Privacy Policy
Last updated: 30 June 2026
In short: QuantumChat is built to be zero-knowledge. Your calls, messages, files, and vault content are end-to-end encrypted on your device. Our servers broker connections and store only opaque, encrypted data — they never hold your encryption keys and cannot read your content.
1. Who we are
QuantumChat is a secure communication product operated by MN Nutra LLC ("we", "us"). This policy explains what information the service processes and how it is protected. For questions, contact support@quantumchat.cloud.
2. Information we process
- Account & authentication. When you sign in, an authentication provider (Firebase Authentication) processes your email address and a credential to establish your identity and issue a session token.
- Connection metadata. To connect a call or deliver a message, the service processes transient routing data (e.g., a room identifier, your user ID, network candidates, and timestamps).
- Encrypted payloads. Offline messages, file chunks, and synced vault items are stored only as ciphertext we cannot decrypt, alongside minimal envelope metadata needed for delivery and quota enforcement.
- Operational logs. We keep limited, privacy-scrubbed operational logs (e.g., error and audit events) to keep the service secure and reliable. These are designed to exclude message, media, and file content.
3. What we never see
Because encryption and decryption happen on your device, we do not have access to: the content of your calls or video, your messages, your transferred files, your vault contents, or your private encryption keys. Real-time media travels peer-to-peer where possible and is never readable by our servers.
4. How information is used
- To authenticate you and establish secure sessions.
- To broker connections and deliver encrypted payloads to the intended recipient.
- To maintain security, prevent abuse, and operate the service reliably.
- To comply with legal obligations.
We do not sell your data, and we do not use your communications for advertising.
5. Retention
Encrypted offline payloads are retained only until delivered or until a time-to-live expires, then removed. Disappearing-message timers, where enabled, further limit how long content persists. Operational logs are retained for a limited period for security and reliability.
6. Your rights
Depending on your jurisdiction — including the EU GDPR and U.S. state privacy laws such as California's CCPA/CPRA — you may have rights to access, correct, delete, or restrict processing of your personal data. In the United States there is no single federal privacy statute, so these rights vary by state; we honor the requirements applicable to your state. To exercise these rights, contact support@quantumchat.cloud. Because content is end-to-end encrypted, deleting your account removes the encrypted data and metadata associated with it; content already delivered to other participants' devices is outside our control.
7. Healthcare use
QuantumChat is a general-purpose secure communications product; healthcare is one of several regulated contexts it supports. Its HIPAA-aligned, zero-knowledge architecture is suited to clinical use, and where QuantumChat is deployed by a healthcare organization, that organization is the controller of clinical data and additional agreements (such as a Business Associate Agreement) may govern processing.
8. Sub-processors & infrastructure
We rely on reputable cloud infrastructure (including Google Cloud and Firebase) to host the zero-knowledge relay, authentication, and encrypted storage. These providers process data on our behalf under their respective security and privacy commitments.
9. Changes
We may update this policy as the product evolves. Material changes will be reflected by the "Last updated" date above.
10. Contact
MN Nutra LLC — support@quantumchat.cloud
