Your data, in plain words.
Vesper is built around anonymity. This policy describes the data we actually collect, why we need each piece of it, and the controls you have. No fine print, no dark patterns.
01TL;DR
- We use your phone number to sign you in. Not for marketing.
- We don't collect photos, real names, contacts, or location beyond the city you choose to share.
- Your messages, mood matches, and call metadata are stored on our servers so the app can function. Voice call audio is peer-to-peer and not recorded.
- We don't sell your data. We don't run third-party ads.
- You can delete your account from inside the app, and request a copy of your data by email.
02Who we are
Vesper is operated by DECCANWAVE LABS (OPC) PRIVATE LIMITED ("Vesper," "we," "us"), based in India. For privacy questions, write to support@vesperchat.live.
This policy covers the Vesper mobile app on iOS and Android, and the marketing website at vesperchat.live. Vesper is offered only in India.
03What we collect
Below is the complete list of personal data Vesper stores. If a field isn't listed, we don't collect it.
Account information
| Field | Source | Notes |
|---|---|---|
| Phone number | You enter it at sign-up; verified by SMS OTP. | Used as your unique account identifier and to sign in. Never shown to other users. |
| Display name | You enter it. | Shown to other users. Optional. |
| Handle | Auto-generated at sign-up. | Unique, public. |
| City | You enter it. | Optional. Used for local rooms; it's a free-text city, not GPS. |
| Date of birth | You enter it. | Used to verify you're 18+. We do not display your DOB. |
| Gender, preferred match gender | You enter it. | Optional. Used only to filter mood matches if you opt in. |
| Avatar configuration | You configure it. | A small JSON object describing your generated avatar — no photos. |
| Referral code | Auto-generated at sign-up. | Used to credit referrals. |
Content you create
- Messages in rooms, mood sessions, and direct messages.
- Reactions (emoji) on messages.
- Mood selections — which mood you picked and when.
- Call records — caller, callee, start time, end time, duration, and your post-call rating. We do not record call audio or video.
- Saved contacts (your Circle) — accounts you've chosen to save.
- Blocked users — the list of accounts you've blocked, so we can keep them out of your experience.
- Reports — when you report another user, we keep the report, the reason, and any context you provided.
Device and technical data
- Push notification token from Apple Push Notification Service or Firebase Cloud Messaging, scoped per device.
- Notification preferences (DMs, calls, rooms, sounds).
- Server logs — IP address, request timestamp, and HTTP path for the requests your app makes. Used for security, debugging, and rate limiting.
- Microphone audio — only during a live voice call, only between the two participants, never sent to or stored on our servers.
Purchases and coins
- Coin balance — your current in-app coin balance, stored as a wallet on our servers.
- Transaction history — a ledger of credits and debits (top-ups, call charges, gifts, bonuses, refunds), including the amount, type, and a reference to the in-app purchase that funded each top-up (product ID and store transaction ID). We never receive or store your card, UPI, or bank details — payment is handled entirely by Google Play or the Apple App Store.
What we do not collect
- Your phone's contact list.
- Your precise location or GPS coordinates.
- Photos, camera footage, or selfies.
- Email address (we don't use email for authentication).
- Social-media identifiers.
- Advertising identifiers (IDFA / GAID).
04Why we collect each piece
| Purpose | Data used | Basis under DPDP Act |
|---|---|---|
| Run the app | Account info, messages, call metadata, push tokens. | Necessary to deliver the service you signed up for. |
| Verify you're 18+ | Date of birth. | Compliance with law; keeping minors off an adult-only platform. |
| Match you by mood | Current mood, preferred match gender. | Necessary to deliver the service. |
| Send notifications | Push token, notification preferences. | Consent (you can disable any category from Settings). |
| Keep the platform safe | Reports, message content surrounding a report, offense history. | Legitimate use — moderation and user safety. |
| Prevent abuse and rate-limit | IP address, daily-limit counters. | Legitimate use — security and fraud prevention. |
| Process coin top-ups | Payment is handled by Apple App Store or Google Play. We receive a confirmation of the in-app purchase (product ID, transaction ID, timestamp) — never your card or UPI details. | Necessary to deliver the paid feature. |
06How long we keep data
- Account data — for as long as your account exists.
- Room messages — kept while the room is active. You can delete your own messages at any time.
- Direct messages — until you delete them or delete your account. "Delete for everyone" works for a short window after sending.
- Mood session history — kept so you can scroll your past matches.
- Call records — caller, callee, start, end, duration. Kept for your call history.
- Reports and moderation history — kept while the account exists, plus 12 months after deletion, so the same person can't evade a ban by re-registering.
- Payment records — coin purchase transactions (amount, store transaction ID) are kept for up to 8 years after deletion, only as required by Indian tax and accounting law.
- Server logs — 30 days, then deleted.
When you delete your account, we delete your profile and most of your data immediately. Some records are retained for the limited windows above (legal, anti-abuse, financial).
07How we protect your data
- All connections between your app and our servers use TLS 1.2+.
- Voice calls use WebRTC with DTLS-SRTP encryption between the two participants.
- Account data and messages are stored on infrastructure that encrypts data at rest (AES-256).
- Access to production data is limited to a small set of engineers and is logged.
- Messages are not end-to-end encrypted today — Vesper's servers can read message contents in order to deliver them and enforce safety. We are working on end-to-end encryption for direct messages; we will update this policy and notify you in-app before that ships.
No system is perfect. If we ever experience a breach affecting your data, we will notify you and the Indian Computer Emergency Response Team (CERT-In) and the Data Protection Board within the timelines required by Indian law.
08Your rights and controls
Under India's Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000 (and the rules made under them), you have the following rights as a Data Principal:
- Access — request a copy of the data we hold about you.
- Correction — fix anything inaccurate.
- Deletion — delete your account and your data.
- Portability — get your data in a machine-readable format.
- Objection / restriction — object to certain processing or ask us to limit it.
- Withdraw consent — turn off push notifications, marketing, or other consent-based processing.
You can manage several of these directly in the app: Settings → Notifications for notification preferences, and Settings → Danger zone → Delete account to delete your account. To download a copy of your data, or to exercise any other right, write to support@vesperchat.live and we'll respond within 30 days.
09Children
Vesper is for adults. We don't knowingly collect data from anyone under 18. If you believe a minor has created an account, please report them in-app or write to support@vesperchat.live.
10Changes to this policy
When we make material changes, we'll notify you in-app and update the Effective date at the top of this page. Continued use after the new date means you accept the update; if you don't, you can delete your account.
11Contact us
For privacy questions, data requests, or to exercise any of your rights:
- Privacy questions, data requests, safety issues, and general support: support@vesperchat.live