Terms of Service

1. Description of Service

Council is an end-to-end encrypted messaging application built on the D4TE protocol. Council enables users to create and participate in encrypted communication Networks using a shared passphrase model.

Core Architecture

Passphrase-based membership. Access to a Council Network is governed by knowledge of a shared passphrase. The Company does not possess, store, or have access to your passphrase.

End-to-end encryption. Message content is encrypted on your device before transmission and can only be decrypted by devices that possess the correct cryptographic keys. The Company cannot read your messages.

Post-quantum cryptography. Council uses ML-KEM-768 (NIST FIPS 203) and AES-256-GCM, which are intended to resist attacks from both classical and quantum computers using currently known algorithms.

Device-bound secrets. Certain cryptographic keys are generated on and bound to your device, providing an additional layer of protection beyond the passphrase.

2. Encryption and Privacy

What We Protect

Council is engineered so that: your passphrase never leaves your device and is never transmitted to our servers; message content is encrypted end-to-end and our servers process only encrypted data that we cannot decrypt; authentication is performed using a zero-knowledge proof scheme that verifies your passphrase knowledge without revealing the passphrase to the server; and cryptographic keys derived from your passphrase are computed exclusively on your device.

What We Cannot Protect

You must understand and accept the following limitations:

(a) Metadata. Our servers necessarily process certain metadata to deliver messages, including: device identifiers, message timestamps, message sizes, Network membership records, and online/offline status. While message content is encrypted, the fact that communication occurred and between which parties is visible to the server infrastructure.

(b) Device compromise. If an attacker gains physical access to your unlocked device, they may be able to access decrypted messages and key material stored in memory. Council's encryption protects data in transit and at rest on locked devices; it cannot protect against an adversary who controls your unlocked device.

(c) Passphrase strength. The security of your Council Networks depends directly on the strength of the passphrase chosen. A weak or easily guessable passphrase significantly reduces the protection Council provides. We strongly recommend passphrases of at least 6 random words or equivalent entropy.

(d) Endpoint security. Council cannot protect against malware, keyloggers, screen capture software, or other compromises of your device's operating system. Council's encryption operates at the application layer and relies on the security of the underlying platform.

Honest Limitations of Cryptography

No encryption system provides absolute, unconditional security. Council's cryptographic protections are based on computational hardness assumptions -- mathematical problems believed to be infeasible to solve with current and near-future technology. You acknowledge that:

Advances in mathematics or computing (including but not limited to quantum computing, novel cryptanalytic techniques, or breakthroughs in lattice-based cryptography) could potentially weaken or defeat the cryptographic mechanisms Council employs.

Nation-state adversaries and well-funded attackers may possess capabilities, resources, or undisclosed knowledge that exceed the assumptions underlying Council's security model. We do not represent that Council protects against adversaries with unlimited resources or non-public cryptanalytic capabilities.

No security audit is exhaustive. Council's cryptographic implementation has undergone automated security analysis, AI-assisted security audits, and formal mathematical proofs of core protocol properties. An independent human-led cryptographic audit is currently in progress. Despite these measures, undiscovered vulnerabilities may exist.

We are committed to transparency about these limitations rather than making absolute claims we cannot guarantee.

Security Audits and Verification

Council's D4TE protocol has undergone: formal security proofs in the Random Oracle Model covering message confidentiality, forward secrecy, phrase-compromise resistance, authentication soundness, and tag unforgeability; implementation security audits of the Rust cryptographic codebase; and an independent human-led cryptographic audit that is currently in progress. Results will be published when available.

We publish our cryptographic specification and welcome independent review. The D4TE protocol specification is available upon request.

3. Data Collection and Privacy

The following summarizes our data practices. For the full privacy policy, see our Privacy Policy.

Account Information

We collect: phone number or email address (for authentication and confirmation codes), Safety ID (your public pseudonym), password hash and salt (we never store your plaintext password), and device push tokens for notifications.

