VANISO

Privacy Policy

Last updated July 16, 2026

1. Overview

Vaniso is built to hold as little of your data as possible, for as short a time as possible. This policy explains exactly what we collect, what we can't see even if we wanted to, and when it's deleted.

2. What we collect

Anonymous sessions. Using Vaniso without signing in creates a random, anonymous session ID. We don't ask for a name, email, or any identifying information to use the core Service.

Optional sign-in.If you choose to sign in (Google or a one-time emailed link) to get 30-minute rooms instead of 5, we collect the email address used for that sign-in. It's used solely to authenticate you.

Message and file content. Encrypted in your browser before it's sent anywhere. We receive and store only ciphertext - we do not have the key and cannot read it.

Room metadata.The room name, display names you type, timestamps, and the room code are not encrypted - they're needed to run the knock and whisper access controls and to show "Spirits present." These are deleted along with everything else when the room expires or is vanished.

Technical data.Our infrastructure providers (see below) generate standard connection logs - e.g. IP address and browser type - as a normal part of serving any website. We don't use this to build a profile of you, and we don't combine it with room content.

3. What we don't do

  • No ads, no ad trackers, no analytics scripts.
  • No selling or renting your data to anyone.
  • No reading your encrypted messages or files - we can't.

4. Cookies & local storage

Vaniso stores two things in your browser: your Supabase authentication session, and a "sounds muted" preference. Neither is used for tracking or advertising, so we don't show a cookie-consent banner - there's nothing here that needs your consent under most cookie laws. If that ever changes (e.g. we add analytics), we'll add one and update this policy.

5. How we use it

Strictly to run the Service: authenticate signed-in users, enforce room access (knock/whisper), display who's in a room, and delete rooms on schedule or on request.

6. Retention & deletion

Anonymous rooms live 5 minutes; signed-in rooms live 30 minutes; either can be ended immediately with Vanish. When a room's time is up, its messages, files, and member list are permanently deleted - this cascades automatically and cannot be undone. If you signed in, your account's email address is retained until you delete your account or ask us to via the contact below.

7. Who processes your data

We use a small number of infrastructure providers to run Vaniso:

  • Supabase - our database, authentication, and file storage.
  • Vercel - hosting and deployment.
  • Google - only if you choose Google sign-in.

These providers may process data on servers outside your country. We don't share your data with anyone beyond what these providers need to run the Service.

8. Children's privacy

Vaniso is not directed at children under 13, and we don't knowingly collect data from them. If you believe a child has used the Service, contact us and we'll delete what we can.

9. Your rights & choices

Because most data self-deletes with the room, there's rarely anything to request beyond that. If you signed in and want your account or its email address deleted, or have any other question about your data, email [email protected].

10. Security

Message and file content is end-to-end encrypted; access to rooms is enforced at the database level. No system is perfectly secure, but the design goal is that even we can't read your conversations.

11. Changes

We may update this policy as the Service changes. Material changes will be reflected in the date at the top of this page.

12. Contact

Questions about this policy or your data: [email protected]. See also our Terms of Service.