Privacy Policy
Effective: February 25, 2026 · Last updated: February 25, 2026
Texrr stores three things about you on our server: your email address, your username, and your public key.
Your messages, encryption keys, private keys, hash chains, Merkle proofs, vault data, and backups never touch our server. They exist only on your device.
Messages are sent device-to-device via WebRTC peer-to-peer connections. We do not relay, store, cache, or log message content.
There is no user search or directory. To connect with someone, you must exchange QR codes directly.
1. Who we are
Texrr is operated by 132 Engineering. For privacy inquiries, contact us at texrr@132eng.com.
2. What we collect
When you create a Texrr account, our server stores the following:
| Data | Purpose | Stored where |
|---|---|---|
| Email address | Authentication | Server (Supabase) |
| Username | Display identity | Server (Supabase) |
| Public key | Encryption key exchange | Server (Supabase) |
This data is stored in two database tables with Row Level Security. No message table exists on our infrastructure. There is no user search or directory — you cannot look up other users on our server.
3. What we do not collect
The following data never leaves your device and is never transmitted to, stored on, cached by, or accessible to Texrr or any third party:
4. How messaging works
Each Texrr message is an individual encrypted payload. Messages are not stored in persistent conversation threads. You compose a new message each time you communicate — to one person or multiple people simultaneously.
Messages are encrypted on your device using AES-256 encryption via a locally-running binary. The encrypted message is transmitted directly to the recipient's device via WebRTC peer-to-peer data channels. If a recipient is offline, the message is queued on your device and delivered when they come online.
For multi-recipient messages, a separate encrypted copy is created and sent to each recipient individually via their own peer-to-peer connection.
Our server facilitates WebRTC signaling (helping devices find each other) and presence detection (online/offline status). Signaling data is ephemeral and not logged.
5. Contact exchange
There is no user search, user directory, or contact discovery in Texrr. You cannot find other users by searching usernames, email addresses, or phone numbers. No such lookup exists.
To communicate with someone, you must scan their QR code or they must scan yours. The QR code contains your username, public key, and user identifier — the minimum information needed to establish an encrypted connection.
This means both parties must intentionally share access. No one can message you unless you have physically or directly shared your QR code with them.
6. Hash chain verification
Every message is added to a cryptographic hash chain stored locally on your device. Every 10 messages, a Merkle proof genesis block is created. Every 50 messages, an automated verification checks the integrity of your message history. This process runs entirely on your device. Verification data never leaves your device.
7. Payment data
Texrr subscriptions ($4.99/year or $29.99 lifetime) are processed entirely by Apple (App Store) or Google (Google Play). Texrr does not collect, process, or store any payment information, credit card numbers, or billing details. Refer to Apple's Privacy Policy or Google's Privacy Policy for payment data handling.
8. No data recovery
Texrr has no mechanism to recover your messages, keys, hash chains, or any locally stored data. If you lose your device without a user-managed backup, your data is permanently lost. This is by design. It means we cannot be compelled to produce data we do not have.
9. Data sharing
We do not sell, rent, share, or disclose your personal data to any third party. The only third-party service involved is Supabase, which hosts authentication and stores your email, username, and public key. Supabase infrastructure can be self-hosted by enterprise or government users for complete data sovereignty.
10. Data retention and deletion
Your server-side data (email, username, public key) is retained as long as your account exists. You may delete your account at any time from within the app. Upon account deletion, all server-side data is permanently removed.
Local data on your device is managed entirely by you. Uninstalling the app or deleting the app's data removes all local information permanently.
11. Your rights
Regardless of your location, you have the right to: access the personal data we hold about you (email, username, public key), request correction of inaccurate data, request deletion of your account and all associated server-side data, and export your server-side data.
To exercise any of these rights, contact texrr@132eng.com.
12. Children's privacy
Texrr is intended for users aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe a person under 18 has created an account, contact us at texrr@132eng.com and we will delete the account immediately.
13. Analytics and tracking
Texrr does not use analytics services, tracking pixels, advertising SDKs, or any form of behavioral tracking. We do not track how you use the app. We do not build user profiles. We do not serve advertisements.
14. Changes to this policy
If we update this policy, we will post the revised version at this URL and update the "last updated" date above. Material changes will be communicated via in-app notification.
15. Contact
For any questions about this policy or your data, contact texrr@132eng.com.