Messages and Content

All message content is end-to-end encrypted before it reaches our servers. We store the encrypted ciphertext but cannot read, decrypt, or access your message content. Encrypted profile blobs (display name, nickname, avatar) are stored as opaque binary data the server cannot decrypt.

Purchase and License Information

License key activation records and order references. We do not store credit card numbers, billing addresses, or payment details. All payment processing is handled by Stripe (web purchases) or the Apple App Store / Google Play Store (in-app purchases).

What We Cannot Access

Due to our encryption architecture: we cannot read your messages, Network names, display names, or profile information; we cannot recover your data if you lose your encryption keys; and we cannot comply with requests for message content because we do not possess the decryption keys.

Third-Party Data Sharing

We do not sell your data. We do not share your data with advertisers. We do not use third-party analytics that track individual users. Stripe processes web payments. Apple App Store / Google Play Store process in-app purchases. Azure (Microsoft) hosts our servers. SendGrid (Twilio) delivers confirmation code emails.

4. Account and Access

To create an account, you must provide a valid phone number or email address for verification purposes. This information is used solely for two-factor authentication and account recovery. It is never shared with other Council users or third parties for marketing purposes.

You must be at least 13 years old (or the minimum age of digital consent in your jurisdiction, if higher) to create an account. If you are under 18, you must have the consent of a parent or legal guardian.

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that a child under 13 is using Council, we will delete the account and associated data. Contact us at support@encomcorp.co if you believe a child under 13 is using Council.

Account Security

You are responsible for maintaining the security of your account, your device, and any passphrases used to access Council Networks. We cannot reset passphrases or recover encryption keys. If you lose a passphrase, access to that Network's messages is permanently lost.

5. Networks, Passphrases, and Membership

A "Network" is a private group within Council protected by a shared passphrase chosen by the creator. Anyone who knows the passphrase and is approved by the Network owner can join.

Passphrase Responsibility

You are solely responsible for: choosing strong, unique passphrases; safeguarding your passphrases from unauthorized disclosure; understanding that anyone who obtains your Network passphrase may be able to request access; and changing passphrases promptly if you suspect compromise.

The Company cannot recover, reset, or retrieve your passphrase. If you lose your passphrase, you will permanently lose access to that Network's encrypted content. This is by design.

6. Free and Premium Tiers

Free Tier. Free accounts may create up to a limited number of Networks (currently 3). There is no limit on joining Networks created by others. The free tier provides the same encryption and security as premium tiers.

Premium Access. Premium access is granted by activating a valid license key purchased through our website or authorized distributors. Lifetime license keys grant access with no expiration. Time-limited keys start from the date of activation, not purchase.

License Key Terms. License keys are single-use and bound to one account upon activation. Keys cannot be transferred. Existing Networks are never deleted or locked when a license expires. If you delete your account, your license is permanently lost. You may request a replacement key by contacting support@encomcorp.co and verifying your original purchase.

Purchases and Refunds. All purchases are final. We do not offer refunds for activated license keys. Unused keys may be eligible for a refund at our discretion. Existing active licenses are honored for their full term.

7. Acceptable Use

Council is provided for lawful private communication. You may use Council for personal, professional, journalistic, activist, or any other lawful communication purpose.

Prohibited Use

You agree NOT to use Council to: (a) violate any applicable law or regulation; (b) distribute child sexual abuse material or exploit minors; (c) coordinate acts of terrorism or mass violence; (d) distribute malware or conduct cyberattacks; (e) engage in human trafficking or illegal drug sales; (f) harass, threaten, stalk, or intimidate others; (g) impersonate the Company or its employees; (h) reverse engineer or extract other users' cryptographic keys; (i) disrupt or overload the Service; (j) use automated tools to abuse the Service; or (k) circumvent license or usage restrictions.

Enforcement

Due to end-to-end encryption, we cannot monitor or access message content. Enforcement relies on user reports, metadata-level signals, and cooperation with law enforcement pursuant to valid legal process. We reserve the right to suspend or terminate accounts that we reasonably believe violate these Terms.

