Our approach
Enmarch provides encrypted messaging for people who authenticate through Solana wallets. Our goal is to collect only the information needed to authenticate users, deliver encrypted messages, maintain service integrity, prevent abuse, and comply with valid legal obligations.
We do not sell personal data. We do not use message content for advertising or behavioral profiling.
Private messages and keys
Enmarch does not collect or store plaintext private messages. Message contents are encrypted before they reach Enmarch servers, and our services are designed to treat those contents as opaque ciphertext.
We also do not collect wallet seed phrases, wallet private keys, device private keys, or decrypted local message databases.
Account, wallet, and device information
We may process wallet and account information, including wallet addresses, internal account identifiers, authentication challenges, session records, and timestamps. We may also process device and protocol information, including device identifiers, public keys, device certificate records, key-package metadata, rotation or revocation records, and verification data needed to operate encrypted messaging.
Encrypted messaging records
We may process encrypted messaging records such as conversation identifiers, membership records, message identifiers, sender and recipient device identifiers, encrypted message envelopes, message hashes, sequenced-record hashes, delivery records, delivery receipts, commitment or proof records, and timestamps. These records help deliver messages, sync devices, preserve message order, support verification, and operate the service.
Operational and security data
We may collect operational and security data, including request identifiers, rate-limit events, security audit events, error logs, abuse reports, device status, session status, and service health data. We use this information to secure Enmarch, detect spam or abuse, investigate reports, debug reliability issues, enforce our terms, and respond to valid legal requests.
Waitlist and direct communications
If you join the waitlist, contact us, report abuse, request support, or otherwise communicate with us, we may collect the information you provide, including your email address, message, report details, and related metadata. Waitlist email addresses are used to notify people about the Enmarch launch and are kept only while that notification purpose remains active.
How we use information
We use personal data to provide and secure the service, authenticate users, deliver encrypted messages, sync message state, prevent abuse, investigate reports, improve reliability, communicate with users, comply with law, and protect the rights and safety of users and the public.
When information may be shared
We may share limited information with infrastructure, hosting, monitoring, analytics, security, and professional-service providers that help operate Enmarch. We may also disclose information to legal advisors, regulators, law enforcement, or other parties when legally required, and to successor entities in a merger, acquisition, or reorganization. Service providers may process data only to provide services to Enmarch.
Public blockchain records
Public blockchain data is not controlled by Enmarch. Solana wallet authentication and on-chain commitments may create records that are public by nature. Those records may be permanent, independently indexed, and visible to others.
Retention and deletion
We retain data only for as long as necessary for the purpose for which it was collected, unless a longer period is required for security, legal compliance, dispute resolution, abuse prevention, or operational integrity.
For the initial service, undelivered encrypted message envelopes and delivery records are retained for no more than 90 days. Delivered encrypted message envelopes and delivery receipts are deleted from Enmarch-controlled storage 30 days after delivery. Deleting ciphertext from Enmarch-controlled storage does not delete copies held by participants or immutable on-chain commitments.
Your choices and rights
Enmarch does not currently provide self-service tools for privacy requests. Before public launch, we will publish the responsible legal entity, a privacy contact, and instructions for submitting a request.
Where applicable law provides rights of access, correction, deletion, export, restriction, or objection, requests may be subject to the encrypted nature of the service, public blockchain records, fraud-prevention needs, legal obligations, or records we no longer retain.
Security and age requirements
Enmarch uses technical and organizational safeguards including encryption, access controls, logging controls, least-privilege access, retention limits, and security review. No system can be guaranteed perfectly secure, but Enmarch is designed to reduce the sensitive data available to the server.
Enmarch is not intended for children below the minimum age required by applicable law. You must not use Enmarch where you are not legally permitted to accept these terms or use encrypted messaging services.
Changes to this policy
We may update this Privacy Policy as Enmarch evolves. We will post material changes clearly and update the effective date. Continued use of Enmarch after an updated policy takes effect means the updated policy applies.