Privacy Policy

Last updated: March 2026

Our commitment

The TOTEM Contacts application was designed to give its users back control over their personal data. We believe that data exchanges between individuals should remain private and that this should be a fundamental right of the digital economy. This strong commitment from TOTEM Contacts to protect your personal data is reflected in the following privacy policy.

In brief

  • No account creation required to use TOTEM Contacts.
  • No collection of personal data – we do not collect names, email addresses, phone numbers or any other personal information.
  • TOTEM Contacts does not store the data exchanged between users or the transactions between them – everything happens on your device with encrypted connections.
  • For security purposes and if the user chooses, TOTEM Contacts offers the option to back up data on MY TOTEM Company's secure servers. This backup is encrypted and accessible only by the user. If the user loses their access credentials, their data will be lost.
  • MY TOTEM Company can never read your data and therefore cannot share, disclose or sell it to third parties.
  • Since all data is encrypted, we only collect anonymised technical data related to the use of TOTEM Contacts for improvement purposes and to ensure the proper functioning of the application.

Full control over your personal data

  • Delete personal data that you have shared with one or more contacts. This deletion will be immediate and automatic across all Faces you have shared with your contacts.
  • Edit or add personal data, such as a phone number, email address, postal address, etc. The change will be instantly updated in your contacts' TOTEMs.
  • Delete a contact: if you remove a contact from your contact list, all data you previously shared with them will be immediately deleted from their TOTEM. Conversely, all data from that contact present in YOUR TOTEM will also be deleted.
  • Portability: your exchanged data and your contacts' data never leave your device, unless you back them up using MY TOTEM Company's optional backup service.
  • Permanent deletion of the app: if you wish to stop using TOTEM Contacts, you can first delete your backup if you have enabled the service in the application settings. All data shared with your contacts will then be completely removed from their TOTEMs. No trace of your data will remain.

Data stored on your device only

Identity key (UID)

  • A cryptographic key generated on first launch.
  • Stored locally in your device's secure storage.
  • Allows favourite relationships to be preserved even after the application restarts.
  • Never leaves your device.

Display name

  • The display name you choose (or generated automatically).
  • Stored only on your device.
  • Shared with contacts with whom you exchange data.

Temporary session data

During each exchange session between users, TOTEM Contacts temporarily maintains:

  • Active connections between contacts (forgotten when the application closes).
  • Routing information for message distribution.
  • Cached messages for offline contacts (12 hours maximum).

What data is shared?

When you share your data with a contact using TOTEM Contacts, they will see:

  • The nickname you chose in the Face you are sharing.
  • The data you have chosen to share with that contact.

What we do NOT do

  • Ask you to create a user account.
  • Collect your personal information.
  • Track your location.
  • Store your data on servers (except for the optional backup service).
  • Analyse, sell or share your data with third parties.

Encryption

Your data is encrypted on your device and only accessible after unlocking the application (Face ID or passcode).

Encryption layers

TOTEM Contacts uses multiple layers of encryption to protect your data:

  • Local database: all data stored on your device is encrypted with AES-256 (SQLCipher).
  • Data at rest: your personal data (Faces, pictures, events) is encrypted using JSON Web Encryption (JWE) with RSA-OAEP-256 key encryption and AES-128-CBC-HS256 content encryption before leaving your device.
  • Key exchange: when your device first connects to the service, encryption keys are established through an X25519 Elliptic Curve Diffie-Hellman (ECDH) key agreement, protected by AES-256-GCM.
  • Transport: all communications between your device and our servers use TLS 1.3.

Key storage

  • On iOS: keys are stored in the Secure Enclave and Keychain.
  • On Android: keys are stored in StrongBox and KeyStore.

Important note

Encryption keys used to protect your data are currently managed with the assistance of our servers. This means that while your data is encrypted during storage and transit, MY TOTEM Company's infrastructure participates in the key management process. We are actively working toward fully client-side key generation, which will ensure that only you can ever access your data.

Children's privacy

TOTEM Contacts does not include any age verification as it does not collect any personal information.

Security measures

  • All data exchanges are encrypted.
  • Regular security updates.
  • Cryptographic signatures prevent any tampering.

Changes to this policy

If we update this policy:

  • The “Last updated” date will change.
  • The updated policy will be included in the application.
  • No retroactive change can affect your personal data (since we do not collect any).

Contact

For any privacy-related question: privacy@mytotem.world