Using Germ DM
This page was last updated on August 27, 2024
This guide explains how Germ’s technology works and how to understand and use our features to protect your experience. Some of our features and ways of interacting may be familiar to you and others may be new. Germ DM is an emerging product that is continually growing in response to your feedback, which we gladly receive by email or in our Discord.
Storing and Saving Your Information
What does Germ know about me? How do you know it?
Germ is designed such that its developers know very little about you and your activity.
Your cards and messages are all end-to-end encrypted so that Germ’s developers and servers cannot see them.
When you install the Germ app, it generates a new signing key, and registers it with Germ’s servers. This key is used to authenticate uploads of encrypted cards, request addresses from the backend, and retrieve messages delivered to those addresses. The app will also upload a device push token, which is an address Germ can use to request that Apple sends a push notification to your device. This device push token is scoped to the Germ app and cannot be used to track you across apps from different developers via your phone.
Germ can observe that devices requested some addresses, uploaded some encrypted cards, and that messages were sent and retrieved for those reserved addresses. Germ does not have information to tie devices or addresses to card identities, unless someone reports the information on a card to Germ.
Where are my messages saved?
Your messages reside in the Germ app on your phone. When you send a message, you save a copy on your phone for your conversation history. The app end-to-end encrypts the message contents for the recipient on your device, then sends the encrypted message to Germ for delivery. Germ keeps the encrypted messages only as long as necessary for delivery, up to 30 days if the recipient is offline. When your messages leave your device, they’re end-to-end encrypted so that only the recipient can read them. Once your friend receives and decrypts your message, that message is then saved in the Germ app on their phone.
What about backup?
You have many options with which to backup your phone, and the Germ app tries to match your expectations for the particular option(s) that you choose to use. In most cases, including the recovery mechanisms that Apple provides, your messages are protected by a secret only you know, and can only be recovered by you.
Sensitive data in the Germ app – private keys, symmetric keys, and message contents — are protected on-device with keys stored in the iOS keychain. If you use iCloud Keychain, these keys are recoverable by you, but cannot be accessed by Apple.
What does this mean? Your cards and message contents will be restored, and you can continue your conversations, if you transfer or restore your phone data in a way that preserves the contents of the iOS keychain, such as:
Your sensitive data, including message contents, are not recoverable unless you can recover the phone’s keychain data, which is commonly protected by a secret only you know. If you use iCloud Backup but want to exclude all Germ data from it, you can do so in iCloud Settings.
