Cord

Cord Privacy Policy

Last Updated: May 2026

Summary

Cord is a private-by-design messenger. You can use core messaging features without creating a phone-number, email, or username account, and without uploading your contacts. Messages and media are end-to-end encrypted. Cord is designed so server-side systems do not have access to plaintext message content.

To operate the service, Cord processes limited technical metadata such as app-generated device identifiers and push notification tokens.

1) Information Cord Collects

Cord collects and processes only the information needed to deliver, secure, and maintain the service:

Encrypted message/media envelopes: ciphertext and delivery-envelope data required for routing and synchronization.
Delivery metadata:
- App-generated random device identifiers
- Cord identifiers used for join/routing flows (hashed forms may be used where appropriate)
- Envelope/message identifiers and delivery-state metadata
Push notification tokens: APNs/FCM tokens required to deliver notifications.
Optional profile metadata you choose to share in a cord: alias/display name and profile avatar.
Operational and security telemetry: limited technical events needed for reliability, abuse prevention, debugging, and service integrity.

Cord does not require:

Phone numbers
Contact-list/address-book uploads
Email/username registration for core messaging use
Location data
Hardware identifiers such as IMEI, MAC address, or advertising ID

Cord does not use third-party advertising SDKs or cross-app behavioral profiling SDKs.

2) Permissions and Device Access

Cord may request permissions only when you use related features:

Camera: QR scanning and capturing media you choose to send
Microphone: recording voice/video messages
Photo library/gallery: selecting media to send or saving media you choose to store

These permissions are optional and user-initiated. You can deny or revoke them in device settings.

3) How Cord Uses Data

Cord uses collected data to:

Deliver encrypted messages/media to intended recipient devices
Maintain device registrations and routing for cord participation
Register and use push tokens to deliver content-minimized notifications
Operate, secure, troubleshoot, and improve service reliability

Cord does not sell personal data and does not use message content for advertising.

4) End-to-End Encryption

Messages are encrypted on sender devices before transmission and decrypted on recipient devices.
Media is encrypted client-side before upload/storage.
Cryptographic keys and sessions are generated and stored on-device using OS-backed secure storage.
Cord is designed so server-side systems do not hold users’ private message keys.

5) Metadata Minimization

Cord minimizes metadata, but some metadata is necessary for delivery and security:

Encrypted envelopes and routing metadata are processed to deliver messages.
Push providers process token/delivery metadata to route notifications.
Cord does not require phone-number or email identity to function.

6) Third Parties / Infrastructure

Cord uses service providers to host and deliver functionality, including:

Supabase (database, storage, realtime, edge functions)
Firebase Cloud Messaging (FCM) and Apple Push Notification service (APNs) (notification transport)
AWS services via Amplify (including Cognito/S3-related infrastructure components)

These providers process data under Cord’s instructions to provide infrastructure, delivery, and security operations.

Important: Infrastructure components (including Cognito-related configuration) do not change Cord’s core model that phone/email signup is not required for core messaging use.

7) Data Retention

Cord applies data-minimization and limited-retention principles:

Encrypted server-side delivery data/media: retained for delivery/synchronization and removed according to backend retention schedules.
Delivery metadata: retained only as needed for routing, device management, abuse prevention, and reliability/security operations.
Operational/security telemetry: retained for limited periods appropriate to service protection and troubleshooting.
On-device history: controlled by in-app retention settings and local deletion tools (including optional auto-expiration behavior).

When you delete local data or uninstall the app, local app data is removed according to platform behavior.
Some provider backups/logs may persist for limited periods under provider backup/retention cycles.

8) Your Controls

You can:

Manage cord participation in-app
Configure local message-retention behavior in-app
Remove local app data in-app and/or by uninstalling the app

Because Cord does not require a personal-account identity, Cord may not be able to identify you unless you voluntarily provide contact details (for example, through support email).

9) Children’s Privacy

Cord is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

10) Changes to This Policy

We may update this policy as features and infrastructure evolve. We will update the “Last Updated” date and provide additional notice for material changes where appropriate.

11) Contact

For privacy inquiries: cordmessaging[a]protonmail.com

If you contact us by email, we process the information you provide to respond to your request and administer privacy/support communications.

