Privacy Policy
Last updated: May 24, 2026
1. Our Core Privacy Philosophy
EmaChat is an intimate, ephemeral communication space designed exclusively for two people. Unlike conventional messaging applications, our architectural foundation is built around zero data retention. Privacy is not a configurable setting on our platform; it is our default operational state.
2. Information We Process & Collect
To facilitate a stable and highly secure communication channel, we collect the minimum operational parameters required:
- Identity Data: When authenticating via Google OAuth, we capture your verified email address, name, and profile picture URL to provision and lock your secure communication bubble.
- Push Notification Targets: We register your device's Firebase Cloud Messaging (FCM) token to deliver real-time system alerts when your partner initiates communication or requests a live session.
- Hardware Access Descriptors: To power live multimedia handshakes, our client software requests runtime permission to access your device's camera and microphone. This access remains strictly internal to your local application layer.
3. Ephemeral Architecture & Account Deletion Protocol
Absolute Data Destruction: Text messages, metadata, and signaling tokens are stored inside an ephemeral database queue solely until successful transmission to your partner's active session is verified. Upon executing the "Swipe Right" gesture inside the workspace, all transactional chat history is permanently wiped.
🔗 Looking to close your account permanently? You can securely execute an instant data wipe or submit a manual account removal request via our official portal here: EmaChat Data Erasure Portal.
4. Live Media Handshakes & Relay Streams (WebRTC)
Real-time voice and video communication utilize Peer-to-Peer (P2P) connections. In restrictive cellular or network environments where direct routing is blocked by strict NAT routers, streams are securely relayed through our custom **AWS Coturn TURN Server infrastructure**. Video and audio packets are transiently proxied in real time and are never cached, recorded, or inspected by our servers.
5. Security Infrastructure & Defenses
All interface calls are encrypted using modern Transport Layer Security (TLS/HTTPS). Your active workspace is hardened using deep sanitization to mitigate Cross-Site Scripting (XSS), cryptographically secure session handling (`HttpOnly`, `Secure`, `SameSite=Strict`), and mandatory Cross-Site Request Forgery (CSRF) tokens attached to every payload header.
6. Corporate Governance & Statutory Disclosures
EmaChat is a proprietary intellectual property developed, managed, and legally operated under the corporate infrastructure of Momorita, owned and directed by SATYAJIT DAS MODAK.
For statutory compliance notifications, legal documentation requests, or privacy infrastructure audits, please route communications to: legal@momorita.com.