Nothing on our servers. Your identity is an Ed25519 cryptographic key pair. We never see it. The app generates it once in your browser and stores it in IndexedDB. There are no accounts, no logins, no email addresses collected by us.
The signal relay at signal.verko.app routes WebRTC handshake messages (SDP offers/answers, ICE candidates) between peers. These are cryptographic protocol messages — no message content, no message content, no chat text, no AI context. The relay runs in Helsinki, EU jurisdiction. Logs are disabled. No data is persisted.
All conversations, all AI context, all room history are encrypted with AES-256-GCM and stored in your browser's IndexedDB. The encryption key is derived from the room's shared secret using SHA-256. We never see the key. We cannot decrypt your data even if it passed through our infrastructure.
None. We do not use analytics, tracking pixels, third-party CDNs that log IPs, or external API calls. The app loads Google Fonts and the ONNX Runtime Web CDN for AI inference — both are fetched directly by your browser and we have no control over their logs. No data from your room ever leaves your peer group.
The AI model (Gemma 2B) runs entirely in your browser via WebGPU. No data is sent to any server for AI processing. The model is downloaded once (~1.5GB) and cached. The model file is a static asset — we do not serve custom models or collect inference telemetry.
There is no account to delete. There is no data to export. Clear your browser data (IndexedDB, cache) to remove everything. Under GDPR, you have the right to data portability and erasure — but since we hold zero personal data on data on our servers, there is nothing for us to provide or delete.
Questions about this privacy policy? Email hello@verkosolutions.com. For security disclosures, use the same address.
Verkosolutions Oy — Lappeenranta, Finland — EU AI Act Compliant by Architecture