Privacy & Security

How We Protect Your Privacy

End-to-End Encryption

All messages are encrypted on your device before transmission using the Matrix protocol's implementation of the Olm and Megolm cryptographic ratchets. Only intended recipients can decrypt messages. We cannot access message content.

Complete Isolation

Each customer receives a dedicated, isolated instance. There is no shared infrastructure, no federation with other servers, and no cross-tenant access. Your data never mingles with other customers' data.

Privacy-First Hosting

All instances are hosted in Finland through Flokinet, a provider purpose-built for privacy-sensitive workloads. Finland is an EU member state subject to GDPR, which provides strong protections for personal data and limits how authorities can compel access. Flokinet is not affiliated with any intelligence-sharing alliance and has a track record of defending customer privacy. Learn more on our infrastructure page.

Minimal Data Collection

We collect only what's necessary to operate your service: account email, billing information, and basic instance metadata. We do not track, analyze, or monetize your usage patterns or communications.

What Data We Store

• Account Information: Email, billing details, instance name
• Instance Data: Encrypted messages, user accounts, uploaded files (all within your isolated environment)
• System Logs: Connection logs, error logs for troubleshooting (retained 30 days)

What We Don't Do

• We don't read your messages (we can't—they're encrypted)
• We don't sell or share your data with third parties
• We don't serve ads or track you for marketing purposes
• We don't analyze your communication patterns or content
• We don't federate with other servers or share metadata

Data Retention & Deletion

Your messages are retained according to your plan's retention period. You can delete messages at any time. If you cancel your service, all instance data is permanently deleted within 7 days unless you request a data export.

Backups

We maintain encrypted backups of your instance for disaster recovery. Backups are stored in geographically separate locations and are encrypted at rest. We cannot access the content of encrypted messages in backups.

Your Rights

Redoubt Systems is your infrastructure provider — we operate the servers, but your organization controls the data within your instance. This means your administrator manages your users and their data directly.

As a Redoubt Systems customer, you have the right to:

• Export your instance data at any time
• Request deletion of your instance and all associated data
• Access information about what data we store about you as a customer
• Receive notification of any data breaches affecting your instance

For individual users within your instance, your administrator can remove accounts through the admin panel. Due to end-to-end encryption, message content already received on other users' devices cannot be recalled — this is a fundamental property of encrypted messaging.

Security Practices

• All connections use TLS encryption
• Systems are regularly updated with security patches
• Each instance runs in isolated containers with resource limits
• We follow security best practices for server hardening

Questions?

For privacy or security questions, email us at privacy@redoubt.systems.