8. Account Termination and Data Deletion

Your Right to Delete. You may delete your account at any time using the "Burn Account" feature. Upon deletion, all server-side data is permanently and immediately destroyed via cascade delete. No backups, no staged deletions, no deferred purges. This includes your user record, messages, Network memberships, device registrations, notifications, and license records.

This deletion cannot be undone.

Network Deletion. Network owners may destroy ("burn") an entire Network. All messages, membership records, and metadata are permanently destroyed. This affects all members.

Our Right to Terminate. We may suspend or terminate your access if you violate these Terms, we are required to by law, or we cease operating the Service (with reasonable notice).

9. Law Enforcement and Legal Process

What We Can Provide: In response to valid legal process, we can only provide data we actually possess -- account registration information, message delivery metadata, and connection logs (retained for 30 days).

What We Cannot Provide: Message content (encrypted end-to-end), passphrases (never stored on our servers), cryptographic keys (device-only), or data that has been deleted.

Our architecture minimizes the data available for disclosure. We cannot provide what we do not possess. Where legally permitted, we will notify affected users of legal requests.

10. Intellectual Property

The Council app, the D4TE protocol, and all associated trademarks, logos, and branding are the property of ENCOM CORP. These Terms grant you a limited, non-exclusive, non-transferable, revocable license to use Council for its intended purpose.

You retain all rights to content you create and transmit through Council. We do not claim ownership of your messages or files. Due to end-to-end encryption, we have no ability to access or use your content.

11. Disclaimers

COUNCIL IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE SERVICE WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE.

WE DO NOT WARRANT THAT: (a) the encryption employed by Council is or will remain unbreakable; (b) the Service is free from vulnerabilities; (c) the Service will protect against all possible adversaries; or (d) the cryptographic algorithms will not be weakened by future advances.

Council is a communication tool. Nothing in the Service constitutes legal, security, or professional advice.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ENCOM CORPORATION SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF DATA, REVENUE, OR PROFITS; UNAUTHORIZED ACCESS TO YOUR COMMUNICATIONS; FAILURE OF ENCRYPTION MECHANISMS; CONDUCT OF THIRD PARTIES; SERVICE INTERRUPTION; OR DATA LOSS FROM ACCOUNT DELETION OR LOST KEYS.

TOTAL LIABILITY SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100.00).

13. Indemnification

You agree to indemnify, defend, and hold harmless ENCOM CORP and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, costs, and expenses arising out of your use of Council, your violation of these Terms, your violation of any rights of others, or content you transmit through Council.

14. Dispute Resolution

Informal Resolution. Before filing formal legal action, contact us at support@encomcorp.co and attempt to resolve the dispute informally for at least thirty (30) days.

Arbitration. Unresolved disputes shall be resolved by binding individual arbitration administered by the American Arbitration Association under its Consumer Arbitration Rules, in the State of Delaware.

Class Action Waiver. YOU AND THE COMPANY AGREE THAT EACH MAY BRING CLAIMS ONLY IN YOUR INDIVIDUAL CAPACITY, NOT AS A CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

Opt-Out. You may opt out of arbitration by sending written notice to support@encomcorp.co within thirty (30) days of first accepting these Terms.

Governing Law. These Terms are governed by the laws of the State of Delaware, United States.

15. Changes to These Terms

We may modify these Terms from time to time. We will provide notice of material changes at least thirty (30) days before they take effect. Your continued use after the effective date constitutes acceptance. If you disagree, discontinue use and delete your account.

16. General Provisions

If any provision is held unenforceable, it shall be modified to the minimum extent necessary, and the remaining provisions continue in full force. These Terms, together with our Privacy Policy, constitute the entire agreement between you and ENCOM CORP. Failure to enforce any provision is not a waiver. You may not assign your rights without our written consent.

17. Contact

ENCOM CORP
8 The Grn STE A, Dover, DE 19901
Email: support@encomcorp.co
Web: councilapp.com

Council is a registered trademark of ENCOM CORP. Last reviewed: February 7, 2026.

↑ Back to top