Legal

Privacy Policy

Last updated: June 8, 2026

VARO is built so that we never see your messages, your photos, your contacts, or your keys. This policy explains, in plain language, exactly what we do and do not have access to.

1. The short version

VARO hides encrypted messages inside ordinary photos. All encryption, decryption, and message hiding happens locally on your device. We do not operate a messaging server, we do not receive or store your content, and we do not require an account, email address, or phone number to use the app. We have no technical means to read your messages.

2. Who we are

VARO ("VARO", "we", "us", "our") is operated by Frederik Rock Neura Labs. For any privacy question, contact us at contact@varostealth.com.

3. We do not store your data — period

We want to be unambiguous about this. In the normal use of VARO:

  • We do not collect, transmit, or store the content of your messages.
  • We do not collect, transmit, or store the photos you protect or that carry a hidden message.
  • We do not collect or store your contacts, their identities, or their safety codes.
  • We do not have access to your encryption keys. They are generated and held only on your device.
  • We do not build a profile of you, use advertising identifiers, or track your behavior.

There is no central database of VARO message content to breach, sell, hand over, or subpoena, because no such database exists.

4. Only the two parties can read a message

When you connect with a contact, your two devices establish a private "tunnel" secured by a shared key and confirmed by a matching safety code. Once a tunnel is created, only those two parties hold the key that decrypts messages sent within it. A message hidden in a photo can be opened only inside that tunnel. We cannot open it, and neither can anyone who is not part of the tunnel.

5. The hidden data cannot be seen or extracted from the outside

A photo that carries a VARO message looks and behaves like an ordinary picture. The hidden content is not visible to the naked eye, and it cannot be read out by any computer without the tunnel key. What is embedded is encrypted data with no readable structure — to any outside observer it is statistically indistinguishable from ordinary image noise. The hidden message becomes readable only through the verified tunnel, and nowhere else.

6. What stays on your device

The following is processed and stored only on your device, and is never transmitted to us:

  • Messages and images — encryption, hiding, and decryption are performed entirely on-device.
  • Cryptographic keys and contact safety codes — held in your device's secure storage.
  • App settings and preferences.

7. Limited data handled by third parties

A few standard services may process limited technical data independently of us:

  • App Store (Apple). When you download VARO or make a purchase, Apple processes the transaction and may provide us anonymized, aggregated statistics (such as total downloads). We never receive your payment details. Apple's handling of this data is governed by Apple's own privacy policy.
  • Subscriptions. Premium subscriptions are handled entirely through Apple's in-app purchase system. We receive only what is needed to confirm an active subscription — never your card or billing information.
  • Connectivity. Establishing a connection with a contact may require basic, transient network communication between devices. This is kept to the minimum necessary to set up the tunnel and is not used to store or read your messages.
  • Optional diagnostics. If enabled at the operating-system level, anonymized crash reports containing no message content may help us fix bugs. You can disable these in your device settings.

8. Sending photos through other apps

VARO produces a protected photo that you then share through any app you choose. Once you send that photo, the app you use to send it — and its provider — handles delivery under their terms and privacy practices. The message inside remains encrypted and readable only by your verified contact.

9. Age

VARO is intended for users aged 17 and over. We do not knowingly collect personal data from anyone under that age.

10. Your rights

Depending on where you live, you may have rights to access, correct, or delete personal data a company holds about you. Because VARO stores your content only on your device, you remain in direct control at all times: deleting the app or its data removes it. For any request regarding the limited data described in Section 7, contact contact@varostealth.com.

11. Data retention

We do not retain your messages, photos, contacts, or keys — they never reach us. Any limited diagnostic data, where enabled, is kept only as long as needed to resolve an issue and is then deleted.

12. Changes to this policy

If we update this policy, we will revise the "last updated" date above and, for significant changes, provide notice in the app. Continued use of VARO after an update means you accept the revised policy.

13. Contact

Questions about privacy? Email contact@varostealth.com.