iM
iMegha
Get Early Access

Privacy Policy

Last updated: April 5, 2026

Overview

iMegha ("we", "our", "us") is a personal cloud platform that gives you absolute ownership of your data. Unlike traditional cloud services, your files and messages are stored in your own AWS account — not on our servers. We operate on a zero-knowledge architecture: we cannot access, read, or decrypt your content.

This Privacy Policy explains what information we collect, how we use it, and your rights.

What We Collect

Account Information (stored on our platform)

  • Email address — for authentication and account recovery
  • iMTag — your unique username for discovery
  • Encrypted keys — your Data Encryption Key (DEK) encrypted with your password. We cannot decrypt it.
  • Public key — your RSA public key for secure sharing (not secret)
  • Connection graph — who you're connected with (not message content)
  • Device push tokens — for delivering push notifications to your phone

What We Do NOT Collect or Store

  • Your files or file contents (encrypted or plaintext)
  • Your messages or message contents
  • Your photos, videos, or documents
  • Your password or encryption keys in plaintext
  • Your profile information (name, bio, phone — stored in your cloud only)
  • Your browsing history or app usage analytics

Your Data, Your Cloud

Personal Cloud users deploy infrastructure to their own AWS account. All your content is stored there:

  • Files encrypted with per-file keys (AES-256-GCM) in your S3 bucket
  • Messages encrypted with per-conversation keys in your DynamoDB
  • Profile data, albums, and audit logs in your account
  • You pay AWS directly for your usage — no middleman

When you share a file, it stays in your cloud. Recipients access it from your account via encrypted links — no copies are made (zero-copy sharing).

End-to-End Encryption

All content is encrypted on your device before it leaves your browser or app. Our servers only ever see encrypted data. We use:

  • AES-256-GCM for file and message encryption
  • RSA-2048-OAEP for secure key exchange
  • PBKDF2-SHA256 (100,000 iterations) for password-based key derivation
  • 24-word BIP39 recovery phrase for account recovery

Push Notifications

When you enable push notifications, we store your device token to send alerts via Apple Push Notification service (APNs). Push notifications contain only metadata (sender name and "sent a message") — never message content. You can disable notifications at any time in your device settings.

Third-Party Services

  • Amazon Web Services (AWS) — infrastructure for both our platform and your personal cloud
  • Amazon Cognito — authentication (email/password, not social login)
  • Apple Push Notification service — push notification delivery

We do not use analytics services, advertising networks, or tracking pixels.

Data Retention

Your content lives in your AWS account for as long as you keep it. If you delete your account, we remove your record from our platform. Your personal cloud remains in your AWS account under your control — you can delete it anytime by removing the CloudFormation stack.

Your Rights

  • Access — You own your AWS account and can access all your data directly
  • Portability — Your data is in standard AWS services (S3, DynamoDB). Export anytime.
  • Deletion — Delete your CloudFormation stack and all data is gone
  • No vendor lock-in — You own the infrastructure

Children's Privacy

iMegha is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email or in-app notification.

Contact

If you have questions about this privacy policy, contact us at privacy@imegha.net.