Legal
Privacy Policy
Last updated: March 1, 2026
We collect the minimum data necessary to operate the Service. Your capsule content is end-to-end encrypted — we cannot read it, and we do not sell your data.
1. Introduction & Data Controller
This Privacy Policy describes how Yocaha (Chongqing) Smart Technology Co., Ltd. / 油菜花(重庆)智能科技有限公司 ("MissCaps", "we", "us", or "our") collects, uses, stores, and protects your personal information when you use the MissCaps application, website, and H5 capsule delivery pages (collectively, the "Service").
Data Controller: Yocaha (Chongqing) Smart Technology Co., Ltd. / 油菜花(重庆)智能科技有限公司
Contact: contact@misscaps.com
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Service.
2. Information We Collect
Information you provide directly:
- Email address or phone number — one of these is required for account registration and identity verification. We do not require both.
- Encrypted capsule content — text, images, and video you store in capsules. This is transmitted and stored as ciphertext; we cannot read it.
- Recipient contact information — email addresses and/or phone numbers of people you designate to receive capsules. You are responsible for having the right to share this information with us.
- Secondary Confirmer contact — if you appoint one, their contact information is stored for the purpose of confirmation workflows.
Information collected automatically:
- Check-in timestamps — the date and time of each check-in, used to determine whether the missed contact switch threshold is exceeded.
- Device time zone — used to correctly calculate check-in dates relative to your local time.
- IP address — collected for security, abuse detection, and rate limiting. Not linked to your identity for any other purpose.
- Subscription and purchase records — processed through Apple App Store, Google Play, and RevenueCat. We receive confirmation data; we do not receive raw payment card numbers.
We do NOT collect:
- • Capsule content in plaintext (impossible due to E2E encryption)
- • Location data, GPS coordinates, or geolocation
- • Biometric data (Face ID / fingerprint processing stays on your device)
- • Contacts, address book, or social graph data
- • Device identifiers beyond what the OS provides to the App Store SDK
- • Browsing history, cookies from other sites, or advertising identifiers
- • Any data beyond what is strictly necessary to provide the Service
3. How We Use Your Information
We use the information we collect exclusively to:
- Create and authenticate your account
- Send one-time verification codes (OTP) via email or SMS
- Monitor check-in status and trigger the missed contact switch when applicable
- Deliver capsule notification and access links to your designated recipients
- Send critical service alerts (e.g., approaching miss threshold warnings, account security notifications)
- Process and verify subscription status through RevenueCat
- Detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations (e.g., response to valid legal process)
- Improve the Service using anonymized, non-identifiable aggregate statistics
We do not use your data for advertising, profiling, or any purpose beyond operating the Service as described above. We do not sell, rent, or trade your personal information to any third party.
4. Data Storage & Security
Storage infrastructure:
- Account data & encrypted capsule content — PostgreSQL database hosted on Amazon Web Services (AWS), United States region.
- Images & videos — Amazon S3, United States region. All files are encrypted at rest (AES-256) and in transit (TLS).
- Capsule integrity proofHash — A SHA-256 fingerprint of each capsule's content is written to the Solana public blockchain. This hash is public, immutable, and permanently exists on a decentralized network outside our control. It does not contain personal information, but it cannot be deleted even upon account closure.
Security measures in place:
- TLS / HTTPS for all data in transit
- AES-256-GCM end-to-end encryption for all capsule content
- RSA-2048 key wrapping for the content encryption key
- PBKDF2 (SHA-256, 100,000 iterations) for PIN key derivation
- bcrypt (cost factor 12) for account password hashing
- Server-side access controls — our staff cannot decrypt your capsule content
5. Privacy PIN & End-to-End Encryption
Your Privacy PIN is the cornerstone of MissCaps' end-to-end encryption. When you set a PIN, your device generates an RSA-2048 key pair. The private key is encrypted with a key derived from your PIN and uploaded in encrypted form. The PIN itself is never transmitted to our servers.
We cannot reset your Privacy PIN — but you can, using recovery codes.
- • Our servers store only the encrypted private key. Without your PIN, this blob is cryptographically indistinguishable from random data. We have no way to decrypt it.
- • When you first set a Privacy PIN, the app generates 8 one-time recovery codes. If you forget your PIN, you can use a recovery code to re-encrypt your private key with a new PIN — entirely on your device, without losing any capsule data.
- • If you forget your PIN and have no remaining recovery codes, all your encrypted capsule content becomes permanently inaccessible. No recovery process exists that preserves your data in this scenario.
