Privacy Policy

Last updated: April 16, 2026

The short version

QEV does not collect, store, transmit, or process your personal data. We cannot read your vaults. There is no account, no analytics, no tracking, no cookies, and no server-side storage of your content.

What QEV does

QEV encrypts messages on your device using a phrase you choose. The encrypted output (a .vault.json file) never leaves your device unless you explicitly send it somewhere. The phrase never leaves your head (or your keyboard, briefly).

What we collect

Nothing.

• No account creation — there are no usernames, passwords, or email addresses.
• No analytics — no Google Analytics, no Mixpanel, no Plausible, no server-side log analysis of page views.
• No cookies — the site sets zero cookies. The access-gate code is stored in localStorage on your browser only.
• No telemetry — the desktop, Android, and CLI apps make zero network calls after installation. The web vault at /vault runs under Content-Security-Policy: connect-src 'none', which means the browser itself refuses to let the page call anywhere.
• No crash reporting — if the app crashes, the crash stays on your machine. We never see it.

The relay server

QEV's Phase 3 relay at secure.imagineqira.com:7892 is a store-and-forward courier. When you send a vault to a paired peer via the relay, the server sees:

• The recipient's static public key (used as a routing address)
• The sender's static public key (learned during the Noise XK handshake)
• The opaque encrypted envelope (ciphertext — we cannot read it)
• A timestamp and the envelope's size

The server does NOT see: your name, device label, IP address (beyond what TCP requires), message content, vault phrase, or any metadata inside the envelope.

Envelopes are deleted from the relay after the recipient fetches them (or after 30 days if never fetched).

Third parties

QEV has no third-party dependencies that process your data:

• No ad networks
• No analytics providers
• No CDN (all assets served directly from our server)
• No payment processor (the software is free)

The npm package (@bryan237l/qev-cli) is distributed via npmjs.com. npm's own privacy policy applies to the download transaction, but the CLI itself makes zero network calls.

Open source

The source code is available at github.com/TheArtOfSound/qev-desktop. You can audit every claim on this page by reading the code.

Children

QEV is not directed at children under 13. We do not knowingly collect data from anyone, including children.

Changes

If this policy ever changes, the update will be committed to the repository with a clear diff. The Last updated date at the top of this page will reflect the change.

Contact

Questions about this policy: bryanleonard@imagineqira.com