Privacy Policy

Last updated: March 2026

Overview

Meza is an open-source, end-to-end encrypted chat platform. We are committed to protecting your privacy. This policy explains what data we collect (very little), how we use it, and your rights.

Data We Collect

When you use the hosted service (meza.chat):

  • Account information: username and email address (required to create an account)
  • Server membership: which servers you belong to (required for message delivery)
  • Encrypted message content: stored in encrypted form that we cannot read
  • Files you upload: stored encrypted in object storage

What we do NOT collect:

  • Analytics or usage tracking of any kind
  • IP address logs (beyond what is necessary for rate limiting)
  • Device fingerprints
  • Third-party cookies or tracking pixels
  • Your message content (it is end-to-end encrypted)

End-to-End Encryption

All messages in Meza are encrypted with AES-256-GCM. Keys are distributed using ECIES (X25519 key agreement) and never leave your device unencrypted. The server processes encrypted data it cannot decrypt. Only intended recipients can read messages.

Self-Hosting

If you self-host Meza, you have full control over all data. No data is sent to Meza Labs or any third party. The software makes no external calls except those you explicitly configure (e.g., push notification services).

Data Retention

You can delete your account at any time. When you delete your account, all associated data is permanently removed from our servers. Encrypted messages that have already been delivered to recipients remain on their devices.

Third Parties

We do not sell, share, or provide your data to any third party. We do not use third-party analytics, advertising, or tracking services. The only external service used is push notification delivery (APNs for iOS, FCM for Android) which receives only an opaque notification token.

This Website

This marketing website (meza.chat) is a static site hosted on Cloudflare Pages. It contains no analytics, no tracking scripts, and no cookies. Cloudflare may collect standard server logs (IP address, user agent) as part of their CDN infrastructure.

Open Source

Meza is fully open source. You can audit the code yourself to verify these claims at github.com/mezalabs/meza.

Contact

For privacy-related questions, open an issue on our GitHub repository.