Privacy Policy

1. Overview

This privacy policy explains what personal data is collected when you use the Voidcom website (voidcom.app) and the Voidcom desktop application, and how that data is processed. We take your privacy seriously and process personal data only in accordance with the European General Data Protection Regulation (GDPR) and applicable national data protection laws.

2. Responsible party

The responsible party (data controller) within the meaning of the GDPR is:
Maximilian Tschauder
max@voidcom.app

See the Imprint for full contact details.

Data Protection Officer: We have not formally appointed a Data Protection Officer because the criteria of Art. 37 GDPR and § 38 BDSG do not currently apply to our processing activities. For all data protection enquiries — including the exercise of the rights described in section 13 — please contact team@voidcom.app.

3. Hosting

The Voidcom website and application are hosted on infrastructure operated by the following providers. Accounts and messages sit on the EU-based providers listed below; file attachments and installer downloads are stored in Scaleway Object Storage in France (see section 10); the voice SFU network additionally extends to providers near where users connect. We use multiple providers for load balancing and cross-provider failover so that a single-vendor outage does not take the service down:

• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany — Privacy Policy
• OVH GmbH, St. Johanner Straße 41–43, 66111 Saarbrücken, Germany — Privacy Policy
• IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany — Privacy Policy
• Infomaniak Network SA, Rue Eugène-Marziano 25, 1227 Les Acacias (Geneva), Switzerland — operating a voice SFU region in Bern — Privacy Policy

When you visit this website, the server handling your request may process your IP address, browser type, operating system, referrer URL, and the time of your request. This processing is necessary for delivering the website to you and is based on our legitimate interest (Art. 6(1)(f) GDPR).

Application data is stored exclusively within the European Union: accounts and messages on servers in Germany (Hetzner / OVH / IONOS), and file attachments and installer downloads in Scaleway Object Storage in France (see section 10). To deliver low-latency real-time voice and video, we additionally operate a geographically distributed network of Selective Forwarding Unit (SFU) nodes located close to users. As the user base grows, we add further SFU regions — including locations outside the EU/EEA, such as in North America, Asia, and Oceania — to keep round-trip times low.

Voice and video are end-to-end encrypted on your device before they leave it, so every SFU — present and future, regardless of country — forwards only opaque packets it cannot decrypt. Plaintext audio and video never touch a third-party provider, and no voice or video content is stored at any SFU; packets are forwarded in real time and immediately discarded. The personal data processed at an SFU is limited to your connection IP address (needed to route packets back to you) plus the pseudonymous account and channel identifiers used to forward audio and video to the right participants — never the voice or video content, which stays end-to-end encrypted.

For every SFU region we activate, the operating provider is added to the sub-processor table in section 10 with its country and transfer basis. Where a region sits outside the EU/EEA, we apply the appropriate GDPR transfer mechanism — a Commission adequacy decision under Art. 45 GDPR (e.g. Switzerland, where the current Infomaniak region operates), Standard Contractual Clauses under Art. 46 GDPR, or the EU-U.S. Data Privacy Framework — as applicable to the destination country. Data processing agreements (Auftragsverarbeitungsverträge / equivalent under Swiss FADP or other local law) are in place with every provider.

4. Content Delivery Network

We use Bunny CDN (BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia) as a content delivery network to optimize loading times and provide DDoS protection. When you access our website, your request is routed through Bunny CDN's edge servers. Bunny CDN may process your IP address (anonymized by default) and HTTP request metadata.

BunnyWay d.o.o. is an EU-based company — no international data transfer is involved. A data processing agreement is in place. For more information, see Bunny CDN's Privacy Policy.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

5. Data we collect on the website

a) Newsletter subscription

When you subscribe to our newsletter, we collect your email address. We use a double opt-in process: after entering your email, you will receive a confirmation email. Your subscription is only activated once you click the confirmation link. We store your email address, confirmation status, and subscription date.

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by using the unsubscribe link in any newsletter email. Upon unsubscription, your data is immediately and permanently deleted from our systems.

