MDPD Privacy Policy
Last updated: July 20, 2022
This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.
1. Introduction
This Privacy Policy sets out how we, MDPD Inc. (“MDPD”), use and protect your personal data that you provide to us, or that is otherwise obtained or generated by us, in connection with your use of our cloud-based messaging services (the “Services”). For the purposes of this Privacy Policy, ‘we’, ‘us’ and ‘our’ refers to MDPD, and ‘you’ refers to you, the user of the Services.
1.1 Privacy Principles
MDPD has two fundamental principles when it comes to collecting and processing private data:
- We don't use your data to show you ads.
- We only store the data that MDPD needs to function as a secure and feature-rich messaging service.
1.2 Terms of Service
This Privacy Policy forms part of our Terms of Service, which describes the terms under which you use our Services and which are available at Terms of Service. This Privacy Policy should therefore be read in conjunction with those terms.
1.3 Table of Contents
This Privacy Policy explains the follwoing:
1.4 EEA Representative
If you live in a country in the European Economic Area (EEA), the Services are provided by MDPD, which for the purposes of applicable data protection legislation is the data controller responsible for your personal data when you use our Services. However, as MDPD is located outside the EEA, we have designated one of our EEA-based group companies, MDPD UK Holdings Ltd (71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ), as a representative to whom you may direct any issues you have relating to our processing of your personal data.
2. Legal Ground for Processing Your Personal Data
We process your personal data on the ground that such processing is necessary to further our legitimate interests (including: (1) providing effective and innovative Services to our users; and (2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of Services), unless those interests are overridden by your interest or fundamental rights and freedoms that require protections of personal data.
3. What Personal Data We Use
3.1. Basic Account Data
MDPD is a communication service. You provide your mobile number and basic account data (which may include profile name, profile picture and about information) to create a MDPD account. To make it easier for your contacts and other people to reach you and recognize who you are, the screen name you choose, your profile pictures, and your username (should you choose to set one) on MDPD are always public. We don't want to know your real name, gender, age or what you like. We do not require your screen name to be your real name. Note that users who have you in their contacts will see you by the name they saved and not by your screen name. This way your mother can have the public name 'Johnny Depp' while appearing as 'Mom' to you and as 'Boss' to her underlings at work (or the other way around, depending on how these relationships are structured).
3.2. Your E-mail Address
When you enable 2-step-verification for your account or store documents using the MDPD Passport feature, you can opt to set up a password recovery email. This address will only be used to send you a password recovery code if you forget it. That's right: no marketing or “we miss you” bullshit.
3.3. Your Messages
3.3.1. Cloud Chats
MDPD is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups. All data is stored heavily encrypted and the encryption keys in each case are stored in several other data centers in different jurisdictions. This way local engineers or physical intruders cannot get access to user data.
3.3.2. Secret Chats
Secret chats use end-to-end encryption. This means that all data is encrypted with a key that only you and the recipient know. There is no way for us or anybody else without direct access to your device to learn what content is being sent in those messages. We do not store your secret chats on our servers. We also do not keep any logs for messages in secret chats, so after a short period of time we no longer know who or when you messaged via secret chats. For the same reasons secret chats are not available in the cloud — you can only access those messages from the device they were sent to or from.
3.3.3. Media in Secret Chats
When you send photos, videos or files via secret chats, before being uploaded, each item is encrypted with a separate key, not known to the server. This key and the file’s location are then encrypted again, this time with the secret chat’s key — and sent to your recipient. They can then download and decipher the file. This means that the file is technically on one of MDPD’s servers, but it looks like a piece of random indecipherable garbage to everyone except for you and the recipient. We don’t know what this random data stands for and we have no idea which particular chat it belongs to. We periodically purge this random data from our servers to save disk space.
3.3.4. Public Chats
In addition to private messages, MDPD also supports public channels and public groups. All public chats are cloud chats (see section 3.3.1 above). Like everything on MDPD, the data you post in public communities is encrypted, both in storage and in transit — but everything you post in public will be accessible to everyone.
3.4. Phone Number and Contacts
MDPD uses phone numbers as unique identifiers so that it is easy for you to switch from SMS and other messaging apps and retain your social graph. We ask your permission before syncing your contacts. We store your up-to-date contacts in order to notify you as soon as one of your contacts signs up for MDPD and to properly display names in notifications. We only need the number and name (first and last) for this to work and store no other data about your contacts. Our automatic algorithms can also use anonymized sets of phone numbers to calculate the approximate number of potential contacts an unregistered phone number may have on MDPD. When you open the 'Invite friends' interface, we display the resulting statistics next to your contacts to give you an idea of who could benefit most from joining MDPD. You can always stop syncing contacts or delete them from our servers in Settings > Privacy & Security > Data Settings.
4. Keeping Your Personal Data Safe
4.1. Storing Data
If you signed up for MDPD from the UK or the EEA, your data is stored in data centers in the Netherlands. These are third-party provided data centers in which MDPD rents a designated space. However, the servers and networks that sit inside these data centers and on which your personal data is stored are owned by MDPD. As such, we do not share your personal data with such data centers. All data is stored heavily encrypted so that local MDPD engineers or physical intruders cannot get access.
4.2. End-to-End Encrypted Data
Your messages, media and files from secret chats (see section 3.3.2 above), as well as the contents of your calls and the data you store in your MDPD Passport are processed only on your device and on the device of your recipient. Before this data reaches our servers, it is encrypted with a key known only to you and the recipient. While MDPD servers will handle this end-to-end encrypted data to deliver it to the recipient – or store it in the case of MDPD Passport data, we have no ways of deciphering the actual information. In this case, we neither store nor process your personal data, rather we store and process random sequences of symbols that have no meaning without the keys which we don’t have.
