Kodex Messenger

Privacy Policy

Kodex Messenger — Encrypted Private Messaging

Compliant with Google Play Data Safety Requirements
Developer
William Bento
Contact Email
kodexmessenger@gmail.com
Effective Date
1 July 2026
Last Updated
1 July 2026

🛡️ 1. Overview & Our Privacy Commitment

Kodex Messenger is a privacy-first encrypted messaging application developed and maintained by William Bento, developer of Kodex Messenger. The core principle of Kodex Messenger is simple: your conversations belong to you and no one else.

No account. No phone number. No identity. Kodex Messenger requires nothing from you to start a conversation. Generate a temporary session code, share it with someone you trust, and connect. When the session ends, the data disappears.

This Privacy Policy explains what data is processed when you use Kodex Messenger, why it is processed, how long it is retained, and what rights you have over it. We have written this policy to be clear and honest — not to obscure what we do, but to be transparent about it.

📋 2. What Data We Collect

Kodex Messenger is designed to minimise data collection. The following is a complete and accurate account of all data that is processed when you use the app.

2.1 Session Data (Temporary)

DataPurposeWhere StoredRetention
Session code (randomly generated)Connect two or more usersFirebase (in transit only)Deleted when session ends or expires
Display name (chosen by user)Identify you to peers in a sessionFirebase presence nodeDeleted when session ends
Message contentDeliver messages between participantsFirebase (encrypted)Auto-deleted: 30 seconds (text), 24 hours (media)
Heartbeat timestampDetect online/offline presenceFirebaseDeleted when session ends

2.2 Device Data (Local Only)

DataPurposeWhere StoredRetention
Vault contents (photos, documents, PDFs)Encrypted local storage toolDevice only (IndexedDB)Until user deletes it
App preferences (theme, settings)Personalise the app experienceDevice only (localStorage)Until app is uninstalled
Recent session codesAllow quick re-use of codesDevice only (localStorage)Until user clears or app uninstalled
Free-tier usage counterEnforce daily free session limitDevice only (localStorage)Resets every 24 hours

2.3 Subscription Data

Subscription purchases (Private Secure, Group, Premium, Super Pack) are processed entirely by Google Play Billing. Kodex Messenger receives only a confirmation token indicating whether a subscription is active. We do not receive, store, or process your payment card details, billing address, or Google account information.

🚫 3. What We Do Not Collect

The following data is never collected, transmitted, or stored by Kodex Messenger at any point:

  • ✕ Phone number — no phone number is ever requested or required
  • ✕ Email address — no email is required to use the app
  • ✕ Real name or identity — display names are chosen freely and are pseudonymous
  • ✕ Location data — the app does not access GPS or location services
  • ✕ Contacts — the app does not access your device contact list
  • ✕ Device identifiers — no IMEI, advertising ID, or device fingerprint is collected
  • ✕ Usage analytics — no analytics SDK, crash reporter, or usage tracker is embedded
  • ✕ Advertising data — the app contains no advertisements and no ad tracking
  • ✕ Browsing history — the built-in KX Browser does not log or transmit browsing activity
  • ✕ Microphone/camera recordings — the camera is used only for barcode-style code scanning within a session; recordings are never stored remotely

⚙️ 4. How Your Data Is Used

Data processed by Kodex Messenger is used exclusively for the following purposes:

  • Connecting participants — session codes and presence data are used to establish encrypted connections between users who share a code
  • Delivering messages — message content is relayed through Firebase in real time and auto-deleted immediately after the configured retention period
  • Enforcing session limits — the free-tier usage counter is stored locally to enforce daily limits without any server-side tracking
  • Local tool functionality — the Vault, Calculator, Organiser, Budget Planner, and other built-in tools operate entirely on your device
  • AI message assistance — when you use RAMIDAI's card message suggestion feature, your request is sent to the AI service described in Section 6

We do not use your data for advertising, profiling, or sale to third parties. Ever.

🔥 5. Firebase — Third Party Data Processor

Kodex Messenger uses Google Firebase Realtime Database as its real-time messaging infrastructure. Firebase is a service provided by Google LLC.

