Privacy Policy
Last updated: July 10, 2026
1. Introduction
Loqa, Inc. ("Loqa", "we", "our", or "us") operates the loqa.chat messaging platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
By using Loqa, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Username and display name
- Email address (encrypted in our primary account database with AES-256-GCM and indexed with a keyed HMAC; validation, delivery, retry infrastructure, and email providers necessarily process the address)
- Date of birth when provided for age verification; we use it to compute an age-verification result and do not retain the exact birth date in the primary user record
- A password hash, or passkey public-key and credential metadata, depending on how you sign in
- Optional profile information such as an avatar, banner, biography, status, and pronouns
- Account identifiers, server memberships, friendships, and other account relationships
2.2 Messages & Content
We process and store messages, files, images, voice notes, reactions, polls, and other content as needed to provide the service. Eligible conversation content is end-to-end encrypted when the in-product encryption status indicates that protection. For a correctly end-to-end encrypted payload, Loqa receives ciphertext rather than readable content.
Encryption coverage varies by conversation and content type. Some attachments, calls, server channels, bot or integration traffic, moderation records, and feature-generated content may be processed or stored in a form accessible to Loqa. Do not assume that an entire conversation or every feature within it is end-to-end encrypted unless the app expressly indicates that coverage.
2.3 Voice, Video & Screen Sharing
Voice, video, and screen sharing streams are transmitted in real time using WebRTC and LiveKit. The streams are encrypted in transit and are processed transiently by call infrastructure to connect participants. Loqa does not record call media by default. Call-control information, such as room and participant state, is processed to operate the feature, and participants or enabled integrations may independently capture content.
2.4 Usage Data
We collect minimal usage data necessary to operate the service:
- IP address for rate limiting and security; login sessions retain a keyed hash of the address rather than the raw address
- Browser or app user agent, coarse platform, and login-session timestamps
- Device and app identifiers used for multi-device encryption and push notifications, including push tokens when notifications are enabled
- Search terms and filters sent when you search messages, people, servers, shopping sources, or marketplace content; these are processed to return results and may appear in ordinary security or request logs
- Session cookies, local-storage settings, and authentication identifiers required to keep you signed in and remember preferences
- First-party encryption-health counters and gauges, plus session timing, used to detect reliability failures; these metrics exclude message content and user, peer, message, and channel identifiers
- Problem reports you choose to submit, plus an optional technical-diagnostics preview that you must explicitly include. The preview can contain recent coarse crash categories saved on your device, but excludes messages, files, account identifiers, URLs, other browser storage, encryption keys, tokens, and raw error text.
- A content-free per-account daily problem-report submission count, used only to enforce the 20-per-UTC-day abuse limit.
- Current app builds automatically send the current build identifier and a coarse categorical crash fingerprint when they encounter an uncaught error (crash kind, error family, symptom category, source area, route category, age bucket, and a repeat count capped at 20). Current builds do not send the raw error, stack, URL, message content, identifiers, browser storage, tokens, or encryption material. A cached pre-update build may still send its older raw crash envelope; the server reduces those values to the same coarse categories in memory and never logs or persists the raw fields.
We do not use third-party advertising trackers or behavioral-analytics SDKs. We do collect the limited first-party operational diagnostics described above.
2.5 Purchases & Subscriptions
If you buy a subscription or other paid feature on a supported surface, we and our payment processor process billing identifiers, transaction status, purchase history, and entitlement information. Payment details such as a full card number are collected directly by the payment processor and are not provided to Loqa when that processor hosts the payment form.
Community-store orders may include buyer contact details, shipping address, delivery notes, order items and status, tracking information, payment method, and transaction identifiers. Order contact and shipping details may be stored as ciphertext that the buyer and seller can decrypt. Transaction records may be retained for fulfillment, disputes, fraud prevention, accounting, or legal obligations.
