KocaXNetwork ← Back

Privacy Policy

Last updated: 6 June 2026

1. Who we are

KocaXNetwork (“we”, “us”) operates the end-to-end encrypted messenger available at https://kocax.nl (“the Service”).

• Controller: KocaE.KOCAEXPRESS / KocaXNetwork
• Contact: kocaxnetwork@gmail.com

2. What we collect

We designed the Service so we see as little as possible.

Account data (you provide):

• Display name, username
• Optional avatar image, optional status text

End-to-end encrypted content:

• Messages, attachments, and keys are encrypted on your device before reaching our servers. We cannot read them and do not have access to your encryption keys.

Technical / metadata:

• Public key bundle (so others can address messages to you)
• Server-side timestamps of message relay (for delivery + rate-limiting)
• Standard server logs (IP, user agent) kept only as long as needed to operate the Service securely

Invites and requests:

• “Request a key” submissions: the alias and contact info you type, and your IP address (for spam protection)
• Issued keys and which accounts they unlock

We do not collect: message content, contacts, location, analytics, advertising data, or any third-party tracking data.

3. Lawful basis (GDPR Art. 6)

• Service provision and authentication: Art. 6(1)(b) contract
• Abuse prevention, security, rate-limiting: Art. 6(1)(f) legitimate interest
• Optional fields (status, avatar): Art. 6(1)(a) consent (withdrawable by clearing the field)

4. Who we share data with

We do not sell or share your data with advertisers, analytics providers, or social networks.

Limited sharing required to operate the Service:

• Hosting provider: Local self-hosted / private VPS in the EEA
• Other users: Your public key bundle, so they can address messages to you
• Authorities: Only where legally compelled, and only to the extent required. Encrypted message content will not be intelligible to us or to them.

5. International transfers

All data is stored and processed within the European Economic Area (EEA). We do not transfer your data outside the EEA.

6. Retention

• Account data: until you delete your account
• Encrypted message relay records: 14 days, then deleted
• Server logs: 30 days, then deleted or anonymized
• “Request a key” submissions: until your request is decided, then deleted
• Backup snapshots: 30 days, then rotated out

7. Your rights (GDPR)

You can, at any time:

• Access your personal data (Art. 15)
• Correct it (Art. 16)
• Delete it / close your account (Art. 17)
• Restrict or object to processing (Art. 18, 21)
• Receive your data in a portable format (Art. 20)
• Withdraw consent where processing is consent-based (Art. 7(3))
• Lodge a complaint with your data protection authority (Art. 77). In the Netherlands: autoriteitpersoonsgegevens.nl

To exercise any of these rights, email kocaxnetwork@gmail.com.

8. Security

• All traffic encrypted in transit (TLS 1.2+)
• Message content end-to-end encrypted on your device using authenticated symmetric encryption
• Private keys stored locally on your device, never sent to us in plaintext
• Account authentication by signature, not by password

9. Cookies and similar technologies

The Service does not use tracking cookies or third-party analytics. It uses:

• A service worker (offline support, faster loading)
• Local browser storage (IndexedDB) for your encrypted keys and message history

These are strictly necessary for the Service to function and are not used for tracking.

10. Contact

For any privacy question, email kocaxnetwork@gmail.com.