Privacy Policy - PENA

This Privacy Policy explains how PENA (“we”, “the application”, or “the service”) collects, uses, and protects information related to the use of the PENA (Secure Messenger) application, as well as its websites, features, and supporting services (collectively referred to as the “Platform”).

PENA is designed to provide a secure, private, and fully encrypted communication experience, ensuring that your conversations remain entirely your own.

By installing or using PENA, you are deemed to have read and agreed to this Policy.

1. Our Commitment to Your Privacy

Privacy is not just a feature for PENA. Privacy is a fundamental right of every individual and is the fundamental foundation of the entire system we build.

PENA is built on the core principle of privacy. PENA also does not collect user data in any form. The entire system is designed with the highest level of security standards and next-generation encryption technology, including protection against threats that do not exist today

We cannot view, store, or access your messages, and do not have the ability to read or record any communications that occur within PENA. All data and activities are completely under the control of the user.

All messages, communications, and data can only be viewed and stored by you. PENA does not own, does not store, and does not control any information from user activities within this application.

From the beginning, PENA was designed to ensure that full control of communications was in the hands of users, not in the hands of any company, server, or third party.

Privacy From the First Moment

PENA can be used without:

• Phone number
• Email address
• Original name
• Any personal identity

We believe that secure communication should not depend on identity. Therefore, PENA never asks for data that is not needed.

We Do Not Collect Personal Data

We are committed to:

• Not collecting users' personal data
• Not saving identity
• Not creating a user profile
• Not tracking communication activity

We don't know who you are, who you're talking to, or what you're talking about — and we don't want to know.

Communication Without a Central Server

PENA uses a peer-to-peer (P2P) architecture, which means:

• Messages are sent directly from device to device
• No central server to store data
• There is no single point to be tapped or hacked

With this approach, the risk of mass surveillance and data leakage can be significantly minimized.

Uncompromised Encryption

All communications in PENA are protected by:

• End-to-End Encryption
• 3.20 F (Post-Quantum) Encryption
• Security mechanisms that are ready for future threats (post-quantum)

Only the sender and receiver can read the content of the message. Even we as developers don't have access.

Zero-Knowledge by Design

The PENA system is built on the principle of zero-knowledge:

• We don't store encryption keys
• We can't decrypt messages
• We cannot pass on the content of communications to anyone

If we don't have your data, then it can't be misused.

Your Data Stays on Your Device

• Messages and files are stored locally
• No cloud storage
• No hidden backups

When you delete something, the data is permanently lost, without any copies.

Additional File Security & Protection

To protect your device:

• Every incoming file is scanned with an anti-malware system
• The scan is carried out without compromising the privacy of the content of the communication

Privacy must not come at the expense of freedom.

Freedom Comes With Responsibility

We give you complete freedom of communication.
However, we also believe that true freedom always comes with personal responsibility.

PENA does not monitor conversations, but users remain responsible for their actions in accordance with applicable law.

Long-Term Commitment

Privacy is not a momentary trend. We are committed to:

• Continuously improving security
• Keeping up with digital threats
• Not sacrificing privacy for commercial interests

Transparency & Trust

We strive to always be transparent about:

• How our system works
• Existing technical limitations
• The principles we hold

Trust is not demanded. Trust is built.

2. Information We Collect

PENA is designed with the principle of data minimization, which is to process only information that is really technically necessary, without compromising user privacy.

Basic Principles of Information Collection

PENA is designed with the principle of data minimization, which is to process only information that is really technically necessary, without compromising user privacy.

In general:

• We do not collect personal data
• We don't store user identities
• We don't have a database of users

Information We Do NOT Collect

PENA does not collect, store or process the following information:

• User's real name
• Phone number
• Email address
• Residential address
• Official identity document
• Device contacts
• Precise geographic location
• The content of a message or communication file
• Conversation history
• Communication metadata for user tracking

Content of Communication

All messages and files are end-to-end encrypted.

Content of communication:

• Inaccessible by PENA
• Not stored on the server
• Not processed for any purpose

Due to the peer-to-peer architecture, data moves directly between the user's devices.

Non-Identifying Technical Information

To ensure that the application can function properly, PENA may process limited technical information, which is non-identifiable, including:

• App version information
• Operating system information
• An anonymous crash log
• Temporary technical data for connection stability

This information:

• Not associated with user identity
• Not used for tracking
• Not sold or shared with third parties

Payment Information (Premium Service)

For Premium services, payments are processed by third-party providers.