Cord

Cord Privacy Policy

Last Updated: May 2026

​

Summary

​

To operate the service, Cord processes limited technical metadata such as app-generated device identifiers and push notification tokens.

​

1) Information Cord Collects

Cord collects and processes only the information needed to deliver, secure, and maintain the service:

Encrypted message/media envelopes: ciphertext and delivery-envelope data required for routing and synchronization.

Delivery metadata:

App-generated random device identifiers

Cord identifiers used for join/routing flows (hashed forms may be used where appropriate)

Envelope/message identifiers and delivery-state metadata

Push notification tokens: APNs/FCM tokens required to deliver notifications.

Optional profile metadata you choose to share in a cord: alias/display name and profile avatar.

Operational and security telemetry: limited technical events needed for reliability, abuse prevention, debugging, and service integrity.

Cord does not require:

Phone numbers

Contact-list/address-book uploads

Email/username registration for core messaging use

Location data

Hardware identifiers such as IMEI, MAC address, or advertising ID

Cord does not use third-party advertising SDKs or cross-app behavioral profiling SDKs.

​

2) Permissions and Device Access

Cord may request permissions only when you use related features:

Camera: QR scanning and capturing media you choose to send

Microphone: recording voice/video messages

Photo library/gallery: selecting media to send or saving media you choose to store

These permissions are optional and user-initiated. You can deny or revoke them in device settings.

3) How Cord Uses Data

Cord uses collected data to:

Deliver encrypted messages/media to intended recipient devices

Maintain device registrations and routing for cord participation

Register and use push tokens to deliver content-minimized notifications

Operate, secure, troubleshoot, and improve service reliability

Cord does not sell personal data and does not use message content for advertising.

4) End-to-End Encryption

Messages are encrypted on sender devices before transmission and decrypted on recipient devices.

Media is encrypted client-side before upload/storage.

Cryptographic keys and sessions are generated and stored on-device using OS-backed secure storage.

Cord is designed so server-side systems do not hold users’ private message keys.

5) Metadata Minimization

Cord minimizes metadata, but some metadata is necessary for delivery and security:

Encrypted envelopes and routing metadata are processed to deliver messages.

Push providers process token/delivery metadata to route notifications.

Cord does not require phone-number or email identity to function.

6) Third Parties / Infrastructure

Cord uses service providers to host and deliver functionality, including:

Supabase (database, storage, realtime, edge functions)

Firebase Cloud Messaging (FCM) and Apple Push Notification service (APNs) (notification transport)

AWS services via Amplify (including Cognito/S3-related infrastructure components)

These providers process data under Cord’s instructions to provide infrastructure, delivery, and security operations.

Important: Infrastructure components (including Cognito-related configuration) do not change Cord’s core model that phone/email signup is not required for core messaging use.

7) Data Retention

Cord applies data-minimization and limited-retention principles:

Encrypted server-side delivery data/media: retained for delivery/synchronization and removed according to backend retention schedules.

Delivery metadata: retained only as needed for routing, device management, abuse prevention, and reliability/security operations.

Operational/security telemetry: retained for limited periods appropriate to service protection and troubleshooting.

On-device history: controlled by in-app retention settings and local deletion tools (including optional auto-expiration behavior).

When you delete local data or uninstall the app, local app data is removed according to platform behavior. Some provider backups/logs may persist for limited periods under provider backup/retention cycles.

8) Your Controls

You can:

Manage cord participation in-app

Configure local message-retention behavior in-app

Remove local app data in-app and/or by uninstalling the app

Because Cord does not require a personal-account identity, Cord may not be able to identify you unless you voluntarily provide contact details (for example, through support email).

9) Children’s Privacy

Cord is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

10) Changes to This Policy

We may update this policy as features and infrastructure evolve. We will update the “Last Updated” date and provide additional notice for material changes where appropriate.

11) Contact

For privacy inquiries: cordmessaging[a]protonmail.com

If you contact us by email, we process the information you provide to respond to your request and administer privacy/support communications.

When you delete local data or uninstall the app, local app data is removed according to platform behavior.
Some provider backups/logs may persist for limited periods under provider backup/retention cycles.