This page is written against the current codebase. It is meant to be a plain-language explanation of the launch version, not a wall of abstract policy text.
When you create an account, Igoon stores your email address, chosen handle, password hash, account timestamps, and whether the account is the room owner in the current release.
Email verification codes are sent to confirm sign-up and to approve new computers when a sign-in happens from an installation that has not already been trusted.
The desktop app can register a device name, platform, local IP address, listener port, last activity time, last seen time, message acknowledgement position, and manual availability state. This is how Igoon shows presence and decides when same-network delivery is possible.
Room messages are encrypted in the app before they are sent. The current desktop client uses AES-GCM for room message payloads and wraps room keys per device using RSA-OAEP envelopes.
The service coordinates delivery, presence, sync, and room access. It stores encrypted message payloads and room-key envelopes so devices can catch up and the room can be recovered when needed.
This launch site does not claim zero-knowledge messaging. The current backend includes a server-assisted recovery path so the owner can restore room access for a device that falls behind or loses current room access.
In plain terms: Igoon applies strong application-level encryption to room traffic, but it is not presented here as a system where the service is cryptographically incapable of assisting with recovery.
The app can upload diagnostic events to help troubleshoot failures. Those events can include the app version, platform, installation ID, device ID, transport mode, setup stage, error category, timestamps, and related debugging context.
Diagnostic events exist because the current release includes room recovery, transport switching, updater logic, and device registration flows that benefit from support visibility when something breaks.
The service keeps recent encrypted room history so signed-in devices can sync after reconnecting or signing in again. Room access records are also retained so the current room state can be restored for trusted devices.
For privacy questions about the current launch, contact support@igoon.org.
This page may be updated as the product, retention rules, and platform support evolve.
