Last Updated: February 19, 2026
At RandomChat.io, we take your privacy seriously. This policy explains what information we collect, how we use it, the legal basis for processing, and your rights under the General Data Protection Regulation (GDPR/DSGVO) and other applicable laws.
1. Data Controller
The data controller responsible for the processing of your personal data is:
RandomChat.io
Website: https://randomchat.io
2. Information We DON'T Collect
RandomChat is built on the principle of anonymity. We do NOT collect:
- Personal Information: No names, emails, phone numbers, or addresses
- Chat History: We don't record or store your conversations
- Video/Audio Recordings: Your streams are peer-to-peer, never stored on our servers
- User Accounts: anonymous means no profile data
- Precise Location Data: We don't track your GPS or precise location
3. Information We Do Collect
To provide our service, we collect minimal technical data:
- IP Address: Temporarily processed for connection pairing, security enforcement, and abuse prevention
- Connection Metadata: Timestamps for security monitoring
- Language Selection: Your chosen language preference for translation features
- Browser User Agent: For security and compatibility purposes
- Anonymous Analytics: Page views and feature usage (aggregated, not personal) — only with your consent
4. Legal Basis for Processing (Art. 6 GDPR)
We process your data based on the following legal grounds:
- Contract Performance (Art. 6(1)(b)): Processing necessary to provide the chat service you requested (connection pairing, WebRTC signaling)
- Legitimate Interest (Art. 6(1)(f)): Security enforcement, abuse prevention, IP-based banning, and service integrity. Our legitimate interest is protecting users from harmful content and ensuring platform safety.
- Consent (Art. 6(1)(a)): Analytics cookies (Google Analytics) are only loaded after you explicitly consent via our cookie banner. You can withdraw consent at any time.
5. Third-Party Services & Data Transfers
RandomChat uses these third-party services, which may involve data transfer to countries outside the EU/EEA:
5.1 Google Analytics
- Used for aggregated, anonymous usage statistics (page views, feature usage)
- IP anonymization is enabled (last octet is truncated before processing)
- Only loaded after you provide explicit consent via our cookie banner
- Provider: Google LLC, USA
- Transfer safeguard: EU-US Data Privacy Framework / Standard Contractual Clauses
- Privacy policy: https://policies.google.com/privacy
5.2 Google Translate
- Used for real-time message translation when you enable the translation feature
- Chat messages are sent to Google's translation API for processing and are not stored by us
- Provider: Google LLC, USA
- Transfer safeguard: EU-US Data Privacy Framework / Standard Contractual Clauses
5.3 Cloudflare
- Used for CDN, DDoS protection, and security
- May process IP addresses and request metadata
- Provider: Cloudflare, Inc., USA
- Transfer safeguard: EU-US Data Privacy Framework / Standard Contractual Clauses
5.4 WebRTC (Peer-to-Peer)
- Video and audio streams are transmitted directly between users via WebRTC
- A TURN relay server may be used when direct peer-to-peer connections are not possible
- Note: WebRTC connections may expose your IP address to your chat partner. We use a TURN server to mitigate this where possible.
6. Cookies & Local Storage
RandomChat uses minimal cookies and local storage:
- Essential (no consent required): Language preference, cookie consent choice, age verification confirmation, session functionality
- Analytics (consent required): Google Analytics cookies — only set if you click "Accept All" in our cookie banner
- No Tracking/Advertising Cookies: We do not use any tracking, retargeting, or advertising cookies
You can manage or delete cookies at any time through your browser settings.
7. Data Retention
- Chat Messages: Not stored. Messages are delivered in real-time and not saved on our servers.
- Video/Audio: Never recorded or stored. Peer-to-peer only.
- Server Logs (IP, timestamps): Retained for up to 7 days for security purposes, then automatically deleted
- Ban Records: IP-based bans may be retained for the duration of the ban (up to 365 days) for safety enforcement
- Analytics Data: Aggregated and anonymized, not linked to individuals
7a. Age Assurance
Before you can start an anonymous chat session, we ask you to confirm your age by capturing a single photo from your camera. We treat this as a one-time, in-memory operation:
- What is sent: a single JPEG frame (typically 30 KB) of your face. The capture happens only after you tick the consent checkbox on /age-check.
- Where it goes: our own age-estimation service, running on the same server as the rest of RandomChat. No third party receives the image.
- How long we keep it: the image is held in memory only for the duration of the analysis (about 250 ms), then discarded. We do not write it to disk, do not log it, and do not build any biometric template or profile from it.
- What we do keep: only the pass/fail result and the time the check happened, stored in a signed cookie (
rc_age_ok) on your device for up to 90 days. Clearing the cookie returns you to the unverified state. - Lawful basis: Art. 6(1)(f) GDPR (legitimate interest in preventing minors from accessing user-generated content not intended for them), with explicit Art. 9 consent for the brief biometric processing the check requires.
- If you object: you can decline the consent checkbox. Without a successful age check we cannot grant access to the chat — there is no fallback flow. This is by design.
7b. Google Sign-In
To start a chat session, we ask you to sign in with your Google account. We treat the sign-in as identity-only — no profile data is stored:
- What is sent: when you click "Sign in with Google", your browser is redirected to Google's authentication service. After you authenticate, Google returns a temporary code that our server exchanges for an access token. We then make one HTTPS call to Google's OpenID Connect userinfo endpoint with that token.