What Firebase receives

  • Session codes (temporary, randomly generated identifiers)
  • Display names chosen by users for the duration of a session
  • Message content in transit (encrypted at the application level)
  • Presence heartbeat timestamps (to detect online/offline status)
  • Join request data (handshake protocol for group sessions)

What Firebase does not receive

  • Real identity, phone numbers, or email addresses
  • Vault contents (stored locally on device, never sent to Firebase)
  • Payment or subscription details

Data residency: Firebase data is processed on Google's servers. By using Kodex Messenger, you acknowledge that your session data (as described above) is processed by Google Firebase in accordance with Google's Firebase Privacy Policy. All session data is automatically deleted when a session expires or ends.

Firebase Authentication

Kodex Messenger does not use Firebase Authentication. No Firebase user accounts are created. Session participation is anonymous and code-based.

🤖 6. RAMIDAI — AI Assistant & DeepSeek API

⛰️ About RAMIDAI

RAMIDAI (the Pyramid of Knowledge) is Kodex Messenger's built-in educational AI assistant. It is designed to help users learn, answer questions, and assist with card message suggestions. RAMIDAI is an educational tool — it is not a general-purpose chatbot and does not store conversation history between sessions.

6.1 What RAMIDAI Does

  • Answers educational questions across subjects including mathematics, coding, science, and general knowledge
  • Provides adaptive learning assistance tailored to the user's profile
  • Generates greeting card message suggestions when requested by the user
  • Provides induction and onboarding guidance for new Kodex Messenger users

6.2 DeepSeek API

RAMIDAI's AI responses are powered by the DeepSeek API, a large language model service provided by DeepSeek. When you send a message to RAMIDAI, the following occurs:

  • Your typed message or prompt is transmitted to DeepSeek's API servers to generate a response
  • The response is returned to your device and displayed within the app
  • Kodex Messenger does not store or log your RAMIDAI conversations on any Kodex server

Third-party AI disclosure: Prompts sent to RAMIDAI are processed by DeepSeek in accordance with DeepSeek's Privacy Policy. Do not share sensitive personal information, passwords, or confidential data with RAMIDAI. RAMIDAI is an educational assistant and is not a substitute for professional advice.

6.3 Greeting Card Message Generation — Anthropic API

When a user taps "Suggest Message" inside the Greeting Cards feature, a short prompt (containing only the occasion type and recipient name) is sent to Anthropic's API to generate a warm greeting card message. This is the only feature that calls Anthropic's servers. Anthropic does not receive any chat messages, Vault data, or personal identity information. See Anthropic's Privacy Policy for how they handle API requests.

6.4 What RAMIDAI Does Not Collect

  • RAMIDAI does not collect, store, or share personal data on behalf of Kodex
  • No conversation history is retained after a session ends
  • No user profile data is sent to DeepSeek
  • Greeting card message suggestions are generated locally using a built-in message library; the DeepSeek API is only called when the user explicitly taps "Suggest Message"

6.5 RAMIDAI Subscription

Access to RAMIDAI is available on a subscription basis. Subscription status is verified locally via Google Play Billing. No subscription account data is transmitted to DeepSeek or any Kodex server.

🔐 7. Kodex Vault — Local Encrypted Storage

Kodex Vault is a built-in encrypted file storage tool. All Vault data is stored exclusively on your device using the browser's IndexedDB storage mechanism with application-level encryption.

  • Vault contents never leave your device. Photos, videos, audio files, PDFs and documents stored in the Vault are not uploaded to any server, including Firebase.
  • Vault data is protected by a user-set password. Kodex Messenger does not have access to your Vault password or its contents.
  • If the app is uninstalled, Vault data is deleted from the device permanently and cannot be recovered by Kodex.

No cloud backup: Kodex Vault is intentionally local-only. There is no cloud sync, no backup to Kodex servers, and no way for anyone other than you to access your Vault contents.

💬 8. Messaging & Session Data

8.1 Auto-Deletion

All message data in Kodex Messenger is subject to automatic deletion:

Content TypeAuto-Delete After
Text messages30 seconds
Voice messages50 seconds
Images, videos, audio files24 hours
Entire session (code, presence, messages)When session expires or all participants disconnect

8.2 No Message Logs

Kodex Messenger does not log, archive, or retain copies of any messages sent through the app. Once auto-deleted from Firebase, messages cannot be recovered by anyone, including the developer.

8.3 Encryption

Media files (images, video, audio) sent through Kodex Messenger are obfuscated at the application level before being written to Firebase. Session codes are cryptographically encoded and include expiry timestamps and capacity limits.

8.4 Group Sessions

In group sessions (up to 50 participants), the same data minimisation principles apply. Participants are identified only by the display name they choose for that session. No persistent user accounts are created.