The double-opt-in confirmation email and all subsequent newsletter content are delivered via our automated-email provider (see section 5f).

b) Beta application

When you apply for the beta program, we collect your email address, username, and optionally your country and a reason for joining. This data is stored to process your application, to notify you about its status, and to plan server regions.

Legal basis: Consent (Art. 6(1)(a) GDPR). Beta applications that are not approved are deleted after 6 months. Status notifications are sent via our automated-email provider (see section 5f).

c) Server log files

Our server automatically collects and stores information in server log files that your browser transmits when visiting the website:

• IP address (anonymized)
• Date and time of the request
• Requested URL
• Browser type and version
• Operating system
• Referrer URL

This data is not combined with other data sources and is automatically deleted after 7 days. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).

d) Interactive chat demo

The website features an interactive chat demonstration that uses artificial intelligence to generate responses. When you type a message in the chat demo, your message text is sent to our server, which forwards it to the Mistral AI API (Mistral AI, 15 rue des Halles, 75001 Paris, France) to generate a response.

Data processed: Only the message text you type into the chat demo is transmitted. No personal data, IP address, or account information is sent to Mistral AI by us — the request is proxied through our server.

Data retention by Mistral AI: Mistral AI may retain API inputs and outputs for up to 30 days on a rolling basis for abuse monitoring purposes. Your data is not used to train Mistral AI's models (we use the paid Scale plan, which excludes training usage). For details, see Mistral AI's Privacy Policy and their Data Processing Addendum.

Processing location: Mistral AI is an EU-based company headquartered in France. For their API platform (La Plateforme), Mistral AI uses the following sub-processors relevant to API request processing:

• Microsoft Inc. — Cloud infrastructure (Sweden, Norway)
• CoreWeave — Inference provider (EEA)
• Kong Inc. — API security (EEA)

Data processing occurs within the European Economic Area. The full and current list of Mistral AI's sub-processors is available at trust.mistral.ai/subprocessors. Standard Contractual Clauses (SCCs) are in place for any non-EU transfers.

Rate limiting: The chat demo is rate-limited to 10 requests per minute per visitor. When the limit is reached, pre-written fallback responses are shown instead of contacting the Mistral AI API.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — the interactive demo serves to demonstrate the application's functionality to prospective users. You can choose not to use the chat demo; it is entirely optional and no data is sent unless you actively type and submit a message.

e) Local storage

This website stores your theme preference (light or dark mode) in your browser's local storage. This is not personal data, is never sent to our servers, and is used solely to remember your display preference.

f) Automated emails (Scaleway)

All automated emails we send — newsletter broadcasts, newsletter double-opt-in confirmations, beta-application status updates, account verification, and password-reset emails — are sent through Scaleway SAS (8 rue de la Ville l'Évêque, 75008 Paris, France) using their Transactional Email (TEM) service.

Data processed: the recipient email address and the body of the email (which may contain your username, a confirmation link, the newsletter content, or the status text we are notifying you about). No additional personal data is shared.

Processing location: Scaleway is a France-based EU company; the entire Transactional Email infrastructure runs within the European Union. A data processing agreement is in place. For more information, see Scaleway's Privacy Policy.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) for the emails required to deliver the service you signed up for; consent (Art. 6(1)(a) GDPR) for the newsletter and its double-opt-in confirmation.

g) Direct correspondence (Proton Mail)

When you write to us directly — for example, by sending an email to team@voidcom.app, max@voidcom.app, or by replying to one of the automated emails described in 5f — your message is received and stored in our Proton Mail mailbox (Proton AG, Switzerland). Replies we send are composed and sent from the same mailbox. Proton Mail is used only for this one-to-one human correspondence; it does not handle automated or broadcast emails.

Data processed: the email address you wrote from and the content of your message and our reply.

Processing location: Proton AG is based in Switzerland, which has been granted an adequacy decision by the European Commission, ensuring an adequate level of data protection.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in responding to enquiries directed to us, or contract performance (Art. 6(1)(b) GDPR) where the correspondence relates to a contractual matter.

