top of page

Cord

Join the beta

Cord is a private messaging app built from the ground up to remove identifiers like phone numbers and email addresses.

 

Instead of linking you to personal information, Cord connects devices through a secure alphanumeric code known as a Cord ID.

 

Every message, file, or image shared through Cord is end-to-end encrypted (E2EE), ensuring that only participants in a conversation can read its contents — not Cord, not servers, and not intermediaries.

 

1. End-to-End Encryption

 

Encryption Protocol: Cord is based on the Signal Protocol, the same cryptographic framework that protects billions of messages in trusted secure messengers worldwide.

 

Security Properties:

- Forward secrecy (past messages stay safe even if keys are later compromised)

- Post-compromise security (future messages remain protected)

- Deniable authentication (messages can be verified as authentic without being provable to outsiders)

 

Every message is encrypted on the sender's device, transmitted through encrypted transport channels, and decrypted only on the recipient's device.

 

2. Metadata Protection

 

Cord goes further than standard E2EE by protecting who is talking to whom.

 

Sealed Sender: Messages are wrapped in a cryptographic envelope that hides the sender's identity from the server.

 

Pseudonymous Routing: Devices communicate through temporary, rotating pseudonymous IDs (PPIDs) that change automatically every 24 hours.

 

No Contact Lists: Cord never uploads your contacts or builds social graphs.

 

The result: even the Cord infrastructure cannot map relationships between users.

 

3. Identity & Anonymity

 

No phone numbers, emails, or usernames

 

Each device receives a random 256-bit User ID and a random 128-bit Device ID

 

All keys and identifiers are generated locally using strong cryptographic randomness

 

Devices can be linked using QR-based verification rather than personal identifiers

 

4. Data Minimization & Retention

 

Cord stores only what's absolutely necessary to deliver encrypted messages.

 

| Data Type                | Stored Where               | Retention                                       |

|--------------------------|----------------------------|-------------------------------------------------|

| Encrypted messages       | Supabase database          | User-controlled (configurable per conversation) |

| Routing metadata (PPIDs) | Supabase                   | 48 hours                                        |

| Security logs            | Supabase                   | 24 hours                                        |

| Encryption keys          | Device only (OS-encrypted) | Until device is revoked                         |

 

Automatic cleanup happens both on your device and on our servers. Server-side data is retained only as long as needed for message delivery.

 

 

5. Secure Infrastructure

 

Database: Supabase PostgreSQL with Row-Level Security (RLS) — each device can only access its own data.

 

Server Functions: Minimal, stateless edge functions used only for message routing and cleanup.

 

Hosting: All communications protected by TLS 1.3.

 

Media: Encrypted before upload; stripped of metadata (EXIF) before transmission.

 

Cord never inspects, indexes, or monetizes user data.

 

6. Client Security

 

Keys stored in the device's secure keychain (Android Keystore / iOS Keychain).

 

Backups disabled for encrypted data.

 

Notifications contain no message content — they simply alert that a new message is available.

 

Local data is deleted automatically when a message expires based on your settings.

 

7. Open-Standards Cryptography

 

Cord builds exclusively on audited, open cryptographic standards:

 

| Function           | Algorithm                              |

|--------------------|----------------------------------------|

| Key exchange       | X25519 (Elliptic-Curve Diffie-Hellman) |

| Signatures         | Ed25519                                |

| Message encryption | AES-256-CBC or XChaCha20-Poly1305 AEAD |

| Key derivation     | HKDF-SHA256                            |

| Authentication     | HMAC-SHA256                            |

 

All libraries are public and peer-reviewed; no proprietary cryptography is used.

 

8. Transparency & Audits

 

Independent Audit: Cord's full architecture will support external Audit Readiness: Documentation and code are structured for third-party review by established security firms.

 

No hardware or advertising IDs are accessed

 

No PII is collected or transmitted

 

Retention and deletion policies are enforced

 

A public summary of each audit cycle will be released on this page.

 

9. Security Principles

 

Privacy by Design**: No identifier collection, minimal metadata.

 

Transparency: Architecture and whitepapers are published openly.

 

End-User Control: Devices own their keys; users can delete all data at any time.

 

Open Cryptography: Only vetted, community-standard algorithms.

 

No Ads, No Tracking**: Cord contains no analytics SDKs or behavioral tracking.

 

10. Learn More

 

- Signal Protocol Overview

- HKDF Key Derivation (RFC 5869)

- AES and XChaCha20-Poly1305 AEAD (RFC 8439)

Cord Privacy Policy

 

Last Updated: November 2025

 

Introduction

 

Cord is a private messaging app designed to protect your privacy. This Privacy Policy explains what data Cord collects, how we use it, and your rights regarding your data.

