Privacy
Privacy Policy
Last updated: June 15, 2026
White Rabbit is built privacy-first. This policy explains, in plain language, what information White Rabbit does and doesn’t handle — for both the iPhone app and this website (getwhiterabbit.app).
The short version
- White Rabbit is a Matrix client. Your messages are end-to-end encrypted and live on the homeserver you choose — not on servers we control.
- White Rabbit itself doesn’t sell your data, show you ads, or embed third-party trackers or analytics. The optional GIF/sticker browser (Klipy) is off by default; turning it on uses a third-party, ad-supported service — see GIFs, stickers, and memes below.
- Our push notifications are designed so our servers never see your message content — it’s decrypted privately on your device.
White Rabbit is a Matrix client
White Rabbit connects to Matrix, an open, decentralized standard. When you sign in, you choose a homeserver (matrix.org, your organization’s server, or your own). Your account, messages, and media are stored by that homeserver — operated by you or a third party of your choosing, under its own privacy policy — not by White Rabbit. Messages in encrypted rooms are protected with end-to-end encryption, and the encryption keys are generated and stored on your device.
Information handled by the app
Your account and messages
Your Matrix credentials and end-to-end encryption keys are stored securely on your device (in the iOS Keychain) and sent only to your chosen homeserver to sign in and sync. We never receive your password or your encryption keys.
On-device data
To keep the app fast and to power full-history search, White Rabbit keeps a local cache and a search index on your device. This data never leaves your device and is removed when you sign out or delete the app.
Push notifications
So you can be notified when the app is closed, White Rabbit uses a push gateway we operate (push.getwhiterabbit.app) together with Apple Push Notification service. Notifications use an “event-id-only” format: the gateway and Apple receive only a room identifier, an event identifier, and your device’s push token — never the contents of your messages. Your device fetches and decrypts the message locally to build the notification. To avoid alerting you about messages you’re already reading, the app periodically tells the gateway when it is active; that request includes your Matrix user ID and push token. We use this information only to deliver and suppress notifications, and for nothing else.
GIFs, stickers, and memes
The built-in GIF/sticker/meme browser is powered by Klipy and is off by default — it only loads if you turn it on in Settings → GIFs & Stickers. Klipy is a third-party, ad-supported service: when enabled, your search terms and IP address are sent to Klipy to return results, and Klipy may show ads and use your requests for its own analytics, subject to Klipy’s privacy policy. We don’t send Klipy your identity or your messages. Because no White Rabbit account identifier is attached to a Klipy request, this does not constitute “tracking” in the App Store sense, and White Rabbit does not present an App Tracking Transparency prompt. The browser also defaults to safe-for-work results; you can allow mature results in Settings → GIFs & Stickers.
Link previews
When a link is shared in a conversation, White Rabbit fetches the linked page to generate a preview (title, description, image). This means a request is made to the linked website. White Rabbit validates link targets to guard against abuse.
Location sharing
White Rabbit accesses your location only when you choose to share it in a conversation, and only while you’re using the app. A shared location is sent as an end-to-end encrypted message to that room. We don’t track or store your location.
Photos, camera, and files
White Rabbit accesses your photo library, camera, or files only when you choose to attach something. Attachments are sent as end-to-end encrypted messages to your homeserver.
Diagnostics and analytics
White Rabbit embeds no third-party analytics, advertising, or tracking SDKs of its own. The only third-party service that can run is the optional Klipy GIF/sticker browser, which is off by default (see GIFs, stickers, and memes above). We don’t build advertising profiles, and we don’t track you across other apps or websites. White Rabbit does not link your activity with third-party data for advertising and never shares your data with data brokers — so it is not configured for tracking and does not ask for App Tracking Transparency permission.
What we disclose on the App Store
To match Apple’s privacy “nutrition label,” White Rabbit discloses two things, both linked to you and used only for app functionality, never for tracking: identifiers (your Matrix user ID and your device’s push token, used to deliver notifications) and your content (the end-to-end-encrypted messages, photos, files, and shared locations you send, which are stored on the homeserver you choose). Klipy search terms are disclosed as not linked to you. Everything else is marked not collected.
Information handled by this website
If you request a TestFlight invite on getwhiterabbit.app, we store the email address you submit (with basic request metadata such as IP address and timestamp) using Cloudflare, solely to send you a TestFlight invitation and related beta updates. We don’t sell or share it, and you can ask us to delete it at any time. The site uses no advertising or cross-site tracking cookies.
Third parties
White Rabbit relies on a small number of third parties to function:
- Apple — push notification delivery (APNs) and app distribution.
- Your Matrix homeserver — stores and routes your account, messages, and media under its own policy.
- Klipy — powers the optional GIF, sticker, and meme browser (off by default; ad-supported, with its own tracking).
- Linked websites — contacted to generate link previews.
- Cloudflare — hosts this website and stores the TestFlight waitlist.
Data retention and deletion
- On-device data (cache, search index, keys) is removed when you sign out or delete the app.
- Messages and account data on your homeserver are retained and deleted according to that homeserver’s policies and your settings there.
- Waitlist emails are kept until the beta concludes or you ask us to remove yours.
Security
End-to-end encryption is handled by the audited Matrix Rust SDK; your keys never leave your device unencrypted. Credentials and keys are stored in the iOS Keychain, and network connections use TLS. No method of transmission or storage is perfectly secure, but we design to minimize what is collected in the first place.
Children
White Rabbit is not directed to children under 13, and we don’t knowingly collect personal information from them.
Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected here with a new “Last updated” date.
Contact
Questions, or want your waitlist email removed? Email privacy@getwhiterabbit.app.