🤝 9. Data Sharing & Third Parties

Kodex Messenger shares data with the following third parties only, and only to the extent necessary for the app to function:

Third PartyPurposeData SharedPolicy
Google FirebaseReal-time messaging infrastructureSession codes, display names, messages in transit, heartbeat dataFirebase Privacy
DeepSeekRAMIDAI AI responsesUser prompts sent to RAMIDAI onlyDeepSeek Privacy
AnthropicGreeting card message generation (when user taps "Suggest Message")Card occasion and recipient name onlyAnthropic Privacy
Google Play BillingSubscription processingPurchase confirmation token onlyGoogle Privacy

We do not sell, rent, trade, or otherwise share your data with any other third party for any purpose. No advertising networks, analytics platforms, or data brokers receive any data from Kodex Messenger.

⏱️ 10. Data Retention & Auto-Deletion

Our data retention philosophy is: keep nothing longer than necessary.

DataRetention PeriodWho Deletes It
Text messages30 seconds after deliveryAutomatic (Firebase)
Media messages24 hours after deliveryAutomatic (Firebase)
Session presence dataDeleted on disconnectFirebase onDisconnect handler
Session code and metadataOn session expiry (6h free / 24h paid)Automatic (Firebase)
Join requests (handshake data)Deleted with sessionAutomatic (Firebase)
Vault dataUntil user deletes itUser-controlled
Local preferencesUntil app uninstalledUser / OS
RAMIDAI conversationsNot retained — session onlyN/A

🔒 11. Security Measures

Kodex Messenger implements the following security measures to protect your data:

  • No persistent identity: the absence of accounts, phone numbers, and email addresses means there is no identity database that can be breached
  • Application-level media obfuscation: media files are obfuscated before storage in Firebase, adding an additional layer of protection beyond Firebase's own security
  • Cryptographic session codes: codes are generated with embedded expiry timestamps and capacity controls, making them non-reusable after expiry
  • Local-only Vault encryption: Vault data never leaves the device and is encrypted with a user-set key
  • Automatic deletion: the shortest possible data retention periods minimise exposure in the event of any infrastructure issue
  • Firebase security rules: Firebase Realtime Database security rules restrict read/write access to valid, unexpired session paths only

While we take security seriously, no system is completely invulnerable. We encourage users to treat session codes as private — do not share your code with anyone you do not intend to chat with.

👶 12. Children's Privacy

Kodex Messenger is not directed at children under the age of 18 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 18.

The RAMIDAI educational AI assistant within Kodex Messenger is designed to be safe, educational, and appropriate for general audiences. However, parents and guardians are advised to supervise their children's use of any messaging application, including Kodex Messenger.

If you believe a child under 18 has used Kodex Messenger in a way that has resulted in data being submitted, please contact us at kodexmessenger@gmail.com and we will take appropriate steps.

⚖️ 13. Your Rights

Because Kodex Messenger collects minimal personal data and most data is auto-deleted within seconds or hours, many traditional data rights are satisfied by the design of the app itself. However, you have the following rights:

  • Right to access: you can view all data stored locally on your device at any time (Vault contents, preferences, recent codes)
  • Right to deletion: you can delete your Vault contents, clear local preferences, and clear recent codes from within the app at any time. Session data on Firebase is auto-deleted — there is no persistent data to request deletion of after a session ends.
  • Right to portability: local data (Vault files, exported spreadsheets, PDFs) can be downloaded directly from within the app
  • Right to object: because we do not use your data for advertising or profiling, there is nothing of this nature to object to
  • Right to complain: if you believe your privacy rights have been violated, you may contact us at kodexmessenger@gmail.com or file a complaint with the relevant data protection authority in your jurisdiction

Residents of the European Economic Area (EEA), United Kingdom, California (CCPA), and other jurisdictions with specific privacy legislation may have additional rights. Please contact us if you wish to exercise any such right.

📝 14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the app, applicable law, or our data practices. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify users through an in-app notice where practicable
  • Post the updated policy at the same URL where this policy is hosted

Continued use of Kodex Messenger after a policy update constitutes acceptance of the revised policy. If you do not agree with the updated policy, please discontinue use of the app.

📬 15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how Kodex Messenger handles your data, please contact:

DetailInformation
DeveloperWilliam Bento
Emailkodexmessenger@gmail.com
Response TimeWe aim to respond to all privacy enquiries within 5 business days

We take privacy seriously and will do our best to address your concern promptly and transparently.