Privacy is the product, not a setting.

We collect the minimum required to grant you access and keep your circle secure: your verified email, the name you choose to display, and the cryptographic public keys your devices generate locally. Nothing else is required to use Haven.

Optional information — a profile photo, a short bio, a phone number for recovery — is provided at your discretion and can be removed at any time from your account settings.

The contents of your messages, calls, files, and shared notes are end-to-end encrypted on your device before they ever reach our infrastructure. We hold ciphertext. Without your private keys — which never leave your devices — that ciphertext is meaningless.

We do not read, scan, train on, or sell your conversations. There is no advertising model on Haven, and there will never be one.

A small amount of metadata is unavoidable to deliver a message: which account sent it, which account should receive it, and a timestamp. We minimise retention of this data, rotate identifiers where possible, and never correlate it with third-party services.

You may export, correct, or permanently delete your account and all associated data at any time. Deletion is irreversible and propagates across our backups within thirty days.

If you are located in the EU, UK, or California, you retain all rights granted under GDPR, UK GDPR, and CCPA respectively. Reach our team at privacy@haven.app.

When this policy changes materially, we notify every member inside the app at least fourteen days before the change takes effect — never quietly, never buried in a footer.