1. Introduction

This Privacy Policy sets out how we, Dijigram Inc. (“Dijigram”), use and protect your personal data that you provide to us, or that is otherwise obtained or generated by us, in connection with your use of our cloud-based messaging services (the “Services”). For the purposes of this Privacy Policy, ‘we’, ‘us’ and ‘our’ refers to Dijigram, and ‘you’ refers to you, the user of the Services.

1.1 Privacy Principles

Dijigram has two fundamental principles when it comes to collecting and processing private data:

1. We don't use your data to show you ads.
2. We only store the data that Dijigram needs to function as a secure and feature-rich messaging service.

1.2. Terms of Service

This Privacy Policy forms part of our Terms of Service, which describes the terms under which you use our Services and which are available at dijigram.org/tos. This Privacy Policy should therefore be read in conjunction with those terms.

1.3. Table of Contents

This Privacy Policy explains the following:

• the legal basis for processing your personal data;
• what personal data we may collect from you;
• how we keep your personal data safe;
• what we may use your personal data for;
• who your personal data may be shared with; and
• your rights regarding your personal data.

1.4. EEA Representative

If you live in a country in the European Economic Area (EEA), the Services are provided by Dijigram, which for the purposes of applicable data protection legislation is the data controller responsible for your personal data when you use our Services. However, as Dijigram is located outside the EEA, we have designated a third party, European Data Protection Office (EDPO), as our representative pursuant to Article 27 of the GDPR. You can direct any GDPR-related queries to EDPO:

• by using EDPO’s online request form at https://edpo.com/dijigram-gdpr-data-request/ or
• by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

2. Legal Ground for Processing Your Personal Data

We process your personal data on the ground that such processing is necessary to further our legitimate interests (including: (1) providing effective and innovative Services to our users; and (2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of Services), unless those interests are overridden by your interests or fundamental rights and freedoms that require protections of personal data.

3. What Personal Data We Use

3.1. Basic Account Data

Dijigram is a communication service. You provide your mobile number and basic account data (which may include profile name, profile picture, and about information) to create a Dijigram account.

To make it easier for your contacts and other people to reach you and recognize who you are, the screen name you choose, your profile pictures, and your username (should you choose to set one) on Dijigram are always public. We don't require your real name, gender, age, or preferences.

Users who have you in their contacts will see you by the name they saved, and not by your screen name. For example, your mother can have the public name 'Johnny Depp' while appearing as 'Mom' to you and as 'Boss' to her colleagues (or the other way around).

3.1.1. Optional Data

You can add your birthday (with or without the year) to your Dijigram profile if you wish to do so. You can granularly choose which users are able to see it on your profile (by default, your Contacts), and they will be shown a reminder on your birthday. We may use data about your age to determine eligibility for age-specific content.

Dijigram Business subscribers can add a fixed location and a list of opening hours to their profile to help clients identify and engage with their business more efficiently. If added, this information will be public.

3.2. Your Email Address

When you enable 2-step-verification for your account or store documents using the Dijigram Passport feature, you can opt to set up a password recovery email. This address will only be used to send you a password recovery code if you forget it. No marketing or unsolicited emails will be sent.

Starting from September 2022, we may ask some users to provide an email address to receive login codes via email instead of SMS (with an option to use 'Sign in With Google' / 'Sign in with Apple'). This email will only be used for login authentication and stored separately from the recovery email.

3.3. Your Messages

3.3.1. Cloud Chats

Dijigram is a cloud service. We store messages, photos, videos, and documents from your cloud chats on our servers so you can access your data from any device at any time. All data is encrypted, and encryption keys are stored across multiple jurisdictions to ensure security.

3.3.2. Secret Chats

Secret chats use end-to-end encryption. Only you and the recipient can decrypt these messages, and Dijigram has no access to their content. Secret chats are not stored on our servers and are not backed up in the cloud.

3.3.3. Media in Secret Chats

When you send photos, videos, or files in secret chats, they are encrypted before being uploaded, and the server cannot access their contents. We periodically delete this data to save space.

3.3.4. Public Chats

Dijigram also supports public channels and groups, where content is accessible to everyone and is stored on our servers using encryption.

3.3.5. Paid Posts

Starting June 2024, creators can offer paid access to specific channel posts through Dijigram Stars. When users pay to unlock a post, a permanent copy is stored in their transaction history.

3.4. Phone Number and Contacts

Dijigram uses phone numbers as unique identifiers to help you retain your contacts. We store your up-to-date contacts to notify you when they join Dijigram and display names in notifications. We only store names and numbers, and you can stop syncing contacts or delete them anytime.

For Android users, Dijigram may ask for access to your phone call logs to verify your account via phone call instead of SMS.

3.5. Location Data

When you share a location or enable Live Location or People Nearby features, Dijigram will use this data to display your location to other users with whom you share it.

3.6. Cookies

Dijigram uses cookies to operate our web-based Services. These cookies do not profile users or serve ads. You can manage cookies via your browser settings, but disabling them will prevent you from logging into Dijigram Web.

4. Keeping Your Personal Data Safe

4.1 Storing Data

For users in the UK or EEA, Dijigram stores data in third-party data centers located in the Netherlands. However, the servers and networks within these data centers are owned by Dijigram, ensuring that third parties cannot access the personal data stored. Additionally, all data is heavily encrypted, making it inaccessible even to Dijigram engineers or physical intruders.

4.2 End-to-End Encrypted Data

Messages, media, and files from secret chats, calls, and Dijigram Passport data are encrypted end-to-end, meaning only you and the recipient hold the encryption keys. Dijigram servers store and process only encrypted data and cannot decipher its contents, as they do not have the encryption keys.

4.3 Retention

Personal data is only stored for as long as necessary to provide Dijigram's services, unless otherwise stated in the Privacy Policy.

5. Processing Your Personal Data

5.1 Our Services

As a cloud service, Dijigram processes your data to deliver chat history across devices without requiring third-party backups or cloud storage.

5.2 Safety and Security

Dijigram collects metadata such as IP addresses and device information to improve account security and combat abuse, phishing, and spam. This metadata may be retained for up to 12 months.

5.3 Spam and Abuse

Dijigram moderators review reported messages for spam or abuse. Accounts violating the Terms of Service may face restrictions or bans. Automated algorithms also analyze cloud chat messages to prevent spam and phishing.

5.4 Cross-Device Functionality

Dijigram stores aggregated metadata to enable features like multi-device chat synchronization.

5.5 Advanced Features

Dijigram uses aggregated usage data to create useful features, such as suggesting frequent contacts or bots. Users can disable these features in Settings > Privacy & Security > Data Settings.

5.6 No Ads Based on User Data

Dijigram does not use user data for ad targeting. Sponsored messages in public channels are displayed based solely on the channel's topic, without analyzing user data.

6. Bot Messages

6.1 Ecosystem

Dijigram allows third-party developers to create bots via its API. Bots can interact with users, and any data shared is controlled by the third-party developers.

6.2 How Bots Can Receive Data

Bots can receive data when users send messages, participate in groups with the bot, or interact with bot features. The data sent depends on the type of interaction.

6.3 What Data Bots Receive

Bot developers receive public account information such as screen names, usernames, and profile pictures, as well as messages and interactions with their bots.

6.4 Bots Are Not Maintained by Dijigram

Except for Dijigram's own bots, all third-party bots are independent of Dijigram. Users must provide permission before their data is accessed by bots.

6.5 Dijigram Business Chatbots

Dijigram Business subscribers can connect third-party bots to manage private chats and perform actions on their behalf. Bot permissions can be modified or revoked in Settings > Dijigram Business > Chatbots.