- • Treat your Privacy PIN and recovery codes like the combination to a physical vault. Store them somewhere safe offline.
Because we cannot decrypt your content, we are unable to produce it in response to legal process, data access requests, or any other demand. This is a deliberate architectural choice, not a policy limitation.
6. Third-Party Service Providers
We share data with the following service providers only to the extent necessary to operate the Service. These are data processors acting under our instruction; they are contractually prohibited from using your data for their own purposes.
| Provider | Purpose | Data location |
|---|---|---|
| Amazon Web Services | Database & file storage | United States |
| Solana Blockchain | Immutable proofHash (public) | Decentralized |
| RevenueCat | Subscription management | United States |
| Apple / Google | In-app purchase processing | Per platform |
| SMTP / SMS provider | Transactional email & SMS | Per provider |
We do not share your data with advertisers, data brokers, analytics companies, or any party not listed above.
7. Communications
We send only the following types of messages:
- One-time verification codes (OTP) — for login and sensitive actions
- Miss threshold warnings — alerts that your check-in deadline is approaching
- Capsule delivery links — sent to recipients when a capsule is triggered
- Secondary Confirmer notifications — asking your confirmer to verify your status
- Account security alerts — for unusual login activity or account changes
- Service-critical notices — material changes to Terms or Privacy Policy, or service discontinuation notices
We do not send marketing emails, promotional SMS, newsletters, or any unsolicited commercial communications. Ever.
Service-critical communications (threshold warnings, delivery links, security alerts) cannot be opted out of, as they are integral to the Service's operation. If you wish to stop receiving them, you must close your account.
8. Data Retention
| Data type | Retention period |
|---|---|
| Account data & capsule content | Until account closure + 30 days |
| Check-in activity logs | 90 days rolling |
| Purchase / billing records | 7 years (legal / tax compliance) |
| Security & access logs (IP) | 90 days |
| Solana proofHash | Permanent (blockchain — cannot be deleted) |
When you close your account, we initiate deletion of all personal data within 30 days, subject to legal retention obligations. The SHA-256 proofHash written to the Solana blockchain cannot be deleted — this is an inherent property of public blockchains and is disclosed in advance.
9. Your Rights
GDPR rights (EU / EEA residents):
- Right to Access — request a copy of the personal data we hold about you
- Right to Rectification — correct inaccurate personal data
- Right to Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations and the blockchain exception above
- Right to Data Portability — receive your data in a structured, machine-readable format
- Right to Restriction — restrict how we process your data in certain circumstances
- Right to Object — object to processing based on legitimate interests
- Right to lodge a complaint with your national data protection supervisory authority
CCPA rights (California residents):
- Right to Know — the categories and specific pieces of personal information collected about you
- Right to Delete — request deletion of your personal information
- Right to Non-Discrimination — we will not deny you service or charge different prices for exercising your rights
- Opt-Out of Sale — we do not sell personal information; this right is not applicable
To exercise any of the above rights, email us at contact@misscaps.com. We will respond within 30 days. We may need to verify your identity before fulfilling requests.
Note: Because capsule content is end-to-end encrypted and we do not hold decryption keys, we are unable to produce capsule plaintext in response to data access requests. We can provide the encrypted ciphertext, which is technically useless without your Privacy PIN.
10. Children's Privacy
MissCaps is not directed to, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal information from minors.
If we become aware that a user under 18 has created an account, we will immediately terminate the account and delete all associated data. If you believe a minor is using MissCaps, please contact us at contact@misscaps.com.
11. International Data Transfers
MissCaps stores data in the United States (AWS). If you access the Service from outside the United States — including from the European Economic Area, the United Kingdom, or Switzerland — your data will be transferred to and processed in the United States.
For transfers from the EU/EEA, we rely on appropriate transfer mechanisms as recognized under applicable data protection law, which may include Standard Contractual Clauses (SCCs) adopted by the European Commission.
By using the Service, you acknowledge that US data protection standards may differ from those in your country. We take steps to ensure that your data receives an adequate level of protection regardless of where it is processed.
13. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes — such as new data categories, new third-party sharing, or significant changes to user rights — we will notify you by email at least 30 days before the change takes effect.
Non-material updates (corrections, clarifications, formatting) may be made at any time and will be reflected by the "Last updated" date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.
14. Contact & Supervisory Authority
For any questions, concerns, or data rights requests under this Privacy Policy:
Yocaha (Chongqing) Smart Technology Co., Ltd. / 油菜花(重庆)智能科技有限公司
contact@misscaps.comIf you are an EU/EEA resident and believe we have not addressed your concern adequately, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence or place of work.