We never share your data with anyone. No.
Potato only stores the data it needs to function properly — for as long as you want Potato to function.
Potato is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers, so that you can access your data from any of your devices anytime and use our instant server search to quickly access your messages from waaay back. All data is stored heavily encrypted and the encryption keys in each case are stored in several other DCs in different jurisdictions. This way local engineers or physical intruders cannot get access to user data.
Secret chats use end-to-end encryption. This means that all data is encrypted with a key that only you and the recipient know. There is no way for us or anybody else without direct access to your device to learn what content is being sent in those messages. We do not store your secret chats on our servers. We also do not keep any logs for messages in secret chats, so after a short period of time we no longer know who or when you messaged via secret chats. For the same reasons secret chats are not available in the cloud — you can only access those messages from the device they were sent to or from.
When you send photos, videos or files via secret chats, before being uploaded each item is encrypted with a separate key, not known to the server. This key and the file’s location are then encrypted again, this time with the secret chat’s key — and sent to your recipient. He can then download and decipher the file. This means that the file is technically on one of Potato’s servers, but it looks like a piece of random indecipherable garbage to everyone except for you and the recipient. We don’t know what this random data stands for and we have no idea which particular chat it belongs to. We periodically purge this random data from our servers to save disk space.
Potato uses phone numbers as unique identifiers, so that it is easy for you to switch from other messaging apps (SMS, WhatsApp, etc.) and retain your social graph. We ask your permission before syncing your contacts. We store your contacts in order to notify you as soon as one of your contacts signs up for Potato and to properly display names in notifications. We only need the number and name (first and last) for this to work and store no other data about your contacts.
When you enable 2-step-verification for your account, you can opt to set up a password recovery email. This address will only be used to send you a password recovery code, if you forget it. That's right: no marketing or “we miss you” bullshit.
If you would like to delete your account, you can do this on the deactivation page. Deleting your account permanently removes all your messages, groups and contacts. This action must be confirmed via your Potato account and cannot be undone.
Everything you delete is deleted forever. Except for cats. We never delete your funny cat pictures, we love them too much. When you delete a message, you delete it from your message history. This means that a copy still stays on the server as part of your partner‘s message history. As soon as your partner deletes it too, it’s gone forever. Potato's goal is not to bring profit and we value the disk space on our servers greatly.
Messages in Secret Chats can be ordered to self-destruct. As soon as such a message is read (2 checks appear), the countdown starts. When the time is out, both devices participating in a secret chat are instructed to delete the message (photo, video, etc.).
Potato is not a commercial organization and we value our disk space greatly. If you stop using Potato and do not login for at least 6 months, your account will be deleted along with all messages, media, contacts and every other piece of data you store in the Potato cloud. You can change the exact period after which your inactive account will self-destruct in Settings.