We don't think about privacy as a box to check off. Instead, there are three different layers to privacy that we think about deeply, and we’re commited to making continuous progress on each.
Here's a link to our actual privacy policy, and we're also eager to share some of our underlying thinking in plain language below.
This is about making sure that you’re protected from businesses who should have nothing to do with your intimate relationships. We made a commitment on day one to never serve ads inside your Cocoon, sell your personal data to anyone, or monetize it in any way. The only business model that makes sense for us is one where people pay directly for the service. Our incentive should be to focus 100% on supporting you and your closest relationships, without having to balance that against the business goals of advertisers. We realize this is atypical in our industry. But it's an opportunity to take the right path instead of the easy path, and when it comes to your privacy we will happily do so.
Our customers are the people who use the app. We offer an optional paid subscription, Cocoon Memberships, that grants users an enhanced experience around the app.
This is about ensuring that your data is protected from other users of Cocoon, who you didn't explicitly choose to connect with. Cocoon is organized differently from almost any other social or messaging app, in order to maximize your privacy. There is no public directory of profiles or Cocoons. Content from one Cocoon can't be forwarded over to any other group. The whole point of the app is to carve out a space on the internet that you can share with just a handful of people you already know, trust, and care about. Again, we realize that all these decisions make it harder for us to grow in the same way as traditional social networks and messaging apps — but we'll happily prioritize privacy over growth.
You use Cocoon with a small number of people you explicitly choose to connect with, and that's it. With Cocoons, the way you gather your group together is designed to be as safe and error-proof as possible. In order for someone to join your Cocoon, you must pre-approve their access using their phone number or have access to a unique and expiring invite URL. If you accidentally invited the wrong person, you can revoke their access. We are currently exploring more advanced admin capabilities too, to ensure you have the maximum level of control.
This is about ensuring that your data is protected from bad actorswith malicious intent. To start, all data that flows in and out of your Cocoon is encrypted in transit using TLS. Data is also encrypted at rest, and stored on secure servers located in the US. At any time, you can request a full account deletion and we'll run a script to permanently wipe everything associated with your account. At the moment, data in Cocoon is not fully end-to-end encrypted. We have very strict policies in place as a result to protect against any misuse, and will only ever access your account to help you with a problem or track down a bug with your permission.
If end-to-end encryption is a #1 requirement for your group right now there are plenty of messaging apps whose entire value is encryption — they won't provide the exact same set of features as Cocoon but can certainly check that box. End-to-end encryption is something we are actively working towards, along with other data controls like the ability to export all of your content in a useful format.
We're at the very beginning of our journey. Given our commitment to ongoing progress in each category, we welcome your feedback, questions, and ideas for what privacy means to you and how we can serve you best. You can email us any time at contact@cocoon.com.
Here's the link again to our official privacy policy.
