Session Privacy Policy
Session never knows who you are, who you're talking to, or the contents of your messages.
The Session app does not collect or share your information. That’s our policy in a nutshell.
Session App
Session is designed so that it doesn't store any information which could be used to track you.
We don’t store any identifying information about your device, such as your IP address or your user agent. You also don't need a phone number, e-mail, or any information tied to your real identity to make a Session account. We did this so that you can remain private and anonymous whenever you’re using Session.
You don't need to jump through hoops or tweak special settings to make Session private —it’s private by default.
The first time you use Session, you need to connect to a seed node organised by STF which serves you the list of servers in the network. Your IP address can be seen by the seed node, but your IP is not recorded. You can also shield your real IP by using a virtual private network or similar technology. The seed node will never see who you’re talking to or what you’re talking about.
App stores
If you use Session on your Android or iOS phone, Google or Apple might store information about how you use the app using the telemetry features which are built into their operating systems.
They can record, for example, when the app is closed, opened, how long you use it for, crash logs, and your device model. This usage information could also be linked with your Google or Apple account. Unfortunately this is a limitation of mobile operating systems, and applies to all apps used on your device.
If you’re planning to use Session on mobile, we recommend that you read Apple or Google’s privacy policies (as applicable). If you’re using iOS, check out Apple’s App Store Review Guidelines. For Android, read the User Data section of Google’s Developer Policy Center.
To avoid using the Play Store or App Store, you can download Session from our F-Droid repository or from GitHub.
Session website
The Session website never attempts to link your usage of the website to your real identity or create a user profile based on your activity.
We don’t want to collect or store any of your information that isn’t strictly necessary, so all information is deleted within 6 months of being collected. All the data we do collect is to help improve the website, and anything older than this is unlikely to be useful, so it’s better for both of us if it is deleted.
The Session website stores some limited data to make sure it is easy-to-use and fast-to-load.
We use Cloudflare services in order to serve the Session website. Cloudflare keeps logs about HTTP requests for the Session domains, which can be stored for up to 7 days.
If you choose to subscribe to Session’s e-mail newsletter, your e-mail will be stored. Our e-mail campaigns are managed through opt-in forms and Campaign Monitor. However, if you unsubscribe from our mailing list, your e-mail will be deleted.
Get in touch!
This is the way the Session app and website treat your privacy. If you would like more information, have suggestions about how Session can better protect your privacy, or just want to say hello—please send an email to [email protected].