Privacy Policy

Last updated: 2026-03-21

Nema is built to minimize retained data. Private-space message content is end-to-end encrypted, relayed in real time, and not stored on our servers. Nema does not provide server-side message history or offline delivery queues.

What we store

• Account data: username and a password hash. We never store your plaintext password.
• Authentication state: use an essential signed authentication token (JWT) in a cookie to keep you logged in. We also store a per-account token version so we can invalidate sessions after logout, device change , or security events.
• E2EE public key (optional): your public key (public only) and last-updated timestamp for identity binding in private spaces. We do not store private keys on our servers. Private keys remain on your device/browser.
• Subscription status (if enabled): whether your plan is free/paid.
• Anti-abuse/rate-limit windows (rolling): store limited rolling-window data needed to protect the service and enforce limits, such as rate-limit counters, quota counters, rolling-window timing, and distinct recipient usernames contacted within the relevant enforcement window. This is not message content and not conversation history.
• Transient private-space/session metadata: while a private space is pending or active, we process temporary in-memory operational state such as participant identifiers, session state, verification state, expiry timers, and public-key fingerprints used for safety-number comparison. This is operational session data, not message history.

What we do NOT store

• Message bodies in plaintext
• Decrypted message content
• Conversation history, transcripts
• Message tables or server-side message archives
• Offline inbox
• Queued messages, or delivery retry logs.
• Contacts/address book uploads.
• Advertising identifiers
• Third-party analytics tracking or ad-tracking cookies

Why we process data (purposes) and legal basis

• Provide the service This includes account creation, login, session security, authentication, private-space operation, and E2EE public-key publishing. Legal basis: contract necessity.
• Protect the service This includes abuse prevention, rate limiting, quota enforcement, and security monitoring. Legal basis: legitimate interests.
• Compliance Where required by applicable law.

Retention

• Account data: retained while your account exists.
• Authentication/session records tied to account security: retained as needed to operate logout, token invalidation, and session protection.
• E2EE public key: retained while your account exists (or until you rotate it).
• Subscription status: retained while relevant to your account and billing state.
• Anti-abuse windows: retained only for the rolling window needed to enforce limits, then naturally becomes irrelevant and can be cleaned up.
• Transient private-space/session metadata: retained only while the relevant private space is pending or active, then removed from active memory/state.
• Messages: not retained server-side.

Cookies

We use an essential authentication cookie to keep you logged in. In secure HTTPS deployments this may use a `__Host-` cookie name, for example `__Host-nema_token`. In non-HTTPS development or fallback scenarios, a non-`__Host` cookie name may be used. We do not use advertising or tracking cookies.

Security

We use TLS, strict security headers, and abuse controls (rate limiting). No system is perfectly secure. If you believe you found a security issue, contact nemateam@proton.me.

Your rights

Depending on your location (including the EU), you may have rights to access, correct, delete, or restrict processing of your data. To make a request, email nemateam@proton.me.

If you are in Romania/EU, you may also lodge a complaint with your local supervisory authority.

Changes

If we change this policy, we will update the “Last updated” date above.

Data Controller

Nema
Location: Bucharest, Romania

Nema nemateam@proton.me