6. Data we collect in the Voidcom application

a) Account data

When you create a Voidcom account, we store your email address, username, and an SRP6a password verifier — a non-reversible value derived from your password. When you log in, your password is verified via SRP6a without being sent to our servers, and we never store it in plain text. Accounts created before this rollout instead hold a memory-hard Argon2id hash until their next sign-in.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) — necessary to provide the service.

b) Messages

Messages in server text channels are stored on our servers to provide the chat functionality. Direct messages (DMs) are end-to-end encrypted — the server only stores encrypted ciphertext and cannot read the content of your private conversations.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

c) Voice and video

Voice and video data is transmitted in real-time only. It is forwarded through our servers to other participants but is never recorded or stored. Voice streams in regular voice channels and DM voice are end-to-end encrypted using MLS 1.0 (RFC 9420) with per-epoch keys — the server forwards opaque packets it cannot decrypt. Voice rooms above 99 participants are a separate "Stage" channel type that is server-mediated for moderation; this is clearly distinguished from regular voice channels.

d) Server membership, channels, and roles

We store your server memberships, channel access, and assigned roles to provide the community functionality.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

e) Friend list and presence

Your friend relationships are stored to enable direct messaging and friend features. Your current presence status (Online, Away, Busy, Offline/Invisible) is stored against your account so it can be shown to your friends, and is updated whenever you connect, disconnect, or change it manually. Your live online/offline visibility is ephemeral — others only see you as online while you are actually connected.

f) File attachments

Files you upload (chat attachments, avatars, server icons) are stored in Scaleway Object Storage (Scaleway SAS, 8 rue de la Ville l'Évêque, 75008 Paris, France) and linked to your account. The same Scaleway Object Storage backend also serves the public installer downloads from our website.

Processing location: Scaleway is a France-based EU company; Object Storage data is stored in Scaleway's EU regions. A data processing agreement is in place. For more information, see Scaleway's Privacy Policy.

You can delete an uploaded file by deleting the message it is attached to, or by deleting your account; both remove the file from storage.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) — necessary to provide the file-sharing functionality.

g) Session data

When you log in, a session token (JWT) and refresh token are generated. These are stored on your device and validated server-side. They are automatically invalidated when you log out or when they expire.

h) Android app permissions

The Voidcom Android app declares the following permissions. Each is used solely for the functionality described below; no data accessed via these permissions is retained on our servers beyond what is stated in sections 6a–g above.

• Microphone (RECORD_AUDIO, FOREGROUND_SERVICE_MICROPHONE) — Captures your voice during voice and video calls. Audio is encoded on your device, end-to-end encrypted, and transmitted in real time. It is never recorded or stored on our servers.
• Camera (CAMERA) — Captures video during video calls when you enable your camera. Video frames are encoded on your device, end-to-end encrypted, and transmitted in real time. They are never recorded or stored on our servers.
• Notifications (POST_NOTIFICATIONS, USE_FULL_SCREEN_INTENT) — Displays incoming-call and message notifications. The full-screen intent shows the incoming-call screen while your device is locked.
• Bluetooth (BLUETOOTH_CONNECT, MODIFY_AUDIO_SETTINGS) — Routes call audio to paired Bluetooth headsets and manages call-mode audio routing. No Bluetooth device data is collected or transmitted.
• Foreground service (FOREGROUND_SERVICE, WAKE_LOCK) — Keeps active voice and video calls running when the app is in the background, and keeps the screen behaving correctly during a call (proximity-off for voice, screen-on for video).
• Internet (INTERNET) — Required for all communication with the Voidcom server.

Permissions classified by Google Play as sensitive (microphone, camera, notifications) are requested at runtime and can be revoked at any time via your Android system settings. Revoking the microphone or camera permission will disable voice or video calls but will not otherwise affect app functionality.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) — necessary to provide the communication features you have requested.

i) Push notifications

The Voidcom application can deliver push notifications for incoming messages, friend requests, and call invitations. The transport used depends on which build of the app you have installed:

