Privacy Policy
Last updated July 16, 2026
1. Overview
Vaniso is built to hold as little of your data as possible, for as short a time as possible. This policy explains exactly what we collect, what we can't see even if we wanted to, and when it's deleted.
2. What we collect
Anonymous sessions. Using Vaniso without signing in creates a random, anonymous session ID. We don't ask for a name, email, or any identifying information to use the core Service.
Optional sign-in.If you choose to sign in (Google or a one-time emailed link) to get 30-minute rooms instead of 5, we collect the email address used for that sign-in. It's used solely to authenticate you.
Message and file content. Encrypted in your browser before it's sent anywhere. We receive and store only ciphertext - we do not have the key and cannot read it.
Room metadata.The room name, display names you type, timestamps, and the room code are not encrypted - they're needed to run the knock and whisper access controls and to show "Spirits present." These are deleted along with everything else when the room expires or is vanished.
Technical data.Our infrastructure providers (see below) generate standard connection logs - e.g. IP address and browser type - as a normal part of serving any website. We don't use this to build a profile of you, and we don't combine it with room content.
3. What we don't do
- No ads, no ad trackers, no analytics scripts.
- No selling or renting your data to anyone.
- No reading your encrypted messages or files - we can't.
4. Cookies & local storage
Vaniso stores two things in your browser: your Supabase authentication session, and a "sounds muted" preference. Neither is used for tracking or advertising, so we don't show a cookie-consent banner - there's nothing here that needs your consent under most cookie laws. If that ever changes (e.g. we add analytics), we'll add one and update this policy.
5. How we use it
Strictly to run the Service: authenticate signed-in users, enforce room access (knock/whisper), display who's in a room, and delete rooms on schedule or on request.
6. Retention & deletion
Anonymous rooms live 5 minutes; signed-in rooms live 30 minutes; either can be ended immediately with Vanish. When a room's time is up, its messages, files, and member list are permanently deleted - this cascades automatically and cannot be undone. If you signed in, your account's email address is retained until you delete your account or ask us to via the contact below.
7. Who processes your data
We use a small number of infrastructure providers to run Vaniso:
- Supabase - our database, authentication, and file storage.
- Vercel - hosting and deployment.
- Google - only if you choose Google sign-in.
These providers may process data on servers outside your country. We don't share your data with anyone beyond what these providers need to run the Service.
8. Children's privacy
Vaniso is not directed at children under 13, and we don't knowingly collect data from them. If you believe a child has used the Service, contact us and we'll delete what we can.
9. Your rights & choices
Because most data self-deletes with the room, there's rarely anything to request beyond that. If you signed in and want your account or its email address deleted, or have any other question about your data, email [email protected].
10. Security
Message and file content is end-to-end encrypted; access to rooms is enforced at the database level. No system is perfectly secure, but the design goal is that even we can't read your conversations.
11. Changes
We may update this policy as the Service changes. Material changes will be reflected in the date at the top of this page.
12. Contact
Questions about this policy or your data: [email protected]. See also our Terms of Service.