PENA:

• Not storing card data
• Not storing account information
• Not having access to payment details

Payment information is fully subject to the privacy policy of the relevant payment provider.

Anti-Malware & File Security

User-accepted files can be scanned by anti-malware systems.

The scan is performed to:

• Detect security threats
• Protect users' devices

This process:

• Not reading the content of the message
• Doesn't save the scanned file
• Not creating a user profile

Information Storage

All communication data is stored locally on the user's device.

PENA does not provide:

• Cloud storage
• Online backup
• Server-based cross-device synchronization

Deletion of Information

Users can delete data at any time.

Once removed:

• Data is permanently lost
• Irreversible

PENA does not have a copy of the data to restore.

Legal Obligations

Because PENA does not collect or store the content of communications, PENA cannot provide user communication data to any party.

Legal compliance is carried out without compromising the principles of privacy and anonymity.

Changes to Information Collection Policy

In the event of a change in the type of technical information processed, PENA will:

• Update this policy
• Announce changes through official platforms

Changes are effective from the date they are announced.

3. Messages and Calls

Core Principle

Messages and calls in PENA are built on one simple principle: only the sender and receiver can know the contents.

PENA does not act as an intermediary that can read, store, or control user communications.

Message Encryption

All text messages, voice messages, and files:

• Are encrypted end-to-end
• Use 3.20 F (Post-Quantum) Encryption

Each communication session:

• Uses a unique encryption key
• Cannot be reused
• Changes dynamically (polymorphic)

PENA:

• Does not own encryption keys
• Cannot decrypt messages
• Does not store message copies

Voice Calls & Secure Calls

Voice calls in PENA are carried out:

• Directly peer-to-peer between devices
• Without a central server

All calls are:

• Encrypted in real-time
• Not recorded
• Not stored
• Not accessible by PENA

PENA does not store:

• Call history
• Call metadata for tracking
• Time or duration information that may identify users

Peer-to-Peer (P2P) Architecture

Messages and calls are delivered directly from the sender’s device to the recipient’s device.

No server:

• Stores messages
• Relays communication content
• Archives calls

The risk of mass-scale data exposure is minimized because:

• There is no central data storage
• There is no single point of failure

Post-Quantum Security

PENA is designed to withstand future computational threats.

The encryption system considers:

• Quantum-computer attacks
• “Decrypt now, read later” threats

Communication keys:

• Cannot be predicted
• Cannot be stored for future decryption

Metadata & Privacy

PENA does not:

• Collect message metadata
• Build communication graphs
• Track who is communicating with whom

Temporary technical information is only used to:

• Establish P2P connections
• Maintain service stability

This information is temporary and not stored.

Message Deletion

Messages may be deleted manually or automatically.

Once deleted:

• They are not stored on the device
• They are not stored on a server
• They cannot be recovered

The Auto-Delete feature ensures messages do not leave a digital trace.

Technical Limitations

The quality of messages and calls may be affected by:

• User network quality
• The device being used

PENA does not guarantee that:

• Connections are always stable
• Audio quality is always optimal

However, security remains the top priority.

User Responsibility

Users are responsible for the content of their messages and calls.

PENA does not moderate, record, or intervene in user communications.

4. How We Use Data

Principle of Data Usage

PENA uses data for one primary purpose: to ensure the application operates safely, stably, and functionally — without compromising user privacy.

We do not use data for:

• Profiling
• Tracking
• Advertising
• Behavioral monetization

Technically Used Data

PENA only uses non-identifying technical data necessary to:

• Run core application functions
• Maintain stable peer-to-peer connections
• Improve communication security
• Detect and prevent technical disruptions

This data is:

• Temporary
• Anonymous
• Not linked to user identity

Use of Communication Data

The content of messages, calls, and files:

• Is not read
• Is not analyzed
• Is not stored by PENA

End-to-end encryption ensures:

• PENA does not have access to communication content
• No third party can read user data

All communications occur directly between user devices.

Security & Anti-Malware

PENA uses an anti-malware system to:

• Scan files received by users
• Detect security threats

This process:

• Does not access message content
• Does not store files
• Does not create user profiles

Scan results are used locally only to protect the user’s device.

Service Improvement

Anonymous technical data may be used to:

• Fix bugs
• Improve application performance
• Enhance device compatibility
• Develop new security features

Such use is performed without:

• Storing user history
• Tracking individual activity

Legal Compliance

Because PENA does not store communication content or user identity, our ability to provide user data is extremely limited.

