Kodex Messenger — Encrypted Private Messaging
Kodex Messenger is a privacy-first encrypted messaging application developed and maintained by William Bento, developer of Kodex Messenger. The core principle of Kodex Messenger is simple: your conversations belong to you and no one else.
No account. No phone number. No identity. Kodex Messenger requires nothing from you to start a conversation. Generate a temporary session code, share it with someone you trust, and connect. When the session ends, the data disappears.
This Privacy Policy explains what data is processed when you use Kodex Messenger, why it is processed, how long it is retained, and what rights you have over it. We have written this policy to be clear and honest — not to obscure what we do, but to be transparent about it.
Kodex Messenger is designed to minimise data collection. The following is a complete and accurate account of all data that is processed when you use the app.
| Data | Purpose | Where Stored | Retention |
|---|---|---|---|
| Session code (randomly generated) | Connect two or more users | Firebase (in transit only) | Deleted when session ends or expires |
| Display name (chosen by user) | Identify you to peers in a session | Firebase presence node | Deleted when session ends |
| Message content | Deliver messages between participants | Firebase (encrypted) | Auto-deleted: 30 seconds (text), 24 hours (media) |
| Heartbeat timestamp | Detect online/offline presence | Firebase | Deleted when session ends |
| Data | Purpose | Where Stored | Retention |
|---|---|---|---|
| Vault contents (photos, documents, PDFs) | Encrypted local storage tool | Device only (IndexedDB) | Until user deletes it |
| App preferences (theme, settings) | Personalise the app experience | Device only (localStorage) | Until app is uninstalled |
| Recent session codes | Allow quick re-use of codes | Device only (localStorage) | Until user clears or app uninstalled |
| Free-tier usage counter | Enforce daily free session limit | Device only (localStorage) | Resets every 24 hours |
Subscription purchases (Private Secure, Group, Premium, Super Pack) are processed entirely by Google Play Billing. Kodex Messenger receives only a confirmation token indicating whether a subscription is active. We do not receive, store, or process your payment card details, billing address, or Google account information.
The following data is never collected, transmitted, or stored by Kodex Messenger at any point:
Data processed by Kodex Messenger is used exclusively for the following purposes:
We do not use your data for advertising, profiling, or sale to third parties. Ever.
Kodex Messenger uses Google Firebase Realtime Database as its real-time messaging infrastructure. Firebase is a service provided by Google LLC.
Data residency: Firebase data is processed on Google's servers. By using Kodex Messenger, you acknowledge that your session data (as described above) is processed by Google Firebase in accordance with Google's Firebase Privacy Policy. All session data is automatically deleted when a session expires or ends.
Kodex Messenger does not use Firebase Authentication. No Firebase user accounts are created. Session participation is anonymous and code-based.
RAMIDAI (the Pyramid of Knowledge) is Kodex Messenger's built-in educational AI assistant. It is designed to help users learn, answer questions, and assist with card message suggestions. RAMIDAI is an educational tool — it is not a general-purpose chatbot and does not store conversation history between sessions.
RAMIDAI's AI responses are powered by the DeepSeek API, a large language model service provided by DeepSeek. When you send a message to RAMIDAI, the following occurs:
Third-party AI disclosure: Prompts sent to RAMIDAI are processed by DeepSeek in accordance with DeepSeek's Privacy Policy. Do not share sensitive personal information, passwords, or confidential data with RAMIDAI. RAMIDAI is an educational assistant and is not a substitute for professional advice.
When a user taps "Suggest Message" inside the Greeting Cards feature, a short prompt (containing only the occasion type and recipient name) is sent to Anthropic's API to generate a warm greeting card message. This is the only feature that calls Anthropic's servers. Anthropic does not receive any chat messages, Vault data, or personal identity information. See Anthropic's Privacy Policy for how they handle API requests.
Access to RAMIDAI is available on a subscription basis. Subscription status is verified locally via Google Play Billing. No subscription account data is transmitted to DeepSeek or any Kodex server.
Kodex Vault is a built-in encrypted file storage tool. All Vault data is stored exclusively on your device using the browser's IndexedDB storage mechanism with application-level encryption.
No cloud backup: Kodex Vault is intentionally local-only. There is no cloud sync, no backup to Kodex servers, and no way for anyone other than you to access your Vault contents.
