Privacy Policy

XCipher - Encrypted · Silent · Sent. How your data is protected.

Effective date: 24 May 2026  ·  Version: 1.0.0  ·  Publisher: Hasnain Butt Akhtar

1. Overview

XCipher is a privacy-first, end-to-end encrypted messaging app for Android, iOS, web, and desktop.

Your messages and files are encrypted on your device. Their plaintext is never sent to, seen by, or stored by Hasnain Studio X.

We do not sell, share, or monetize user data.

2. Data We Do NOT Collect

XCipher does not collect or send the following to the developer:

Identity Data

No account, email, or phone number is required. We do not collect your identity.

Message & File Content

The plaintext of your messages and files is never readable by us - it is end-to-end encrypted.

Telemetry

No analytics, ad tracking, or third-party telemetry SDKs are used.

Contacts & Location

No device contacts, location, or advertising identifiers are collected.

3. End-to-End Encryption

Messages and files are encrypted on your device using X25519 key agreement and AES-256-GCM. Encryption keys are generated on your device and never leave it. Only the intended recipient can decrypt your messages.

4. The Relay (How Messages Travel)

To deliver messages between devices in different locations, XCipher forwards encrypted data through a relay service. The relay is "zero-knowledge": it only ever stores and forwards ciphertext routed by public key. It cannot read your messages, your files, or your keys.

Encrypted message envelopes are deleted from the relay once they are delivered.

5. Data Stored Locally

Conversation History

Your messages and contacts are stored only on your device and can be erased anytime in Settings.

Identity Keys

Your private key is held in the platform secure enclave (Android Keystore / iOS Keychain).

Pro / License State

A local flag stores your Pro entitlement so it works offline.

6. App Permissions

Internet

To relay encrypted messages and files.

Camera

Only to scan a contact's QR code for key exchange.

Biometrics

Optional, only to lock and unlock the app.

Notifications

To alert you to new messages.

7. Purchases (XCipher Pro)

XCipher offers an optional Pro upgrade through Google Play Billing. Payment and transaction processing are handled by Google under Google policies.

Purchase validation is performed via a secure server function and does not involve your messages or contacts. XCipher does not process or store payment card details.

8. Children's Privacy

XCipher is intended for general users and is not directed to children under 13.

9. Policy Changes

If this policy changes, we will update the effective date and version on this page.

10. Contact & Copyright

For privacy questions, contact:
Hasnain Butt Akhtar
Hasnain@outlook.at
https://www.hasnainstudiox.com

XCipher, its source code, design, brand identity, and all associated assets are protected by copyright. Reverse-engineering, repackaging, decompiling, modifying signed builds, or redistributing the APK / AAB without written authorisation is strictly prohibited. Only builds published to Google Play under "Hasnain Butt Akhtar / Hasnain Studio X" are genuine.

© 2026 Hasnain Butt Akhtar. All rights reserved. · XCipher