• Android — Google Play Store build: push notifications are delivered through Firebase Cloud Messaging (FCM), operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When a notification is generated, the FCM device token registered for your installation, the notification payload, and basic delivery metadata are transmitted via Google's servers in the United States. The contents of that payload depend on the message type. For end-to-end-encrypted direct messages, the server cannot read the message, so the payload carries an empty preview and your device decrypts the message locally to display it. For non-end-to-end-encrypted direct messages and channel mentions — where the server already holds the plaintext to forward it — the payload includes a short message preview (up to roughly 140 characters) together with the sender's display name and the relevant channel and server names.
• Android — direct APK download from voidcom.app: the direct distribution build uses UnifiedPush instead of FCM. UnifiedPush is an open, federated push protocol; you choose your own distributor, which can be self-hosted or run by an EU-based provider. No data is sent to Google in this build.
• Desktop (Windows, Linux): notifications are delivered locally by the operating system from a persistent gRPC stream. No third-party push service is involved.
• iOS: we do not currently distribute an iOS build, so Apple Push Notification service (APNs) is not in use.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) — necessary to deliver the notifications you have requested.

Transfer mechanism (FCM only): Google LLC is certified under the EU-U.S. Data Privacy Framework, and Standard Contractual Clauses are additionally in place via Google's Data Processing Addendum. If you would prefer no data transfer to the United States, install the direct-APK UnifiedPush build instead of the Play Store build.

7. Analytics

We use Plausible Analytics, self-hosted on our own infrastructure in Germany, to understand how visitors use our site. Plausible is a privacy-first analytics tool that:

• Does not use cookies
• Does not track individual users across sites
• Does not collect or store personal data
• Does not store IP addresses (hashed with a daily-rotating salt, then discarded)
• Collects only aggregated, anonymized metrics (page views, referrers, countries, browser/OS types)

Because Plausible is self-hosted, no data is transmitted to any third party. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). No consent banner is required because no personal data or cookies are involved (TDDDG § 25).

8. External resources

All fonts and icons used on this website are self-hosted. No external resources are loaded from third-party servers when you visit our website. Your browser does not connect to Google, Adobe, or any other font or asset provider.

The only external service contacted from our server (not from your browser) is the Mistral AI API, and only when you actively submit a message in the interactive chat demo. See section 5d for details.

9. Cookies

This website does not set any cookies. No first-party or third-party cookies are used for tracking, analytics, or any other purpose.

10. Data storage and transfers

• Website and application data (newsletter subscribers, beta applications, accounts, messages, message metadata) is stored on servers hosted in Germany by Hetzner Online GmbH, OVH GmbH, and IONOS SE (see section 3 for full addresses). File attachments and installer downloads are handled separately — see the Scaleway Object Storage bullet below. All of this data remains within the European Union.
• Voice and video traffic is forwarded in real time through regional Selective Forwarding Unit (SFU) nodes operated by the providers listed in section 3. The SFU network is geographically distributed and is being expanded beyond the EU/EEA (e.g. to North America, Asia, and Oceania) so users connect to a region close to them. Voice and video are end-to-end encrypted, so every SFU — regardless of country — sees only opaque packets it cannot decrypt; no voice or video content is stored, and packets are forwarded and immediately discarded. The personal data processed at an SFU is limited to your connection IP address (needed to route packets back to you) plus the pseudonymous account and channel identifiers used to forward audio and video to the right participants — never the voice or video content, which stays end-to-end encrypted. For each region outside the EU/EEA, the appropriate GDPR transfer mechanism (adequacy decision, Standard Contractual Clauses, or the EU-U.S. Data Privacy Framework) is applied, and the operating provider is listed in the sub-processor table below.
• Content delivery is provided by Bunny CDN (BunnyWay d.o.o., Slovenia). IP addresses are anonymized by default. No data leaves the EU.
• Analytics are processed by self-hosted Plausible Analytics on our own servers in Germany. No personal data is collected or transferred.
• Automated emails (newsletter broadcasts, newsletter double-opt-in confirmations, account verification, password resets, beta-status notifications) are sent via Scaleway SAS (8 rue de la Ville l'Évêque, 75008 Paris, France) using their Transactional Email service. Scaleway is an EU-based company and the entire TEM infrastructure runs within the European Union.
• Direct human correspondence (emails you send to us and our replies) is handled via Proton Mail (Proton AG, Switzerland), which benefits from the EU adequacy decision for Switzerland.
• Interactive chat demo messages are processed by Mistral AI (15 rue des Halles, 75001 Paris, France). Mistral AI is an EU-based company. A data processing addendum is in place. API data is retained for up to 30 days for abuse monitoring and is not used for model training.
• File attachments and installer downloads are stored in Scaleway Object Storage (Scaleway SAS, France) in EU regions.
• Android push notifications on the Google Play Store build of the app are delivered through Firebase Cloud Messaging (Google LLC, United States). The direct-APK download from voidcom.app uses UnifiedPush instead and does not send data to Google. See section 6i.

