Deep privacy policy
Privacy Policy
Deep is designed to minimize what we can know about you. We do not sell personal data, build advertising profiles, or require a phone number or email address to create a Deep identity.
Last updated: July 7, 2026
Short version
Deep is built for private communication by default. Message contents, private keys, and recovery material are not designed to be visible to Deep-operated infrastructure. Some technical data is still processed when you connect to servers, use app stores, receive notifications, download attachments, visit this website, or interact with public blockchains.
Deep app
A Deep identity does not require a real name, phone number, email address, or social account. Your cryptographic keys and recovery material should remain on your own devices unless you choose to back them up elsewhere.
Deep-operated services are not intended to read your messages, attachments, private keys, or contact graph. Internet servers you connect to can technically see connection data such as IP address, request time, and client version. We use this only for delivery, security, diagnostics, and abuse prevention.
Network and bootstrap services
When the app starts or refreshes routing information, it may contact bootstrap, registry, storage, file, push, or router services. Those services may process the minimum technical data needed to return network state, route traffic, store encrypted payloads until expiry, deliver notifications, or diagnose availability. They are not meant to know the contents of your conversations.
Notifications and attachments
If you enable push notifications, mobile platform providers and delivery services may process device tokens and delivery events. If you send or receive attachments, file relay services may temporarily store encrypted files, file identifiers, sizes, and expiry data. Notification and file systems should not receive plaintext message contents from Deep.
App stores and operating systems
Apple, Google, Microsoft, device manufacturers, and operating systems may collect telemetry, crash reports, install events, device identifiers, or account-linked data independently of Deep. Their practices are governed by their own privacy policies and settings.
XPoint website
This website is a static site for XPoint, XPNT token metadata, and Deep privacy information. It does not need an account and does not set analytics cookies.
Hosting and CDN providers may process standard HTTP request data, including IP address, user agent, requested URL, timestamps, and security events. The language selector stores your language preference locally in your browser and does not send that preference to us by itself.
XPNT token and blockchains
Public blockchains are transparent by design. If you interact with XPNT, wallets, exchanges, bridges, explorers, or smart contracts, your wallet addresses and transactions may become public and may be processed by third parties outside Deep's control.
When information may be shared
We do not sell personal data. Limited technical information may be handled by infrastructure providers, app stores, security tools, or professional advisers when needed to operate the service, protect users, investigate abuse, comply with law, or respond to valid legal requests.
Retention
We aim to keep technical data only as long as it is useful for delivery, diagnostics, security, abuse prevention, or legal obligations. Encrypted messages or files handled by relay services are intended to expire according to service rules. Operational logs are deleted or aggregated when they are no longer needed, generally within 6 months unless security, abuse, or legal reasons require a longer period.
Your choices
- Use a VPN or similar network protection if you want to hide your IP address from servers you connect to.
- Review app store, operating system, notification, and crash-reporting privacy settings on your device.
- Clear this website's local storage if you want to remove the saved language preference.
- Remember that blockchain transactions are public and normally cannot be deleted or changed.
Children
Deep is not directed to children. If you believe a child has provided personal information through a Deep-operated channel, contact us so we can review and respond appropriately.
Changes and contact
We may update this policy as Deep, XPoint infrastructure, or legal requirements change. Material changes will be reflected on this page with a new update date.
Privacy questions can be sent to privacy@xpoint.network.