MessageSeal

Privacy Policy

Updated March 28, 2026

MessageSeal is designed so encryption, signing, decryption, and verification happen on your device. The app does not provide accounts, a relay server, analytics, advertising, or cloud sync.

What The App Does Not Collect

The app does not collect account information, contact lists, analytics events, advertising data, or message contents for a developer-operated backend service.

The app does not upload plaintext messages, signed messages, encrypted bundles, private keys, recipients, or decrypted text to a server operated by the developer.

What Stays On Your Device

Private key material is stored in the device Keychain as device-only items used by MessageSeal and its Messages extension.
Identity labels, recipient labels, recipient public identities, and app preferences are stored locally for app functionality.
Clipboard access only occurs when you explicitly tap copy or paste actions.
Nearby recipients you explicitly save remain on your device so you can reuse them later without another nearby session.

Sharing Through Other Apps

When you share an encrypted bundle or signed message through Messages, Mail, Notes, or another app, that app and its service provider handle transport. Their privacy practices are separate from MessageSeal.

MessageSeal protects message contents before they leave the app. It does not hide transport metadata such as who you contacted, when you contacted them, or which service carried the shared text.

Nearby Exchange

If you use Nearby Exchange, MessageSeal uses Apple's local-network and nearby-device frameworks only while the nearby screen stays open so the two devices can compare a safety code and exchange public identities directly.

Nearby Exchange does not add a cloud inbox, background listener, or conversation history. Closing the screen, backgrounding the app, or locking the device ends the nearby session.

Your Controls

You can create and delete local identities, import and delete recipient public identities, choose whether to include your public identity in encrypted bundles, and decide whether MessageSeal is available inside the Messages app.

Deleting a local identity removes the private key from the device. After deletion, previously received messages for that identity may become unreadable.

Retention And Deletion

MessageSeal does not keep a developer-hosted account, profile, or message archive, so there is no developer-side copy of your identities, recipients, or plaintext to delete on request.

Data stays on your device until you delete identities or recipients in the app, clear local app data, or remove the app from the device.

If you shared a bundle through another app or service, copies handled by that service follow that service's own retention and deletion practices.

If you used Nearby Exchange, the session itself is temporary. Only the recipients or messages you explicitly save locally remain on your device afterward.

Changes

This policy describes how MessageSeal works today as a local text-protection app. If the app later adds network services, analytics, accounts, or cloud features, this policy will be updated to explain those changes.

For product questions or troubleshooting, visit the Support page.