Legal compliance is carried out only to the extent possible without violating privacy and anonymity principles.

Premium Services

Data related to Premium subscriptions is used only to:

• Activate paid features
• Manage subscription status

Payment information is handled by third-party providers and is not used by PENA for any other purpose.

No Ads & No Tracking

PENA:

• Does not display ads
• Does not use third-party trackers
• Does not sell user data

Our business is not built on your data.

Control in the Hands of Users

Users have full control over:

• Local data
• Message history
• Information deletion

Once deleted, data:

• Is permanently erased
• Cannot be recovered

5. Control Over Data

Principle of Data Ownership

In PENA, data fully belongs to the user.

PENA does not claim ownership of:

• Messages
• Calls
• Files
• Communication history

We only provide the technology — we do not control the data.

Full Control on the User’s Device

All communication data is stored locally on the user’s device.

There is no:

• Cloud storage
• Backup server
• Centralized archive

Users are free to:

• Manage
• Store
• Delete data at any time

Right to Delete Data

Users may delete:

• Messages
• Files
• Conversation history

Once deleted:

• Data is permanently lost
• Cannot be recovered
• No copy remains in PENA’s system

Deletion is instant and final.

Auto-Delete & Time Control

PENA provides an Auto-Delete feature.

Users may determine:

• Message retention duration
• Automatic deletion time

This feature helps to:

• Reduce digital footprint
• Increase communication security

No Remote Access

PENA does not have:

• Remote access to the user’s device
• A mechanism to retrieve data

Even under certain conditions:

• PENA cannot read data
• PENA cannot recover data

Control Over Files & Media

Every received file:

• Is stored locally
• May be deleted manually or automatically

The anti-malware feature:

• Protects users
• Does not store files
• Does not upload files to PENA servers

Control Over Identity

PENA does not use:

• Phone numbers
• Email
• Official identity information

There is no centralized account that must be closed.

Deleting the application means:

• Deleting all data
• Ending usage entirely

Right of Access & Portability

Because PENA does not store user data, requests for:

• Copies of data
• Data transfer
• Access to data by third parties

are technically unavailable.

All control remains in the hands of the user.

Technical Limitations of Data Control

Losing a device may result in:

• Loss of data
• Data not recoverable by PENA

Users are advised to:

• Secure their device
• Use additional protection (PIN, biometrics, wipe code)

Affirmation Statement

We do not hold your data.
We do not control your data.
You are fully in control.

Account Recovery (Recovery Phrase)

PENA uses a recovery phrase as an account recovery mechanism if a user forgets or loses their password.

The recovery phrase:

• Is generated on the user’s device during registration
• Is fully stored by the user
• Is never transmitted, backed up, or stored by PENA’s system

PENA does not have technical access to view, store, or recover a user’s recovery phrase. Therefore, PENA cannot assist with account recovery if the recovery phrase is lost or inaccessible.

The user is fully responsible for maintaining the security and confidentiality of their recovery phrase.

Account Registration and Use of CAPTCHA

During the initial registration process, PENA uses CAPTCHA as a system security measure.

CAPTCHA is used to:

• Prevent automated account creation by bots
• Reduce spam and service abuse
• Maintain system reliability and stability

CAPTCHA is not used to identify users and is not intended to collect personal data. PENA does not store identity information generated by the CAPTCHA process.

6. Children’s Privacy

Child Protection Principle

PENA is committed to protecting the privacy and safety of children in the digital environment. We strictly limit the use of our services to ensure compliance with applicable child protection laws.

Age Restrictions

PENA is not intended for children under the age of 13, unless legally permitted under applicable laws in the user’s region.

By using PENA, users acknowledge and confirm that:

• They meet the minimum legal age requirement, or
• They have valid consent from a parent or legal guardian (if required by local law).

No Collection of Children’s Data

PENA does not knowingly collect personal data from children, including but not limited to:

• Name
• Identity information
• Contact information
• Location
• Communication content

Because PENA:

• Does not request identity information
• Does not store centralized accounts
• Does not maintain a user database

PENA has no technical mechanism to individually identify a user’s age.

Content & Communication

PENA does not monitor or moderate user communications because:

• All communications are encrypted end-to-end
• They occur via peer-to-peer architecture

Responsibility over a child’s use of the application lies with:

• Parents
• Legal guardians
• Parties providing device access

Actions in Case of Violation

If PENA becomes aware of service use by a child in violation of applicable laws:

• We reserve the right to restrict or terminate service access
• Without obligation to retain or process user data

Due to PENA’s architecture which does not store data, any actions taken are technical and limited in scope.