- What we receive from Google: the OIDC userinfo response includes your unique Google subject identifier (
sub), your email address, your display name, and your profile picture URL. We immediately discard everything except thesub. The email, name, and photo are never written to disk, never logged, never analyzed. - What we store: only an irreversible SHA-256 hash of the
sub, the timestamp of your first sign-in, the timestamp of your most recent sign-in, and (if applicable) a moderation ban state. The rawsubitself is never persisted; only its hash. A database leak yields no Google-account-usable identifiers. - How long we keep it: active accounts (signed in within the last 24 months) are retained while the account is in use. Inactive accounts auto-delete after 24 months of no sign-in. Banned accounts may be retained indefinitely for moderation enforcement. You can request immediate deletion at any time (see below).
- Lawful basis: Art. 6(1)(b) GDPR (performance of contract — recognizing returning users to provide the service) and Art. 6(1)(f) GDPR (legitimate interest in community moderation, specifically preventing banned users from rejoining under a fresh IP).
- Recipients: none. Your sign-in data is processed only on our servers in Germany. Google itself is an independent data controller for the authentication action they perform — we are not a processor for them, and they are not a processor for us. Google's privacy policy governs what Google does with your account; see policies.google.com/privacy.
- Right to erasure (Art. 17 GDPR): while signed in, you can permanently delete your record at any time. Use the "Forget me" option in your account menu, or POST to
/auth/forget-mewith the appropriate session cookie. The deletion is immediate and irreversible. If you would prefer to submit the request by email, contact [email protected]. - Right to access (Art. 15 GDPR): the full content of your record is exactly four items: the SHA-256 hash, two timestamps, and a ban flag. We can confirm this on email request to the address above.
- No automated decision-making: ban decisions are made by a human moderator. There is no Art. 22 GDPR concern.
- Note on age verification: Google Sign-In is not an age-verification mechanism. The face age estimation described in §7a is what verifies you are 18 or older. Google sign-in only establishes a stable identifier so we can enforce bans.
7c. Sign in with Apple
As an alternative to Google, you can sign in with your Apple ID. The same identity-only principle from §7b applies, with even less data in transit:
- What is sent: when you click "Sign in with Apple", your browser is redirected to Apple's authentication service. After you authenticate, Apple returns a temporary code that our server exchanges for an identity token in a direct server-to-server call.
- What we receive from Apple: we deliberately request no data scopes at all — not your name and not your email address. Apple's identity token therefore contains only your unique Apple subject identifier (
sub) and technical validity fields. - What we store: identical to §7b — only an irreversible SHA-256 hash of the
sub, first/most-recent sign-in timestamps, and (if applicable) a moderation ban state. The rawsubis never persisted. - Retention, lawful basis, erasure, access, no automated decision-making, age-verification note: exactly as described in §7b. The "Forget me" deletion at
/auth/forget-meremoves an Apple record the same way it removes a Google record. - Recipients: none. Apple is an independent data controller for the authentication action they perform; see apple.com/legal/privacy.
7d. Username Accounts (no email)
As a third option you can create an account with just a username and password — no email address is required or collected, and there is nothing to verify.
- What we store: the username you choose (a pseudonym — please do not use your real name or any identifying information), a salted bcrypt hash of your password (never the password itself), and the timestamps of your first and most recent sign-in. The account's primary key is an irreversible SHA-256 hash of your lowercased username.
- What we do NOT store: no email, no phone number, no recovery contact of any kind. This means a forgotten password cannot be recovered — you would simply create a new account.
- Lawful basis, retention, erasure, access, no automated decision-making, age-verification note: exactly as described in §7b. "Delete my data" in the account menu (or
/auth/forget-me) erases the record, password hash included. - Recipients: none. Username accounts are processed entirely on our own servers in Germany; no third party is involved in the authentication.
8. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
- Right of Access (Art. 15): You can request information about whether and what personal data we process about you.
- Right to Rectification (Art. 16): You can request correction of inaccurate personal data.
- Right to Erasure (Art. 17): You can request deletion of your personal data, subject to legal retention obligations.
- Right to Restriction (Art. 18): You can request restriction of processing of your personal data.
- Right to Data Portability (Art. 20): You can request to receive your personal data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): You can object to processing based on legitimate interests at any time. We will cease processing unless we have compelling legitimate grounds.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent (e.g., analytics), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Since RandomChat is designed for anonymity and we collect minimal identifying data, we may not be able to identify you to fulfill certain requests. In such cases, we may ask for additional information to verify your identity.
To exercise any of these rights, please reach out via the contact details listed in our imprint.
9. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may contact the supervisory authority in your place of residence, your place of work, or the place of the alleged violation.
10. Automated Decision-Making
RandomChat does not use automated decision-making or profiling as defined in Art. 22 GDPR. IP-based security measures (such as banning) are applied based on observed behavior and may be reviewed upon request.
11. Children's Privacy
RandomChat is intended for users 18 years and older. We do not knowingly collect information from children under 18. If we become aware that a minor has accessed our service, we will take steps to remove any related data and terminate their access.
12. Security
We implement appropriate technical and organizational measures to protect our service:
- HTTPS/TLS Encryption: All connections to our servers are encrypted
- WebRTC DTLS-SRTP: Video and audio streams are encrypted end-to-end
- No Central Storage: We don't store conversations, so there's nothing to breach
- Active Moderation: We monitor for abuse and enforce our community guidelines
13. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.
14. Contact
For privacy questions, please use the contact details in our imprint. We aim to respond within 48 hours.
In plain English: RandomChat is designed for privacy. We don't ask for personal information, don't store your chats, and collect only minimal technical data needed to make the service work. Your conversations are anonymous and temporary. Analytics are only used with your explicit consent.