Privacy, in plain language
No accounts. No ads. No trackers. Below we explain exactly what that means — and where the limits of that promise are.
What lives where
| What | Where it lives | What our server sees |
|---|---|---|
| Your lists, list names, and members | Only on your own devices | Encrypted gibberish only — unreadable |
| The key everything is encrypted with | Securely stored on your device; briefly visible in an invite link | Never — invites themselves are encrypted too |
| Location, store reminders, saved stores | Only on your device | Nothing — our server has no endpoint that even accepts coordinates |
| Who you are | A random device ID and a keypair — no name, no email, no account | Just that random ID and a push token |
| Unavoidable residual metadata | — | Which (random) devices belong to which (random) group, roughly when something was sent, and how much data — plus your IP address at the connection level (not logged or stored) |
What we do
- No accounts, no ad SDKs, no analytics or tracking software.
- Crash reports never contain your list contents (personal data is scrubbed), and you can opt out.
- The app's source code is open, so anyone can verify these claims.
What we do NOT claim — the honest version
Encryption protects you against nosy third parties, data breaches, and data-mining for profit — not against every conceivable scenario. Specifically:
- We do not claim per-message forward secrecy or post-compromise security — these are advanced cryptographic guarantees this design deliberately does not pursue.
- Anyone you invite into a group can, by design, read everything in it — it's their list too. Vinkt does not protect against a group member you trusted who abuses that trust.
- Our assumption: you don't need to blindly trust us (the server operator) — the threat model targets nosy third parties, breaches, and data-mining, not a malicious member of your own group.
Questions about this privacy policy? See the Impressum for contact details.