Privacy policy

1. Introduction

This Privacy Policy explains what data may be processed when you use the Atmosphere website (including atmospherechat.com), the Atmosphere Android app, and the related server software (the “Service”).

The data controller for the Service is Alexey Evgenievich Lomshakov, a natural person (individual). This Policy is for information only and does not replace legal advice. If you are in Russia, the EU, or elsewhere, laws such as Russian Federal Law No. 152-FZ, the GDPR, or other rules may apply depending on the situation.

2. Website

When you load pages, infrastructure (web server, hosting, and if used, a CDN) may automatically log technical data such as IP address, time of request, User-Agent, response code, and bytes transferred — as permitted by the provider’s configuration and applicable law.

The site may show a banner to choose analytics. If you opt in, we may load Plausible Analytics or a similar privacy-oriented tool; declining does not affect the messenger. Your choice may be stored locally in the browser.

The “Contact the team” form (when an API endpoint is configured) sends your optional name, email address, and message to the application server, which forwards them by email to the recipient configured on the server. Do not submit passwords, seed phrases, or other secrets through the form.

3. Account registration and authentication

The app uses a username (login) and password. A phone number or email is not required to register in the app. The server stores a password hash (bcrypt), your user ID, username, cryptographic public key, a hash of your seed phrase (to verify recovery), and session data such as refresh tokens in hashed form — as needed for sign-in and security.

Deleting your account and related server-side data is done through in-app features and/or requests within what the Service and law allow.

Step-by-step in-app account deletion, what data is deleted or retained, and retention information are on the “Delete account” page (/en/account-deletion/).

4. Messages, calls, and files (E2EE)

Chat messages and attachments are end-to-end encrypted on users’ devices. Payloads may be transmitted and temporarily stored on the server in encrypted form for delivery (including when the recipient is offline); the operator is not intended to decrypt message content as a matter of routine operation.

WebRTC call signaling uses a WebSocket connection; the server routes encrypted or control data between clients. Delivery metadata (e.g. user IDs, fact of transmission) may be processed for technical operation.

Temporary encrypted blobs for file transfer are kept on the server for a limited time and removed after download or according to the Service’s retention rules.

5. Push notifications, avatars, and privacy settings

A device push token (Firebase Cloud Messaging / Google) may be sent to the server for notifications about new messages and calls. Google’s policies also apply. You can turn off notifications in OS and/or app settings.

If you upload an avatar, the image is processed and stored on the server. Who can see it, who can DM you, and who can start calls may be governed by in-app privacy settings and block lists stored on the server for routing policy.

6. Data that stays on your device

Chat history, contacts, and encryption keys are stored locally in the app (including platform-protected storage). Optional app lock (PIN / biometrics) is handled only on the device and is not sent to the Atmosphere server.

Image cache and temporary app files live on the device; you can clear them from app settings.

7. Legal bases and your rights

Processing is necessary to provide the Service (contract), comply with legal obligations, protect legitimate interests where applicable, and — where required — on the basis of consent (e.g. site analytics).

Depending on your jurisdiction you may have rights to access, rectify, erase, restrict processing, object, data portability, and withdraw consent — as provided by law. Contact us using the details below; some actions are available directly in the app for account data.

8. Processors, security, and children

We do not sell personal data. Sub-processors (hosting, DNS, mail for the contact form, Google FCM, etc.) receive data only as needed to run the Service, under their terms and applicable law. We may disclose information to authorities when legally required.

We use reasonable technical and organisational measures; no method of transmission over the internet is 100% secure.

The Service is not directed at children under 14 (or the minimum age in your country). Parents should supervise minors’ use of messengers.

9. International transfers, changes, contact

Infrastructure and processors may be located outside your country; cross-border transfers follow applicable legal mechanisms where required.

We may update this Policy; the current version is published on the site with an “last updated” date. Continued use after changes may mean you accept the updated Policy where the law allows.

Questions: support@atmospherechat.com, the “Support us” section on the website, or the channels listed on the Google Play store listing.