top of page

Cord

Cord Privacy Policy
Last Updated: April 2026

​

Summary

Cord is a private-by-design messenger that does not require phone numbers, email addresses, or contact uploads. Messages and media are end-to-end encrypted so Cord’s servers cannot read message contents. To deliver messages, Cord processes limited delivery metadata such as random device identifiers and push tokens.

​

1) What Cord Collects

Cord collects only what is needed to operate the service:

  • Encrypted message/media envelopes: Ciphertext only (end-to-end encrypted). Cord cannot decrypt message contents.

  • Delivery metadata:

    • Device identifiers: Random identifiers generated by the app for delivery/routing.

    • Cord identifiers: Cord IDs/codes are used for join and routing flows; server records may use hashed representations where appropriate.

    • Push notification tokens: Tokens required to deliver notifications via Apple/Google infrastructure.

  • Optional profile metadata you choose to share in a cord: Alias/display name and profile avatar (used for participant display).

  • Security and operational logs: Minimal logs needed to keep the service reliable and mitigate abuse (for example, device registration and token update events).​

Cord does not collect as account requirements:

  • Phone numbers, contact lists, or address book data

  • Email or username-based accounts

  • Location data

  • Hardware identifiers such as IMEI, MAC address, or advertising ID

  • Third-party advertising/behavioral analytics SDK telemetry

 

2) How Cord Uses Data

  • Message delivery: Temporarily store and deliver encrypted envelopes to intended recipient devices.

  • Multi-device support: Maintain device registrations so multiple devices can participate in the same cord.

  • Push notifications: Register push tokens and send generic/content-minimized new-activity notifications.

  • Security and reliability: Use minimal operational logs and metadata to protect service integrity.

  • Cord does not read message content, sell personal data, or use message data for advertising.

 

3) End-to-End Encryption

  • Messages are encrypted on sender devices before transmission and decrypted only on recipient devices.

  • Media is encrypted client-side before upload/storage.

  • Keys and sessions are generated on-device and stored using OS-backed secure storage. Cord does not receive your private keys.

 

4) Metadata Minimization

Cord minimizes metadata, but some metadata is necessary for delivery:

  • Servers process encrypted envelopes plus routing metadata (for example, destination device identifier and envelope identifiers).

  • Push providers process token/delivery metadata needed to route notifications.

  • Cord does not require phone numbers or emails to function.

 

5) Third Parties / Infrastructure

Cord uses infrastructure providers to host and deliver the service:

  • Supabase (database, storage, realtime, edge functions): Stores encrypted envelopes/media blobs and required delivery metadata under Cord’s instructions.

  • Firebase Cloud Messaging (FCM) / Apple Push Notification service (APNs): Used to deliver push notifications and related delivery metadata.

  • Cord does not integrate third-party advertising SDKs or cross-app tracking SDKs for behavioral profiling.

 

6) Data Retention

Retention is designed to be limited:

  • Encrypted envelopes/media (server-side): Retained for delivery and service operation, then deleted according to backend retention rules.

  • Delivery metadata: Retained only as needed for routing, device management, and reliability.

  • Operational/security logs: Kept for limited periods appropriate to security and reliability needs.

  • On-device history: Controlled by in-app retention settings and local deletion tools.

 

7) Your Controls

  • Manage cord participation and remove cord data from your device using in-app controls.

  • Configure local message retention behavior in-app.

  • Remove app data by uninstalling the app (platform behavior).

  • Because Cord does not require personal accounts, Cord generally cannot identify you unless you voluntarily provide contact details (for example, support email).

 

8) Children’s Privacy

Cord is not intended for children under 13, and we do not knowingly collect personal information from children.

 

9) Changes

We may update this policy as features change. We will update the “Last Updated” date and provide notice for material changes when appropriate.

 

10) Contact

For privacy inquiries: cordmessaging[a]protonmail.ch

bottom of page