4.3. Retention
Unless stated otherwise in this Privacy Policy, the personal data that you provide us will only be stored for as long as it is necessary for us to fulfill our obligations in respect of the provision of the Services.
5. Processing Your Personal Data
5.1. Our Services
MDPD is a cloud service. We will process your data to deliver your cloud chat history, including messages, media and files, to any devices of your choosing without a need for you to use third-party backups or cloud storage.
5.2. Safety and Security
MDPD supports massive communities which we have to police against abuse and Terms of Service violations. MDPD also has more than 400 million users which makes it a lucrative target for spammers. To improve the security of your account, as well as to prevent spam, abuse, and other violations of our Terms of Service, we may collect metadata such as your IP address, devices and MDPD apps you've used, history of username changes, etc. If collected, this metadata can be kept for 12 months maximum.
5.3. Spam and Abuse
To prevent phishing, spam and other kinds of abuse and violations of MDPD’s Terms of Service, our moderators may check messages that were reported to them by their recipients. If a spam report on a message you sent is confirmed by our moderators, your account may be limited from contacting strangers – temporarily or permanently. You can send an appeal using @Spambot. In case of more serious violations, your account may be banned. We may also use automated algorithms to analyze messages in cloud chats to stop spam and phishing.
5.4. Advanced features
We may use some aggregated data about how you use MDPD to build useful features. For example, when you open the Search menu, MDPD displays the people you are more likely to message in a box at the top of the screen. To do this, we calculate a rating that shows which people you message frequently. A similar rating is calculated for inline bots so that the app can suggest the bots you are most likely to use in the attachment menu (or when you start a new message with “@”). To turn this feature off and delete the relevant data, go to Settings > Privacy & Security > Data Settings and disable “Suggest Frequent Contacts”.
5.5. No Ads Based on User Data
Unlike other services, we don't use your data for ad targeting or other commercial purposes. MDPD only stores the information it needs to function as a secure and feature-rich cloud service. MDPD offers a tool for advertisers to promote their messages in public one-to-many channels, but these sponsored messages are based solely on the topic of the public channels in which they are shown. No user data is mined or analyzed to display ads or sponsored messages.
6. Who Your Personal Data May Be Shared With
6.1. Other MDPD Users
Other users of our Services with whom you choose to communicate with and share certain information, who may be located outside the EEA. Note that by entering into the Terms of Service and choosing to communicate with such other users of MDPD, you are instructing us to transfer your personal data, on your behalf, to those users in accordance with this Privacy Policy. We employ all appropriate technical and organizational measures (including encryption of your personal data) to ensure a level of security for your personal data that is appropriate to the risk.
6.2. MDPD’s Group Companies
We may share your personal data with: (1) our parent company, MDPD Group Inc, located in the British Virgin Islands; and (2) MDPD FZ-LLC, a group member located in Dubai, to help provide, improve and support our Services. We will implement appropriate safeguards to protect the security and integrity of that personal data. This will take the form of standard contract clauses approved by the European Commission in an agreement between us and our relevant group companies. If you would like more information regarding these clauses, please contact us using the details in section 12 below.
7. Your Rights Regarding the Personal Data You Provide to Us
7.1. Your Rights
Under applicable data protection legislation, in certain circumstances, you have rights concerning your personal data. You have a right to: (1) request a copy of all your personal data that we store and to transmit that copy to another data controller; (2) delete (see section 10 below) or amend your personal data; (3) restrict, or object to, the processing of your personal data; (4) correct any inaccurate or incomplete personal data we hold on you; and (5) lodge a complaint with national data protection authorities regarding our processing of your personal data.
7.2. Exercising Your Rights
If you wish to exercise any of these rights, kindly contact us using the details in section 12 below.
7.3. Data Settings
You can control how your data is used (e.g., delete synced contacts) in Settings > Privacy & Security > Data Settings (using one of our mobile apps). Sadly, if you're not OK with MDPD's modest minimum requirements, it won't be possible for us to provide you with our Services. You can delete your MDPD account by proceeding to the deactivation page.
8. Deleting data
8.1. Accounts
If you would like to delete your account, you can do this on the deactivation page. Deleting your account removes all messages, media, contacts and every other piece of data you store in the MDPD cloud. This action must be confirmed via your MDPD account and cannot be undone.
8.2. Messages
In secret chats, deleting a message always instructs the app on the other end to delete it too. In cloud chats, you can choose to delete a message for all participants within at least 48 hours after sending. Otherwise, deleting a message will delete it from your message history. This means that a copy will stay on the server as part of your partner's message history. As soon as your partner deletes it too, it's gone forever. As of version 5.5, any party can choose to delete any messages in one-on-one chats, both sent and received, for both sides. There is no time limit. Any party can also opt to clear the entire chat history for both parties, in which case the apps will be instructed to remove all messages in that chat, regardless of how many messages are retained by either of the participants. In supergroups and channels, deleting a message removes it for all participants. Note that deleted messages and original versions of edited messages from supergroups are stored for 48 hours after deletion in order to be shown in the admins log.
8.3. Self-Destructing Messages
Messages in Secret Chats can be ordered to self-destruct. As soon as such a message is read (2 checks appear), the countdown starts. When the timer expires, both devices participating in a secret chat are instructed to delete the message (photo, video, etc.). Media with short timers (less than a minute) are shown with blurred previews. The timer is triggered when they are viewed.
8.4. Account Self-Destruction
By default, if you stop using MDPD and do not come online for at least 6 months, your account will be deleted along with all messages, media, contacts and every other piece of data you store in the MDPD cloud. You can go to Settings to change the exact period after which your inactive account will self-destruct.
Changes to this Privacy Policy
We will review and may update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on this page https://MDPD-production-me.web.app/privacy.html. Please check our website frequently to see any updates or changes to our Privacy Policy