Privacy Policy
Last updated 18 July 2026
This policy describes what we hold and what we cannot hold. The unusual thing about BA | Wisp is how little of your data ever reaches us.
Data controller: Aletheia Tech Ltd (UK).
Message content — we do not have it
Message content is encrypted in your browser before transmission. We receive and store only ciphertext, which is indistinguishable from random data without the key. The key never reaches us. We therefore cannot read, produce, hand over, or restore your message content, including in response to a legal request: we do not possess it.
When a message expires, is read to its limit, is revoked, or is reported and taken down, we delete the ciphertext from our systems.
What we do hold
For an account: your email address, and the identifier from your chosen sign-in provider (Google, Microsoft, or GitHub) if you use one.
For each message you send: the ciphertext (until deletion), a one-way hash of it, timing and read-count metadata, and the optional label you set. The label is stored unencrypted because it exists so you can recognise your own sends; keep it non-sensitive.
Basic operational logs and, if you anchor a message, the public on-chain record of its hash, which is permanent and outside our control.
Anchoring is permanent and public
If you anchor a message, a hash of its ciphertext is written to public blockchains. This cannot be deleted or altered, by us or anyone else. It contains no personal data in readable form — it is a one-way hash of already-encrypted data — but you should understand that the fact and timing of the anchor are public forever.
Your rights
You may access, correct, or delete your account data, and delete messages you created, from your dashboard or by contacting us. Deleting content removes it from our systems; it cannot remove an on-chain hash, which contains no readable personal data.
We use processors to run the service; see the Subprocessors page.