Sub-processors at a glance

The following table is a complete list of all third-party processors that handle personal data on our behalf. It mirrors the disclosures spread across sections 3, 4, 5, and 6 above and is provided here for quick reference.

11. Data retention

• Beta applications: Deleted 6 months after submission if not approved.
• Newsletter subscribers: Data is deleted immediately upon unsubscribe.
• App user accounts: Retained until you request account deletion.
• Messages: Retained until the channel or server is deleted, or you request erasure.
• Server log files: Automatically deleted after 7 days.
• Voice and video: Not stored — real-time transmission only.
• Chat demo messages: Not stored on our servers. Mistral AI may retain inputs and outputs for up to 30 rolling days for abuse monitoring.

12. Minimum age

Voidcom is intended for users aged 16 or older. If you are under 16, you may only use the service with the consent of a parent or legal guardian, in accordance with Art. 8 GDPR and TDDDG § 25.

13. Your rights under GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — You can request information about your stored personal data.
• Right to rectification (Art. 16 GDPR) — You can request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR) — You can request deletion of your data.
• Right to restriction (Art. 18 GDPR) — You can request restriction of processing.
• Right to data portability (Art. 20 GDPR) — You can request your data in a machine-readable format.
• Right to object (Art. 21 GDPR) — You can object to the processing of your data.
• Right to withdraw consent (Art. 7(3) GDPR) — You can withdraw consent at any time (e.g., unsubscribe from the newsletter). Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint — You can file a complaint with a supervisory authority.

To exercise any of these rights, contact us at team@voidcom.app.

The competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW)
www.baden-wuerttemberg.datenschutz.de

14. Automated decisions and special categories of data

Automated decision-making (Art. 22 GDPR): We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. Your account, content, and access decisions are made by humans, with rate-limiting and anti-abuse heuristics being the only automated checks; those checks may temporarily slow down or block actions but never permanently remove an account without human review.

Special categories of personal data (Art. 9 GDPR): We do not request, collect, or intentionally process special categories of personal data — such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data, health data, or data concerning a person's sex life or sexual orientation. If you choose to share such information voluntarily as part of your communications (e.g. inside a message), it is processed under the same rules as any other message content (sections 6b and 6c).

15. Data security

We implement the following security measures to protect your data:

• All connections are encrypted using HTTPS/TLS.
• Login uses SRP6a (RFC 5054): at sign-in your password is verified without being sent to our servers — we hold only a non-reversible verifier, never your password in plain text. On your device, the same password also derives a memory-hard Argon2id key that wraps your end-to-end-encryption keys.
• Direct messages are end-to-end encrypted using XChaCha20-Poly1305 with hybrid X25519 + ML-KEM-768 key exchange (post-quantum secure, BSI TR-02102-1 compliant).
• Bunny CDN provides DDoS protection and edge caching.
• Voice calls in regular voice channels and DM voice are end-to-end encrypted using MLS 1.0 (RFC 9420) on a post-quantum hybrid ciphersuite (ML-KEM-768 + X25519). Per-frame XChaCha20-Poly1305 is keyed off the MLS export-secret per epoch. The server forwards opaque packets it cannot decrypt.
• Stage rooms (voice rooms above 99 participants) are server-mediated rather than E2E to support moderation in large broadcast-style sessions. This is the same posture Discord takes for its Stage channels and is clearly distinguished in the UI from regular voice channels.

16. Changes to this policy

We may update this privacy policy from time to time. The current version is always available at /privacy/. The "Last updated" date at the top of this page indicates when the policy was last revised.