PRIVACY POLICY

Pursuant to Art. 13 and 14 of EU Regulation 2016/679 (GDPR), the Data Controller is:

• Controller — DeltaFox
• Location — Toscana, Italia
• Email — info@deltafoxxx.it
• Website — deltafoxxx.eu

DeltaFox is an independent project. No Data Protection Officer (DPO) is designated as the processing does not fall within the cases provided for by Art. 37 GDPR.

DeltaFox is a self-hosted, end-to-end encrypted messaging platform. We are committed to protecting your privacy and ensuring your personal data remains under your exclusive control. This Privacy Policy is provided pursuant to Art. 13 of EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018.

Account Information

• Username — chosen by you during registration, used for search only
• Display Name — the name visible to other users
• Password — stored as a bcrypt hash (we never see your plaintext password)
• 2FA TOTP — mandatory two-factor authentication secret, stored encrypted
• Profile picture — optional, stored encrypted

Messages & Media

• Encrypted content — stored as ciphertext, unreadable without your device keys
• Encrypted media — photos, videos, voice messages, documents
• Metadata — timestamps, sender/recipient IDs (required for delivery)

Technical Data

• IP Address — temporarily logged for security, auto-purged after 24 hours
• Push tokens — Firebase/Expo token for notifications

Data We Do NOT Collect

We process your personal data based on the following legal grounds:

• Contract performance (Art. 6(1)(b)) — account creation, message delivery, call signaling, push notifications
• Legitimate interest (Art. 6(1)(f)) — platform security (rate limiting, progressive lockout, IP logging for 24h)
• Consent (Art. 6(1)(a)) — Lilith IA interactions (data sent to Anthropic/OpenAI), optional location sharing, optional profile picture
• Legal obligation (Art. 6(1)(c)) — compliance with applicable laws when required

DeltaFox uses the Signal Protocol for 1:1 messages and Sender Key protocol for groups:

• Messages encrypted on your device before transmission
• Only intended recipients can decrypt them
• Server stores only encrypted ciphertext — unreadable by anyone
• Voice/video calls use WebRTC DTLS-SRTP (peer-to-peer)

LILITH IA

DeltaFox's built-in AI assistant, powered by Anthropic Claude.

• Messages to Lilith are processed by Anthropic's API (text) and OpenAI's API (voice)
• Anthropic and OpenAI do not store conversations for training purposes
• Lilith conversations are NOT E2E encrypted (the AI must read text to respond)
• No other users can see your Lilith conversations
• You can delete Lilith chat history at any time
• Legal basis: your explicit consent (Art. 6(1)(a) GDPR) — given by voluntarily using the Lilith feature

• Message delivery — routing encrypted messages to recipients
• Push notifications — new messages and incoming call alerts
• Security — rate limiting, progressive lockout, 2FA verification
• Call signaling — establishing WebRTC P2P connections

We retain your data only for as long as strictly necessary:

• Account data — retained until you delete your account
• Encrypted messages — deleted from server after delivery confirmation (readBy)
• Encrypted media — deleted from server after delivery
• IP logs — automatically purged after 24 hours
• Lilith conversations — retained until manually deleted by the user
• Rate limiting data — temporary, auto-expires within minutes

Some data is processed by third-party services. Where data is transferred outside the EU/EEA, it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or by an EU adequacy decision:

• Anthropic (Claude API) — Lilith text interactions — USA (SCCs)
• OpenAI (Realtime API) — Lilith voice interactions — USA (SCCs)
• Twilio — PSTN calls and SMS — USA (SCCs)
• Google Firebase (FCM) — push notifications — USA (EU adequacy decision)
• Expo Push Service — notification routing — USA (SCCs)
• Hetzner (Server) — data hosting — Helsinki, Finland (EU)
• TURN/STUN — WebRTC NAT traversal (no message content)

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — request a copy of your personal data
• Right to rectification (Art. 16) — correct inaccurate data
• Right to erasure (Art. 17) — delete your account and all associated data
• Right to restriction (Art. 18) — restrict processing in certain circumstances
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to object (Art. 21) — object to processing based on legitimate interest
• Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior processing

To exercise your rights, contact us at:

info@deltafoxxx.it

We will respond within 30 days as required by Art. 12(3) GDPR.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority:

• Garante per la Protezione dei Dati Personali
• Piazza Venezia 11 — 00187 Roma, Italia
• Email: protocollo@gpdp.it
• PEC: protocollo@pec.gpdp.it
• Web: www.garanteprivacy.it

• Delete individual messages or conversations anytime
• Delete your account — permanently removes ALL data from our servers
• IP logs automatically purged after 24 hours

Profile → Delete Account (irreversible)

Pursuant to Art. 32 GDPR, we implement appropriate technical and organizational measures:

• Signal Protocol E2E encryption (Double Ratchet + X3DH)
• HTTPS/TLS + Certificate Pinning (SPKI SHA-256)
• Bcrypt (cost 12) password hashing
• TOTP Two-Factor Authentication (RFC 6238)
• Progressive lockout on failed authentication
• SQLCipher encrypted local database
• Anti-screenshot protection (FLAG_SECURE)
• Secure clipboard with auto-clear after 30 seconds

• Camera — photos/videos for encrypted sharing
• Microphone — voice messages and calls
• Storage — save encrypted media
• Contacts — find friends (contacts are NEVER uploaded to our servers)
• Location — share encrypted GPS position in chat (optional, consent-based)
• Display overlay — incoming call screen
• Biometric — optional app lock (data never leaves device)

DeltaFox does not use automated decision-making or profiling that produces legal effects or similarly significant effects on users. The only automated processes are rate limiting and progressive lockout on authentication endpoints, which are necessary security measures.

DeltaFox is not intended for children under 16 years of age (in accordance with Art. 8 GDPR and Italian implementation setting the age at 14). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. For significant changes, we will notify users through the app. We encourage you to review this policy periodically.

For questions about this Privacy Policy or to exercise your data protection rights:

• Controller — DeltaFox
• Email — info@deltafoxxx.it
• Web — deltafoxxx.eu
• Location — Toscana, Italia