### Privacy Policy for TEHUDAE Messenger **Last Updated April 2026** --- #### Preamble and Scope This Privacy Policy explains how **TEHUDAE Messenger** collects, uses, stores, protects, discloses, and deletes data in connection with the TEHUDAE application and related services. It applies to all users worldwide and to all environments in which TEHUDAE operates, including mobile apps, desktop clients, test environments, and future platform extensions. By using TEHUDAE you acknowledge that you have read and accepted this Policy. --- #### Core Commitments and High Level Summary **Primary focus on technical data** — TEHUDAE’s routine operations rely on technical, diagnostic, security, and anonymized usage data to provide, secure, and improve the service. **Message content** — In normal operation, message contents and personal files are not accessed or analyzed by TEHUDAE for product improvement or advertising. **No advertising or profiling** — We do not sell user data, do not use data for advertising, and do not build marketing profiles. **Limited, documented exceptions** — Narrow exceptions permit access to user data for lawful orders, user‑authorized support, or serious abuse investigations; all such accesses are logged and justified. **Developer and privacy contact** — For developer and privacy inquiries contact **codewhisperlab24@gmail.com**. **Deleted cloud files** — Files deleted from TEHUDAE cloud storage may be restored on justified request within 30 days subject to identity verification and legal review. **Private restricted service** — TEHUDAE is designed for communication within a restricted circle of users and aims to provide minimal content moderation while complying with applicable law. **Abuse prevention and sanctions** — We may restrict privileges, access data for investigations, or remove accounts when necessary to protect users and the service. --- #### Definitions and Guiding Principles **Definitions** - **Application** means TEHUDAE Messenger and all associated services. - **User** means any person using the Application. - **Device** means hardware used to access the Application. - **Personal Data** means any information relating to an identified or identifiable person. - **Processing** means collection, storage, use, disclosure, or deletion of data. **Principles** - **Data minimization** — collect only what is necessary for operation, security, and maintenance. - **Purpose limitation** — use data only for the purposes described in this Policy. - **Transparency** — disclose categories of data, purposes, retention, and user rights. - **Security and accountability** — apply safeguards and maintain records of processing activities. - **Lawful compliance** — respond to lawful requests from authorities and comply with applicable law. --- #### Categories of Data Collected and Purposes **Device and Technical Data** - Examples: device model, OS version, app version, language settings, device capabilities. - Purpose: compatibility, update planning, troubleshooting, and performance optimization. **Log and Diagnostic Data** - Examples: crash reports, error traces, timestamps, connection logs. - Purpose: debugging, stability improvements, and incident analysis. **Security and Abuse Data** - Examples: IP addresses in security contexts, authentication events, rate limiting records. - Purpose: detect and prevent attacks, fraud, and unauthorized access. **Communication Metadata** - Examples: message timestamps, message sizes, delivery status, pseudonymized identifiers. - Purpose: routing, delivery confirmation, device synchronization, troubleshooting. - Important: message content is not processed for analytics in normal operation. **Aggregated and Anonymized Usage Metrics** - Examples: feature usage counts, aggregated performance metrics. - Purpose: product improvement and engineering prioritization; data is aggregated to avoid identifying individuals. **Support Data Provided by Users** - Examples: screenshots, logs, or descriptions voluntarily submitted to support. - Purpose: resolving user issues; processed only with user consent or clear user action. --- #### Special Operational Policies and Guarantees **Deleted Cloud Files and 30 Day Recovery** - Files deleted from TEHUDAE cloud storage are retained in a recoverable state for a standard 30 day window to allow legitimate recovery requests. - Recovery process: users request restoration, provide justification, and pass identity checks. - Restoration is performed by authorized personnel, logged in an immutable audit trail, and the user is informed of the decision. After 30 days files are deleted or irreversibly anonymized unless legal obligations require longer retention. **Censor Minimal Communication within a Restricted Circle** - Design intent: TEHUDAE enables communication with minimal content moderation within a defined, private user group rather than as a public broadcast platform. - Operational limits: minimal moderation does not mean lawless operation. TEHUDAE enforces rules to comply with law, protect users, and prevent serious harm. This includes responding to lawful orders, preventing criminal activity, and addressing threats to safety. - User expectations: users should not assume absolute anonymity or immunity from legal process. **Access to Data in Serious Cases** - Scope: in serious incidents such as credible threats, large scale abuse, or lawful orders, authorized personnel may access specific user data to investigate and remediate the incident. - Controls: access is limited to personnel with documented need, requires supervisory approval, and is recorded in an immutable audit log that captures who accessed what, when, and why. - Notification: where legally permitted, affected users will be notified of access and the reasons. **Sanctions Privilege Restrictions and Account