIM card, or person.
- Optional username: if you buy or claim a username, the username is reserved so another user cannot reuse it.
- Encrypted message data: ciphertext, encrypted envelopes, sender and recipient public IDs or device IDs needed for delivery, timestamps, delivery status, and ciphertext size.
- Encrypted attachments: encrypted attachment bytes and minimal delivery metadata such as attachment ID, size, and expiration time.
- Chat room metadata: room title, topic, public/private setting, approval setting, creator public ID, member public IDs, invite links, join requests, and encrypted room messages.
- Paid feature records: store product IDs, entitlement status, purchase validation results, expiration dates where applicable, and store receipt metadata needed to confirm App Store or Google Play purchases.
- Operational security data: rate-limit counters, abuse prevention state, and temporary server or network data needed to keep the service available and secure.
Network Metadata
When any app connects to an online service, network infrastructure must receive connection information such as IP address, timing, TLS session data, and request size to route traffic. Recursion is designed so this metadata is not used as your account identity and is not needed to read message content.
If you deploy or operate your own Recursion backend, your hosting provider, firewall, reverse proxy, app store, payment processor, DNS provider, CDN, or operating system may process network metadata according to their own policies.
Encryption And Local Storage
Recursion uses client-side encryption for message content. The server stores encrypted ciphertext, not plaintext chat bodies.
On your device, Recursion stores local chat data in an encrypted database and stores cryptographic material using platform secure storage where available. Device security depends on your operating system, secure lock screen, malware resistance, jailbreak/root status, backups, and physical control of your device.
Public Rooms And Usernames
Usernames and public rooms are intentionally discoverable. If you create a username, others may search for it and use it to contact you. If you create or join a public room, the room title, topic, public/private status, approval setting, and membership or request state may be visible as part of the room feature.
Public rooms can be approval-gated, but approval does not make their existence fully private. It limits who can join and receive room keys.
Payments
Paid features are purchased through Apple App Store or Google Play in-app purchase systems. Recursion receives purchase validation data from the app stores so the server can activate paid features. Apple and Google may process billing identity, payment method, tax, fraud, refund, and store account data under their own terms and privacy policies. Recursion does not receive your full payment card number from the app stores.
How We Use Data
- To create and authenticate anonymous app identities.
- To relay encrypted messages and encrypted attachments.
- To operate usernames, chat rooms, invite links, approvals, and membership changes.
- To validate paid feature purchases and prevent reuse or fraud.
- To rate-limit abuse, protect service availability, and respond to security issues.
- To comply with lawful obligations where they apply.
Sharing
Recursion does not sell your data. Recursion does not share plaintext message content because the server is not designed to possess it.
Data may be processed by infrastructure providers needed to run the service, such as hosting, DNS, TLS, app stores, and payment verification systems. These providers may process operational metadata under their own terms. Recursion may disclose the limited data it has if legally required.
Retention And Deletion
Encrypted undelivered messages and encrypted attachments may be retained only as long as needed for delivery or until configured expiration. Delivery status and room membership records may remain while your account, username, entitlement, or room exists.
You can delete your local identity in the app. Deleting an identity removes local keys and local data from your device, which may make older encrypted messages unrecoverable. Server-side deletion requests can be sent to privacy@recursion.se or through in-app deletion features where available.
Your Choices
- You may use Recursion without a real name, phone number, email address, contact list, or location permission.
- You may choose not to claim a username.
- You may choose not to join public rooms.
- You may delete your local identity and create a new public ID.
- You may request deletion of server-side account, username, room, or entitlement records where legally and technically possible.
Children
Recursion is not intended for children under 13, or the minimum age required by local law to use online services without parental consent. Do not use Recursion if you are not old enough to consent to these terms in your country.
Security
Recursion uses encryption and security controls to reduce the amount of readable data available to the server. No app, protocol, server, or device can be guaranteed perfectly secure. Keep your device updated, use a strong device lock, avoid rooted or jailbroken devices for sensitive conversations, and verify safety numbers with contacts when needed.
Changes
We may update this Privacy Policy as the app, backend, store requirements, or legal obligations change. The updated policy will show a new “Last updated” date.