Role of Parents & Guardians

Parents or guardians are responsible for:

• Supervising device usage
• Managing application access
• Educating children on digital safety

PENA recommends the use of:

• Device-level security controls
• Parental control tools provided by the operating system

Compliance With Child Protection Laws

PENA strives to comply with generally recognized child protection principles under applicable laws and regulations, including but not limited to:

• Protection of children’s privacy
• Prevention of data exploitation
• Limitation of information collection

However, compliance is implemented without compromising user anonymity and encryption principles.

Affirmation Statement

PENA is not designed to collect children’s data.
We do not build profiles of anyone — including children.
Safety and privacy begin with restriction, not surveillance.

7. Prohibited Use

PENA is a Super App built on privacy and high-level security that gives users full control over their communications and transactions. With this freedom, users are required to use PENA responsibly and in accordance with applicable laws.

Users are prohibited from using PENA — including PENA Chat and PENA Wallet — for unlawful purposes, including but not limited to:

Communication activities that contain illegal elements, such as:

• distribution of prohibited content,
• fraud,
• threats,
• or any other form of communication that violates applicable laws and regulations.

Using PENA Wallet for:

• illegal Bitcoin or digital asset transactions,
• money laundering,
• financing illegal activity,
• or any other financial activity that violates applicable law.

8. Law Enforcement Requests

General Principle

PENA respects applicable laws. However, PENA is designed from the beginning with a privacy-by-design approach, which means our technical ability to access or disclose user data is extremely limited.

We cannot provide data that we do not have.

Limitations of Data Access

PENA does not store:

• Message content
• Call recordings
• Communication files
• Encryption keys
• User identities

All communications:

• Are end-to-end encrypted
• Occur directly between devices (peer-to-peer)

Technically, PENA cannot read, access, or decrypt user communications — even upon request from any party.

Types of Requests We May Accept

PENA will only respond to law enforcement requests that:

• Are legally valid
• Are submitted through official procedures
• Fall within the applicable jurisdiction

However, our response remains limited by:

• The technical design of the application
• The anonymity principles applied to users

Information That May Be Provided

In limited situations, and only where technically available, PENA may provide:

• General information regarding:
  • System architecture
  • Security mechanisms
  • Policy documentation
• Non-identifying technical information that:
  • Does not reveal user identity
  • Does not disclose communication content

Information We Cannot Provide

PENA cannot and will not provide:

• Message or call content
• Communication metadata for tracking
• User identity information
• Communication history
• Encryption keys or decryption access
• Any data that has never been stored by PENA

No Backdoor Access

PENA does not provide:

• Backdoor mechanisms
• Monitoring tools
• Hidden access channels

Providing such access would conflict with:

• Security principles
• User privacy rights
• PENA’s core mission

Transparency

Where legally permitted, PENA reserves the right to:

• Notify users of any legal request
• Refuse requests that exceed lawful authority

PENA will not modify the application’s technical design to enable data access.

Jurisdiction & Compliance

Each request is evaluated based on:

• Applicable law
• Valid jurisdiction
• Human rights and privacy principles

Compliance is carried out without:

• Breaking encryption
• Compromising anonymity
• Altering the P2P architecture

Affirmation Statement

We respect the law.
But we do not store what should not be stored.
User privacy cannot be handed over — because we do not possess it.

9. Disclaimer

Nature of Service

PENA is provided “as is” and “as available”.

We do not guarantee that the service will:

• Always be available without interruption
• Be free from technical errors
• Always be compatible with all devices or networks

No Guarantee of Communication Success

PENA does not guarantee that:

• Messages will always be delivered
• Calls will always connect
• Communication quality will always be optimal

Service performance may be affected by:

• User internet connectivity
• Device hardware
• Operating system
• Third-party network conditions

Security & User Risk

PENA implements advanced security technology, including:

• End-to-end encryption
• Peer-to-peer architecture
• Post-quantum security mechanisms

However, no system is entirely risk-free.

Users understand and accept that:

• Technological risks remain possible
• The security of the user’s device is outside of PENA’s control

Data Loss

Because PENA does not store data on servers:

• Device loss
• Application removal
• System damage

may result in permanent loss of data.

PENA is not responsible for:

• Loss of messages
• Loss of files
• Loss of communication history

Responsibility for Content

All communication content is the responsibility of the user.