 

What Data We Collect

 

Cord is designed to collect minimal data necessary for message delivery:

 

Data We Collect:

Encrypted Messages: Message content is encrypted end-to-end and stored temporarily on our servers for delivery

Routing Metadata: Temporary pseudonymous IDs (PPIDs) used for message routing, rotated every 24 hours

Device Information: Random device identifiers (not linked to personal information)

Security Logs: Minimal audit logs for security purposes

 

Data We Do NOT Collect:

- Phone numbers

- Email addresses

- Names or usernames

- Contact lists

- Location data

- Hardware identifiers (IMEI, serial numbers, MAC addresses, advertising IDs)

- Personal Identifiable Information (PII)

- Analytics or usage tracking data

E-mail entered to sign up to beta is stored until end of beta or until deletion request. Use an anonymous e-mail address from protonmail.ch or similar)

2. How We Use Your Data

 

Cord uses your data solely for the purpose of delivering encrypted messages:

 

- Message Delivery: Encrypted messages are temporarily stored on servers to ensure delivery to intended recipients

- Routing: Temporary pseudonymous IDs are used to route messages without revealing sender identity

- Security: Minimal audit logs help maintain system security and prevent abuse

- Service Operation: Device identifiers enable multi-device support and device management

 

We do not:

- Inspect or read message content (messages are end-to-end encrypted)

- Build social graphs or relationship maps

- Track user behavior or usage patterns

- Monetize or sell user data

- Use data for advertising or marketing

 

3. Data Sharing

 

Cord does not share, sell, rent, or monetize your data.

 

We do not:

- Share data with third parties

- Use analytics SDKs or tracking tools

- Share data with advertising networks

- Sell data to data brokers

- Use third-party data processors for user data analysis

 

Third-Party Infrastructure Services

 

Cord uses the following infrastructure services:

 

- Supabase: Provides secure database hosting and serverless functions. Supabase hosts encrypted data for us and cannot decrypt your messages. It only sees encrypted envelopes and minimal routing metadata. Supabase is bound by strict data processing agreements and cannot access your data.

 

- Firebase Cloud Messaging (FCM): Used for push notifications. Push notifications contain no message content — they simply alert that a new message is available.

 

These services are used solely for infrastructure hosting and cannot access your encrypted data.

4. Data Retention

 

Cord stores only what's absolutely necessary to deliver encrypted messages.

 

| Data Type                | Retention Period                                                |

|--------------------------|-----------------------------------------------------------------|

| Encrypted messages       | User-controlled (configurable: 10 minutes to 90 days, or Never) |

| Routing metadata (PPIDs) | 48 hours                                                        |

| Security logs            | 24 hours                                                        |

| Encryption keys          | Until device is revoked (stored on device only)                 |

 

Message retention is controlled by you through app settings. Messages auto-delete from your device based on your preferences. Server-side data is retained only as long as needed for message delivery.

5. Your Rights

 

You have the following rights regarding your data:

 

Right to Access

You can request information about what data we store about you. Due to our privacy-by-design architecture, we store minimal data and cannot access your encrypted messages.

 

Right to Deletion

You can delete your cords and the app whenever you want. We cannot link your device to any service side encrypted data.

 

When you delete your account:

- All encrypted messages are permanently deleted from our servers

- All device registrations are revoked

- All routing metadata (PPIDs) are deleted

- All encryption keys stored on your device are deleted

- This action is irreversible

 

Right to Control

You have full control over:

- Message expiration settings (per conversation)

- Device management (add/remove devices)

- Account deletion

 

How to Exercise Your Rights

 

To exercise any of these rights, contact us at:

- cordmessaging [a] protonmail.ch

 

We will respond to your request within 30 days.

6. How to Delete Your Data

 

Delete Individual Messages

- Long-press a message in the app and select "Delete"

 

Delete Entire Conversation

- Open Cord Info → Delete Cord

 

Delete Your Account

1. There are no accounts to delete

 

Contact Us for Deletion

If you need assistance deleting your data, contact cordmessaging [a] protonmail.ch with your request.

7. Security

 

Cord uses industry-standard security measures to protect your data:

 

- End-to-End Encryption: All messages are encrypted using the Signal Protocol

- Metadata Protection: Sealed sender envelopes and rotating pseudonymous IDs prevent relationship mapping

- Secure Storage: Encryption keys are stored in your device's secure keychain (OS-encrypted)

- Transport Security: All communications protected by TLS 1.3

- No Data Inspection: Cord never inspects, indexes, or reads your message content

 

8. Children's Privacy

 

Cord is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

 

9. Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes, we will:

 

- Update the "Last Updated" date at the top of this policy

- Notify users through the app (if significant changes)

- Post a notice on our website

 

Your continued use of Cord after any changes constitutes acceptance of the updated Privacy Policy.

 

10. Contact Us

 

For privacy inquiries, questions about this policy, or to exercise your rights, please contact us:

 

- cordmessaging [a] protonmail.ch

 

We will respond to your inquiry within 30 days.

 

Last Updated: November 2025

 

© 2025 Cord Messaging – All rights reserved.

bottom of page