3. How We Use Your Information
We use collected information solely to:
- Deliver, maintain, and improve the Loqa platform
- Authenticate your identity and secure your account
- Deliver messages and media to intended recipients
- Enforce our Terms of Service and prevent abuse
- Send notifications and service-related communications you request
- Process subscriptions, purchases, and entitlements on supported surfaces
- Monitor reliability, diagnose failures, and secure the service
- Respond to support requests
4. Data Sharing
We do not sell or rent your personal information, and we do not use it for targeted advertising. We disclose information only as needed in the following circumstances:
- Service providers — vendors that provide infrastructure hosting, storage, content delivery, real-time communications, email, push notifications, payment processing, support, and security services on our behalf
- At your direction — other users, communities, bots, integrations, or external services when you send content, join a call, or authorize an integration
- Legal compliance — if required by law, subpoena, or legal process
- Safety — to protect the rights, safety, or property of Loqa, our users, or the public
5. Data Retention
We generally retain account data and message history while your account is active. When you complete account deletion, Loqa deletes your account row and attributable associated data or, when shared resources, ownership, safety/accounting evidence, business records, a server retention lock, or a legal hold require records to remain, removes profile and credential details and disables the account while retaining only a pseudonymous deleted-user reference where necessary. Files in retained or recipient-held conversations may remain with those records. Some older file objects predate reliable uploader tracking; ambiguous objects are handled through orphan reconciliation and support-assisted rights requests rather than ownership guesses that could delete another person's file. Learn how to start the process on our account deletion page.
Messages with disappearing-message settings are removed after the configured timer unless a server retention lock applies. For server moderation, deletion of a server-channel message can create an encrypted content snapshot available to authorized moderators for up to 90 days. The snapshot is then purged; the audit record that a deletion occurred may remain.
We may also retain limited information for security, fraud prevention, dispute resolution, backup integrity, or legal and regulatory obligations. When retention is no longer necessary, we delete or anonymize the information according to our operational schedules.
Submitted problem reports expire after 90 days, or 30 days after they are resolved or dismissed, whichever is sooner. You can permanently delete a report immediately after submitting it. Reports are also included in your data export and deleted when you delete your account.
The content-free per-account submission count remains only through its UTC quota day and is deleted by the hourly cleanup after that day ends. It is included in your data export and removed immediately with account deletion.
The app keeps at most five categorical crash fingerprints on your device so you can review them in a problem-report preview; records older than 30 days are removed the next time the app runs, and you can clear them from the preview at any time. If you explicitly include the preview, those categories are copied into the submitted report and follow its retention period.
The automatically sent categorical server copy may remain in the API container's operational log until that container or log is removed; no fixed log-retention period is currently guaranteed. It is not independently copied into the durable problem-report queue.
6. Data Security
We implement industry-standard security measures including:
- TLS protection for data in transit between supported clients and Loqa services
- AES-256-GCM encryption for email addresses in the primary account database, with keyed HMAC indexes for lookups
- Argon2id hashing for passwords and OAuth2 client secrets
- SHA-256 hashing for webhook tokens and API secrets
- End-to-end encryption for eligible content where the app displays an end-to-end encryption status
- Rate limiting and abuse detection
- Email format and domain validation at registration to prevent abuse
- Planned security audits (SOC 2 in progress)
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and data
- Export core account data in a machine-readable format and request access to other personal-data categories
- Withdraw consent at any time
To exercise these rights, use the in-app controls, visit our account deletion page, or contact us at [email protected].
8. Children's Privacy
Loqa is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via the platform or email. Continued use of Loqa after changes constitutes acceptance of the updated policy.
10. International Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis for processing — We process your data based on: (a) your consent, (b) performance of our contract with you (these Terms), (c) our legitimate interests in operating and improving the Service, and (d) compliance with legal obligations.
- Data transfers — Your data may be transferred to and processed in the United States. Where required, we use an applicable transfer safeguard, which may include standard contractual clauses; the production mechanism and recipient roster remain subject to legal review.
- Right to lodge a complaint — You have the right to file a complaint with your local data protection supervisory authority.
- Data portability — You may request your data in a structured, commonly used, machine-readable format.
- Right to restrict processing — You may request that we limit how we use your data.
For full details on our Data Processing Agreement, Records of Processing Activities, breach notification procedure, and how to exercise your rights, see our GDPR Compliance page.
11. California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following additional rights:
- Right to know — You may request the categories and specific pieces of personal information we have collected about you.
- Right to delete — You may request deletion of your personal information, subject to certain exceptions.
- Right to opt-out — We do not sell personal information or share it for cross-context behavioral advertising. If this changes, we will provide opt-out mechanisms.
- Non-discrimination — We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, contact us at [email protected].
12. Contact Us
If you have questions about this Privacy Policy, contact us at:
- Email: [email protected]