PENA:

• Does not monitor message content
• Does not moderate communication
• Does not know conversation contents

PENA is not responsible for:

• Illegal content
• Misuse of the service
• Loss arising from user communications

Anti-Malware & Files

The anti-malware feature is provided as an additional protection layer.

PENA does not guarantee that:

• All threats will be detected
• All files are risk-free

Users remain responsible for:

• Evaluating received files
• Maintaining their device security

Third-Party Services

PENA may rely on:

• Network infrastructure
• Third-party payment services

PENA is not responsible for:

• Third-party service disruption
• System failure outside PENA’s control

Limitation of Liability

To the extent permitted by law, PENA is not liable for:

• Indirect losses
• Loss of profit
• Loss of data
• Loss arising from the use or inability to use the service

No Legal or Professional Advice

PENA does not provide:

• Legal advice
• Professional security guidance
• Compliance guarantees

Use of the service is entirely the responsibility of the user.

Closing Statement

We build secure technology.
But how it is used is entirely up to you.
Use it wisely.

10. Intellectual Property Rights

Ownership of Rights

All intellectual property rights contained in or associated with the PENA application, including but not limited to:

• Software
• Source code and object code
• System architecture and security design
• PENA name, logo, and brand identity
• User interface (UI/UX)
• Documentation, text, and supporting materials

Are owned by or legally licensed to PENA and are protected by copyright law, trademark law, and applicable regulations.

License to Users

PENA grants users a limited, non-exclusive, non-transferable, and revocable license to:

• Download
• Install
• Use the PENA application

This license is granted solely for lawful personal use, in accordance with these Terms.

Usage Restrictions

Users are prohibited from:

• Copying, modifying, or distributing PENA without written permission
• Reverse engineering, decompiling, or disassembling the application
• Removing or altering copyright or ownership notices
• Using PENA trademarks, logos, or identity without authorization
• Exploiting the PENA system for commercial purposes without approval

User Content

All user-generated communication content (messages, files, media) remains the property of the user.

PENA:

• Does not claim ownership over user content
• Does not use content for any purpose
• Does not have access to content

No license to user content is granted to PENA, because PENA does not technically store such content.

Feedback & Suggestions

If users provide feedback, suggestions, or ideas to PENA:

• The feedback may be used to improve services
• Without obligation of compensation

Feedback is not treated as confidential information unless otherwise stated in writing.

Intellectual Property Violations

PENA reserves the right to take action against:

• Unauthorized use
• Copyright infringement
• Brand misuse

Such actions may include:

• Service restriction
• Account or access termination
• Legal measures in accordance with applicable law

Rights Not Granted

All rights not expressly granted to the user remain the property of PENA.

Affirmation Statement

This technology is built with great care.
Use it respectfully.
Copyright exists not to restrict — but to protect.

11. Jurisdiction

Governing Law

The Terms of Use, Privacy Policy, and all legal relationships between the user and PENA are governed by and interpreted in accordance with the laws of the Republic of Indonesia, without regard to conflict-of-law principles.

Scope of Jurisdiction

This jurisdiction applies to:

• The use of the PENA application
• Access to services
• The rights and obligations of both users and PENA
• Disputes arising from or related to the services

These provisions apply regardless of the physical location of the user when accessing the service.

Dispute Resolution

Any dispute, conflict, or claim arising from the use of PENA shall first be settled through deliberation or amicable resolution.

If no amicable settlement is reached, the dispute shall be resolved through a legally authorized forum within the Republic of Indonesia, in accordance with applicable laws and regulations.

Limitation of Foreign Jurisdiction

Users understand and agree that:

• PENA is not automatically subject to foreign jurisdictions
• PENA does not guarantee compliance with every law in every country
• Users are responsible for ensuring that their use of PENA does not violate local laws in their respective regions

Technical Limitations Related to Jurisdiction

Because PENA:

• Does not store user data
• Does not store communication content
• Does not manage identities

The execution of certain jurisdictional actions may be technically limited.

Users acknowledge that these limitations are a direct result of PENA’s privacy and security design.

No Waiver of User Rights

The application of this jurisdiction does not waive or limit users’ rights that are protected under applicable law, as long as they do not conflict with these Terms.

Affirmation Statement

The law remains respected.
But privacy is not compromised.
Jurisdiction operates in harmony with user protection principles.

12. Official Contact

For privacy inquiries, data requests, or other official matters, please contact:

📧 [email protected]