All message data in Kodex Messenger is subject to automatic deletion:
| Content Type | Auto-Delete After |
|---|---|
| Text messages | 30 seconds |
| Voice messages | 50 seconds |
| Images, videos, audio files | 24 hours |
| Entire session (code, presence, messages) | When session expires or all participants disconnect |
Kodex Messenger does not log, archive, or retain copies of any messages sent through the app. Once auto-deleted from Firebase, messages cannot be recovered by anyone, including the developer.
Media files (images, video, audio) sent through Kodex Messenger are obfuscated at the application level before being written to Firebase. Session codes are cryptographically encoded and include expiry timestamps and capacity limits.
In group sessions (up to 50 participants), the same data minimisation principles apply. Participants are identified only by the display name they choose for that session. No persistent user accounts are created.
Kodex Messenger shares data with the following third parties only, and only to the extent necessary for the app to function:
| Third Party | Purpose | Data Shared | Policy |
|---|---|---|---|
| Google Firebase | Real-time messaging infrastructure | Session codes, display names, messages in transit, heartbeat data | Firebase Privacy |
| DeepSeek | RAMIDAI AI responses | User prompts sent to RAMIDAI only | DeepSeek Privacy |
| Anthropic | Greeting card message generation (when user taps "Suggest Message") | Card occasion and recipient name only | Anthropic Privacy |
| Google Play Billing | Subscription processing | Purchase confirmation token only | Google Privacy |
We do not sell, rent, trade, or otherwise share your data with any other third party for any purpose. No advertising networks, analytics platforms, or data brokers receive any data from Kodex Messenger.
Our data retention philosophy is: keep nothing longer than necessary.
| Data | Retention Period | Who Deletes It |
|---|---|---|
| Text messages | 30 seconds after delivery | Automatic (Firebase) |
| Media messages | 24 hours after delivery | Automatic (Firebase) |
| Session presence data | Deleted on disconnect | Firebase onDisconnect handler |
| Session code and metadata | On session expiry (6h free / 24h paid) | Automatic (Firebase) |
| Join requests (handshake data) | Deleted with session | Automatic (Firebase) |
| Vault data | Until user deletes it | User-controlled |
| Local preferences | Until app uninstalled | User / OS |
| RAMIDAI conversations | Not retained — session only | N/A |
Kodex Messenger implements the following security measures to protect your data:
While we take security seriously, no system is completely invulnerable. We encourage users to treat session codes as private — do not share your code with anyone you do not intend to chat with.
Kodex Messenger is not directed at children under the age of 18 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 18.
The RAMIDAI educational AI assistant within Kodex Messenger is designed to be safe, educational, and appropriate for general audiences. However, parents and guardians are advised to supervise their children's use of any messaging application, including Kodex Messenger.
If you believe a child under 18 has used Kodex Messenger in a way that has resulted in data being submitted, please contact us at kodexmessenger@gmail.com and we will take appropriate steps.
Because Kodex Messenger collects minimal personal data and most data is auto-deleted within seconds or hours, many traditional data rights are satisfied by the design of the app itself. However, you have the following rights:
Residents of the European Economic Area (EEA), United Kingdom, California (CCPA), and other jurisdictions with specific privacy legislation may have additional rights. Please contact us if you wish to exercise any such right.
We may update this Privacy Policy from time to time to reflect changes in the app, applicable law, or our data practices. When we make material changes, we will:
Continued use of Kodex Messenger after a policy update constitutes acceptance of the revised policy. If you do not agree with the updated policy, please discontinue use of the app.
If you have questions, concerns, or requests regarding this Privacy Policy or how Kodex Messenger handles your data, please contact:
| Detail | Information |
|---|---|
| Developer | William Bento |
| kodexmessenger@gmail.com | |
| Response Time | We aim to respond to all privacy enquiries within 5 business days |
We take privacy seriously and will do our best to address your concern promptly and transparently.
Kodex Messenger Privacy Policy — Effective 1 July 2026
© 2026 Kodex Messenger · William Bento · kodexmessenger@gmail.com
This policy is compliant with Google Play Data Safety requirements, GDPR (EU), UK GDPR, and CCPA (California).