Legal

Acceptable Use Policy

Last updated: Pre-launch draft

We cannot read your messages — but we can act on credible reports of abuse. Here is what's prohibited, and an honest account of how enforcement works when content is invisible to us.

This is a plain-language draft published for transparency while Cipher is pre-launch. It is not legal advice and will be reviewed by counsel before the product is generally available.

01The principle

Cipher exists so people can communicate freely and privately. That freedom is not a license to harm others. Use Cipher responsibly: use it to live freely, not to harm.

We are honest about the shape of enforcement. We cannot read your messages, so we cannot proactively scan content. We can and do act on credible reports of abuse.

02Strictly prohibited

  • Child sexual abuse material (CSAM) or any sexual content involving minors — zero tolerance, immediate termination, and reporting to the appropriate authorities (e.g. NCMEC) as required by law.
  • Credible threats of violence, or content that incites or facilitates violence against people.
  • Using Cipher to commit, facilitate, or coordinate illegal activity.
  • Harassment, stalking, or targeted abuse of others.
  • Impersonation intended to deceive or defraud.
  • Infringement of intellectual property rights that are not yours to use.
  • Abuse of the service itself — spam, fraud, or attempts to circumvent security, rate limits, or account protections.

03How enforcement actually works

Because of the zero-access architecture, we do not see message content and cannot monitor it. Our enforcement depends on reports from users and from people who receive content.

  • We provide in-app reporting so abuse can be flagged with the context needed to act.
  • Confirmed CSAM results in immediate account termination and legally required reporting.
  • Other violations may result in suspended or terminated access, depending on severity.
  • We commit to timely review — with priority service levels for CSAM and credible threats.

04What we honestly cannot do

  • We cannot proactively scan or pre-screen private messages — there is no readable content for us to scan.
  • We cannot recover deleted content, for a report or for anyone, including you.
  • We cannot identify a user from message content, because we never have it.

05Product safeguards

Alongside reporting, Cipher uses design-level 'circuit breakers' that reduce abuse without reading content — for example, group-size limits, no public user discovery, and limits on new-account velocity to curb spam and coordinated abuse.

06Reporting and transparency

Abuse can be reported through the in-app reporting tools available at launch. We intend to publish regular transparency reports covering reports received, actions taken, and legal process — so our enforcement is accountable, not opaque.

This is a pre-launch draft and will be reviewed by counsel before general availability.

CIPHER
Privacy PolicyTerms of ServiceSecurity