Aloe Chat ("we", "us", "our") operates the Aloe Chat mobile application and related backend services (collectively, the "Service"). Aloe Chat is a European-based product. As the operator of the Service, Aloe Chat acts as the data controller for personal data processed through it.
For any privacy-related questions, requests, or concerns, please contact us at: privacy@aloechat.com
This policy applies to personal data collected and processed when you download, install, register for, or use the Aloe Chat application on Android or iOS devices. It explains what data we collect, why we collect it, how we use and store it, and what rights you have over it.
We collect only the data necessary to provide and improve the Service. Below is a detailed account of the categories of personal data we process.
When you create an Aloe Chat account, we collect and store:
Some of these fields are stored in encrypted form in our database.
To support secure multi-device access and message delivery, we store:
Aloe Chat can show you which people in your address book are already on the platform. To do this without uploading your full contact list to our servers, we use a privacy-preserving approach: your app transforms phone numbers into one-way derived tags (using HMAC-style hashing) before sending them. Our server matches these tags against a similarly derived set from registered users. Raw contact phone numbers from your device are not stored on our servers.
Discovered Aloe contacts may be cached locally on your device for performance. You can revoke the Contacts permission in your device settings at any time to stop this feature.
Aloe Chat uses end-to-end encryption for direct messages. This means:
For voice and video calls, Aloe Chat uses WebRTC, which attempts a direct peer-to-peer connection between participants. When a direct connection is not possible, we use TURN relay servers. For this purpose, we generate and store temporary TURN credentials that expire after each session. We do not record or store the content of your calls.
To deliver notifications about incoming messages, calls, and other events, we store push notification tokens issued to your device by Apple (APNs) or Google (FCM). These tokens are associated with your device record and are used solely for notification delivery.
If you create a Page on Aloe Chat, we store the page's name, description, website URL, handle, page image, and associated roles (e.g., admin status) and engagement data (e.g., reactions).
To maintain service quality and fix bugs, we collect limited diagnostic and analytics data. This is more detailed than many apps, so we describe it clearly:
This data is used exclusively to improve the reliability and quality of the Service. It is not used to build advertising profiles and is not shared with third-party analytics companies.
Aloe Chat stores data locally on your device to provide a fast, offline-capable experience:
This local data remains on your device and under your control. Uninstalling the app will remove it.
The following device permissions may be requested by Aloe Chat. You can grant or revoke most of these in your device settings at any time.
| Permission | Why We Need It |
|---|---|
| Contacts | To perform contact discovery and show you which people you know are on Aloe Chat. Phone numbers are processed using privacy-preserving hashing as described in Section 3.3. |
| Phone number / Phone state | To verify your identity during account registration and link your account to your phone number. |
| Camera | To allow you to take photos or videos for your profile picture, to capture and share media in messages, and for any in-app camera flows. |
| Microphone / Audio | To record and send voice messages, and to participate in voice and video calls. |
| Photos / Media / Storage | To allow you to select images, videos, and files from your device for use as a profile photo or as message attachments. |
| Notifications | To deliver push notifications for incoming messages, calls, and other relevant alerts. |
| Background activity / VoIP | To keep the app able to receive incoming calls and deliver messages even when the app is not in the foreground. |
| Internet / Network state | To connect to Aloe Chat's servers for messaging, calling, content syncing, and WebSocket connectivity. |
We process personal data for the following purposes:
For users in the European Economic Area (EEA) and the United Kingdom, we rely on the following legal bases under the General Data Protection Regulation (GDPR):
Aloe Chat shares limited data with the following third-party service providers where technically necessary to operate the Service:
We do not use third-party advertising networks, tracking SDKs, or data brokers, and we do not share your personal data with any third party for marketing or advertising purposes.
We do not sell your personal data. We do not share your personal data with third parties except in the following limited circumstances:
| Data Category | Retention Period |
|---|---|
| Account and profile data | Retained for the life of your account. Deleted upon account deletion request. |
| Pending message envelopes | Deleted from our servers once delivered to the recipient's device, or after a limited undelivered retention window. |
| Social posts, comments, reactions | Retained until you delete them or request account deletion. |
| Device and key records | Retained while your account is active. Removed upon account deletion or device de-registration. |
| Push notification tokens | Retained while your device is registered. Removed upon device de-registration or account deletion. |
| TURN credentials | Temporary; expire automatically at the end of a call session. |
| Diagnostics and error logs | Retained for up to 12 months, after which they are automatically purged. |
| Analytics events | Retained for up to 12 months for product improvement purposes. |
| Device-session records | Retained while your account is active. Removed upon account deletion. |
We take the security of your data seriously and have implemented a range of technical and organisational measures, including:
No system is completely secure. We cannot guarantee absolute security against all threats. If you believe your account has been compromised, please contact us immediately at privacy@aloechat.com.
Aloe Chat is European-based and aims to keep data processing within the EEA wherever possible. However, certain third-party services (including Apple APNs and Google FCM) may involve data transfers to the United States or other countries. Where such transfers occur, we ensure they are governed by appropriate safeguards, such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.
Under GDPR and applicable privacy law, you have the following rights regarding your personal data:
You can also exercise in-app controls:
To exercise any of the above rights, or to submit a data deletion request, please contact us at privacy@aloechat.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Aloe Chat is not intended for use by children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@aloechat.com and we will take steps to delete that information.
We may update this privacy policy from time to time. When we make material changes, we will notify you via the app (for example, through a notification or a prompt on next login) and update the effective date at the top of this page. Continued use of the Service after a material change takes effect constitutes your acceptance of the updated policy.
We encourage you to review this policy periodically. Previous versions will be made available upon request.
If you have any questions, concerns, or requests relating to this privacy policy or your personal data, please reach out to us:
We are committed to working with you to resolve any concerns about your privacy.