Privacy Policy
Last updated: 26 June 2026
Via is a private messaging application built around a simple principle: we should not be able to read your messages, and we should collect as little about you as possible. This Privacy Policy explains what limited information we process, why, and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Who we are
The data controller responsible for your personal data is:
Avčinova ulica 6, 1000 Ljubljana, Slovenia
Contact legal@viamessaging.eu
2. Our privacy-first design
Via is engineered so that we hold as little data as technically possible:
- End-to-end encryption (E2EE). All messages are encrypted on your device and can only be decrypted by the intended recipient. We cannot read the content of your messages, and neither can anyone else who might intercept them.
- Blind relay. Our servers act as a blind relay. We do not maintain a history of your conversations. Encrypted messages are stored only temporarily while they are queued for delivery, and are deleted once delivered.
- Hashed phone numbers. Your phone number is used to set up your account and to help you find contacts, but it is stored in hashed form rather than as a readable number.
3. What data we process
a. Account information
- Phone number (hashed) — used to register your account and enable contact discovery. We store it as a hash, not in plain text.
- Name and surname (optional) — only if you choose to provide them, to make it easier for your contacts to recognise you.
- Date of birth — used to confirm you meet the minimum age requirement and to comply with applicable law.
b. Message data
- Queued (undelivered) messages — encrypted messages are held briefly on our relay only until they reach the recipient's device, then deleted. Because they are end-to-end encrypted, we cannot access their content at any point.
c. What we do not collect
- We do not store the content or history of delivered messages.
- We do not store readable phone numbers.
- We do not sell your data, and we do not build advertising profiles.
4. Legal bases for processing (GDPR Article 6)
- Performance of a contract — processing your hashed phone number and queued messages is necessary to provide the messaging service you sign up for.
- Consent — optional information such as your name and surname is processed only with your consent, which you may withdraw at any time.
- Legal obligation — we process your date of birth to meet age-verification and other legal requirements.
5. How long we keep data
- Queued messages are deleted as soon as they are delivered, or after a short expiry period if they cannot be delivered.
- Account information is kept for as long as your account is active. When you delete your account, we delete the associated account information.
6. Where your data is processed
Via is focused on the European market, and we process data on infrastructure located within the European Union / European Economic Area. If any processing ever takes place outside the EEA, we will ensure appropriate safeguards under GDPR (such as Standard Contractual Clauses) are in place.
7. Sharing your data
We do not sell or rent your personal data. We share data only in limited circumstances:
- Infrastructure providers who host our relay servers, acting as processors under our instructions and bound by data-protection agreements.
- Legal requirements — we may disclose limited information where required by law. Because of our design, the data we are able to provide is minimal, and message content is never accessible to us.
8. Your rights under GDPR
As a data subject in the EU, you have the right to:
- Access the personal data we hold about you;
- Request rectification of inaccurate data;
- Request erasure of your data ("right to be forgotten");
- Restrict or object to certain processing;
- Data portability;
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us at legal@viamessaging.eu. You also have the right to lodge a complaint with your local supervisory authority. In Slovenia, this is the Information Commissioner (Informacijski pooblaščenec).
9. Children
Via is not intended for children below the minimum age required in their country. We use your date of birth to help enforce this. If you believe a child has provided us with personal data, please contact us so we can remove it.
10. Security
End-to-end encryption is at the core of Via's security model. In addition, we apply technical and organisational measures to protect the limited data we hold, including hashing of phone numbers and prompt deletion of delivered messages.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you within the app.
12. Contact
For any questions about this Privacy Policy or your data, contact us at legal@viamessaging.eu.