Hello there! Snikket is launching at FOSDEM 2020, come see us in the Realtime Lounge!

Snikket App Privacy Policy

Data shared with the Snikket developers

The Snikket app does not share your data with the app developers. If the app crashes, it may ask whether you want to send a crash report to the developers to help them fix the problem.

Push notification service (Play Store version only)

The Snikket developers operate a push service that is used by your Snikket service to notify your Snikket app using Google’s Android push notifications when there are incoming messages. This is used to overcome battery optimisations implemented by most modern Android versions. The Snikket app will register with the push service, which stores three identifiers:

  • Google Push ID (FCM token): Generated by Google Play Services on your phone. Google require this token so they know which device to deliver the notification to.
  • Snikket App ID (Android ID): Generated by Android when you install the Snikket app (older Android versions may share the same token across all installed apps). We use it to identify your push service registration because the Google Push ID can change.
  • Snikket Service ID (Node ID): Generated by the push service, we provide this to your Snikket service so it can tell us which device we need to send a notification to.

Our push service never sees your Snikket username, and none of these token/IDs are linked to your identity. A Snikket server will never share the content or metadata of any of your messages with the push service. The Snikket app fetches messages directly from the Snikket service where your account is registered.

Currently for diagnostic purposes the Snikket push service also stores the domain of the Snikket service where the push registration came from.

Data shared with your service operator

The Snikket app connects directly to any services that you register an account on. Be sure to review the privacy policy for your service.

Data that goes through your service operator includes:

  • Contacts that you add on Snikket (name and XMPP address only)
  • Messages (this includes text messages, images and other files)
  • Your profile picture, if you choose to upload one
  • Your OMEMO public keys used to enable people to send you encrypted messages

Data that is not shared with your service operator includes:

  • Your phone address book contacts. The Snikket app asks for permission to access your address book contacts so it can display the names and profile pictures of your contacts within the app. It does not send this information anywhere. If you opt-out of this permission, Snikket will work just fine.