Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person is entitled to the protection of their privacy and to protection against misuse of their personal data. We comply with these provisions. Personal data is treated in strict confidence and is neither sold nor shared with third parties.

Data processing is based on the following legal grounds:

• Swiss DSG: Processing for contract performance and based on legitimate interests.
• EU GDPR (for users in the EEA): Art. 6(1)(b) (contract performance), Art. 6(1)(f) (legitimate interest in operating and securing the service).

RENEX collects as little personal data as possible. Specifically:

• Handle (username): Freely chosen, used for identification within the app.
• Passkey data: WebAuthn credentials are stored locally on your device. We only store the public key and a credential ID for authentication.
• Messages: All messages are end-to-end encrypted (AES-256-GCM + X25519 ECDH). The server stores only encrypted data that cannot be read without the participants' private keys.
• Metadata: To deliver messages, communication relationships (who communicates with whom) and timestamps are stored. This metadata is technically necessary for the operation of the service.
• Technical data: IP address and user agent are temporarily processed in session data for the operation and security of the service. RENEX only logs technical metadata for stability and security, never message content or keys.

The collected data is used exclusively for the following purposes:

• Providing and operating the messaging service
• Authentication via WebAuthn/Passkeys
• Delivering encrypted messages
• Ensuring technical functionality and security

RENEX uses end-to-end encryption for all messages. Encryption keys are generated and stored exclusively on users' devices. The operator has no access to the plaintext of messages at any time. Users are responsible for creating backups of their private keys or messages.

• Messages: Messages with auto-delete enabled are deleted client-side after the chosen period expires. Messages without auto-delete remain stored until the user deletes them or removes their account.
• Account deletion: You can delete your account at any time within the app. All messages and contact data are removed. Your handle is reserved for 300 days to prevent identity abuse, then released.
• Metadata: Communication relationships are cleaned up upon account deletion.
• Technical data: IP addresses and user agent data in sessions are not stored permanently and expire with the session.

RENEX does not use tracking cookies. Only technically necessary data is stored in the browser's local storage (localStorage/sessionStorage), such as session data and encryption keys.

• Cloudflare: RENEX is hosted via Cloudflare (CDN, Workers, D1, R2). Cloudflare may process technical data such as IP addresses according to their own privacy policy. Data may be processed on servers in the USA. Transfer is based on the EU Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
• Cloudflare Turnstile: Used for bot detection on certain pages (e.g., feedback, invitations). No personal data is shared with third parties.
• GIF Search (Tenor / Google): We use the Tenor API (Google LLC, USA) for the GIF search feature. Search queries are anonymized through our servers — Tenor does not see your IP address or handle. Google processes search queries according to their privacy policy. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Third-country transfer is based on the EU-US Data Privacy Framework.

RENEX implements the following technical and organizational measures to protect your data:

• All connections are exclusively encrypted via TLS 1.3 / HTTPS.
• Message content is end-to-end encrypted (AES-256-GCM + X25519 ECDH) — the server cannot decrypt it.
• Private keys never leave the user's device.
• Authentication is exclusively via WebAuthn/Passkeys — no passwords are stored.
• Infrastructure is operated through Cloudflare, with DDoS protection and Web Application Firewall.

RENEX does not store connection logs. Neither IP addresses nor access logs are permanently recorded. Technical data in sessions expires automatically with the session.

Personal data is not sold, traded, or otherwise transferred to third parties, unless there is a legal obligation to do so.

Data may be transferred to the USA in connection with the third-party services mentioned in section 9. This transfer is secured by the EU Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework.

Under the Swiss Data Protection Act (DSG) and the EU GDPR, you have the following rights:

• Right of access: You can request information about your stored data at any time.
• Right to rectification: You can request the correction of inaccurate data.
• Right to deletion: You can request the deletion of your data. You can delete your account at any time within the app.
• Data portability: You have the right to receive your data in a common format.
• Right to object: You can object to the processing of your data at any time.

Requests should be directed to:

For questions about data protection, access requests, or complaints, please contact:

If you would like to report abuse, illegal content, or security-related issues in connection with RENEX, please contact us at:

Use of RENEX requires a minimum age of 16 years. Persons under 16 may only use the service with the consent of a legal guardian.

We reserve the right to amend this privacy policy at any time. The current version is always available on this page.