Removal** - Temporary measures: on detection of suspicious or abusive behavior TEHUDAE may temporarily restrict account privileges or disable specific features. - Permanent measures: for severe or repeated violations TEHUDAE may permanently restrict access to features or remove accounts from the service. - Due process: actions follow documented internal procedures; users are informed and may appeal. --- #### Legal Bases Purposes Retention and Deletion **Legal Bases for Processing** - **Contractual necessity**: processing required to provide messaging, routing, synchronization, and authentication. - **Legitimate interests**: security, fraud prevention, abuse detection, service improvement, and platform integrity, balanced against user privacy. - **Consent**: obtained where required for optional diagnostics or non essential cookies. - **Legal obligations**: compliance with lawful requests from authorities or court orders. **Retention Examples** - Log and diagnostic data: typically 90 days, extended for incident investigation as needed. - Security and abuse data: typically 180 days, extended for ongoing investigations. - Support case data: retained until case resolution plus a defined retention period, e.g., 12 months. - Deleted cloud files: recoverable for 30 days; thereafter deleted or anonymized. **User Deletion Requests** - Users may request deletion of their account and personal data; we comply subject to verification and legal constraints. Some data may remain in anonymized or aggregated form for legitimate purposes. --- #### Security Measures and Risk Mitigation **Encryption** - TEHUDAE uses our proprietary **BYND encryption** for transport and storage where applicable. BYND is a custom end to end and at rest encryption suite developed for TEHUDAE. We do not rely on TLS for our primary encryption layer. BYND encryption is designed to protect data in transit and at rest. **Access Controls** - Role based access control for staff and least privilege principles. - Multi factor authentication for administrative access. **Monitoring Incident Response and Audits** - Continuous monitoring for anomalies and automated alerts. - Defined incident response procedures and forensic capabilities. - Regular internal and external security assessments including penetration tests. **Design for Misuse Reduction** - Rate limiting, anomaly detection, and automated defenses to make misuse difficult. Technical controls are combined with human review and legal processes because no system can guarantee absolute prevention of abuse. --- #### Third Party Processors International Transfers and Cookies **Third Party Processors** - We engage processors for hosting, monitoring, analytics (limited and anonymized), and support. - Processors act only on our instructions and are contractually bound to protect data. - We do not share data with third parties for advertising or profiling. **International Transfers** - Where data is transferred across borders we implement appropriate safeguards such as contractual clauses or technical protections to maintain an adequate level of protection. **Cookies and Similar Technologies** - Types used: essential cookies for session management and optional analytics cookies for aggregated performance metrics. - Consent: non essential cookies are set only after user consent; users can change cookie preferences. --- #### User Rights Transparency and Contact Information **User Rights** - Rights where applicable include access, rectification, deletion, restriction, objection, portability, and withdrawal of consent. Users may also lodge complaints with supervisory authorities. **How to Exercise Rights** - **Contact**: codewhisperlab24@gmail.com for privacy and developer inquiries. - **Postal contact**: TEHUDAE Privacy Team, [insert postal address]. - We verify requests to prevent unauthorized disclosures and respond within applicable legal timeframes. **Transparency and Accountability** - We maintain records of processing activities and access logs. - We perform periodic audits of security and privacy practices and document remediation actions. - Significant incidents are reported to affected users and authorities as required by law. --- #### Law Enforcement Children and Policy Changes **Law Enforcement and Legal Requests** - We respond to lawful requests from public authorities to the extent required by law. Requests are reviewed for legal sufficiency; we push back on overbroad requests where permitted and notify users unless prohibited by law. All disclosures are logged. **Children and Minors** - TEHUDAE is not intended for children under 16 unless parental consent is provided where required by law. We do not knowingly collect data from children without appropriate consent. **Changes to This Policy** - We may update this Policy. Material changes will be communicated to users and posted with a revised Last Updated date. Continued use after changes constitutes acceptance. --- #### Closing Summary and Key Points Reiterated - **TEHUDAE primarily processes technical, diagnostic, security, and anonymized usage data.** - **Message contents are not used for analytics in normal operation.** - **Deleted cloud files can be restored within 30 days upon justified request and verification.** - **TEHUDAE provides a minimally moderated communication environment for a restricted circle of users,** while complying with legal and safety obligations. - **In cases of suspicious or abusive behavior TEHUDAE may restrict privileges, access data for** investigation, or remove accounts following documented procedures. - **Developer and privacy contact:** codewhisperlab24@gmail.com --- If you want, I can now: expand any section further, produce a GDPR‑tailored legal appendix, or create a concise in‑app privacy short form that matches this policy and the line length constraint.