Vega is a private messenger. We collect the minimum needed to make the app work, and we don't sell, share, or use your data for advertising. Your direct messages are end-to-end encrypted.
Direct messages between two users are end-to-end encrypted with libsignal PQXDH — the post-quantum hybrid X3DH protocol developed by Signal. The server stores only ciphertext and cannot decrypt your messages.
In the app, open a peer's profile to see the "Peer's key" (the peer fingerprint) — a 16-character identity code. Compare it with the same code on your peer's device, out-of-band, to verify there is no man-in-the-middle.
Voice and video calls run over LiveKit. Call media is end-to-end encrypted with SFrame (AES-GCM) using a per-call key wrapped under your libsignal session, so neither Vega nor the media server can decrypt it.
Your own sent history. Signal-protocol ciphertext can only be decrypted by the recipient — so after a reinstall, your own sent messages would normally be unreadable to you. Vega also stores a second copy of each outgoing encrypted message — a self-envelope — sealed on your device with AES-256-GCM under a key derived from your 24-word recovery phrase. That key never leaves your device and we cannot derive it: whoever holds the phrase holds the history. If you sign in on a new device with just your password, the app will ask for the phrase before it can unlock your sent history.
Vega relies on a small set of infrastructure providers:
We don't share user data with advertisers, data brokers, or social networks. These providers are bound by their own privacy terms and act only as processors for the data we send them.
Vega's age rating is assigned by the App Store based on its content questionnaire. The app is not directed at children, and we do not knowingly collect data from minors.
We respond only to legally binding requests that are valid in the jurisdiction where Vega operates, addressed to legal@vegamessenger.com. Informal requests are not a channel for disclosure.
Because messages and calls are end-to-end encrypted, their content is technically unavailable to us — we cannot produce it for anyone, including ourselves. The only data that can exist in response to a valid legal order is account metadata: username, registration date, and activity timestamps.
If we materially change this policy we will notify users via an in-app banner before the change takes effect.
Questions, requests, or privacy concerns: hello@vegamessenger.com