Maintaining your privacy is something we take very, very seriously.
We don't think about privacy as a box to check off. Instead, there are three different layers to privacy that we think about deeply, and we’re commited to making continuous progress on each.
A privacy-centric business model
This is about making sure that you’re protected from businesses who should have nothing to do with your intimate relationships. We made a commitment on day one to never serve ads inside your Cocoon, sell your personal data to anyone, or monetize it in any way. The only business model that makes sense for us is one where people pay directly for the service. Our incentive should be to focus 100% on supporting you and your closest relationships, without having to balance that against the business goals of advertisers. We realize this is atypical in our industry. But it's an opportunity to take the right path instead of the easy path, and when it comes to your privacy we will happily do so.
We launched the first version of Cocoon on November 25, 2019 as a free product on iOS only, and announced our paid sponsorship model in August 2020. Beginning on November 25, 2020, all newly created Cocoons will need one member to pay to sponsor the group after an initial 30 day trial. Our business will grow and evolve, but we'll never sway from the core tenet of providing a service that is valuable enough to pay for directly instead of needing to be subsidized by advertisers.
Privacy by design
This is about ensuring that your data is protected from other users of Cocoon, who you didn't explicitly choose to connect with. Cocoon is organized differently from almost any other social or messaging app, in order to maximize your privacy. When you sign up, there is no step to sync your address book in order to suggest people to friend or follow. There is no public directory of profiles or Cocoons. Content from one Cocoon can't be forwarded over to any other group. The whole point of the app is to carve out a space on the internet that you can share with just a handful of people you already know, trust, and care about. Again, we realize that all these decisions make it harder for us to grow in the same way as traditional social networks and messaging apps — but we'll happily prioritize privacy over growth.
You use Cocoon with a small number of people you explicitly choose to connect with, and that's it. The way you gather your group together is designed to be as safe and error-proof as possible. There are no public URLs or invite codes. In order for someone to join your Cocoon, you must pre-approve their access using their phone number. If you accidentally invited the wrong person, you can revoke their access. We are currently exploring more advanced admin capabilities too, to ensure you have the maximum level of control.
This is about ensuring that your data is protected from bad actors with malicious intent. To start, all data that flows in and out of your Cocoon is encrypted in transit using TLS. Data is also encrypted at rest, and stored on secure servers located in the US. At any time, you can request a full account deletion and we'll run a script to permanently wipe everything associated with your account. At the moment, data in Cocoon is not fully end-to-end encrypted. We have very strict policies in place as a result to protect against any misuse, and will only ever access your account to help you with a problem or track down a bug with your permission.
If end-to-end encryption is a #1 requirement for your group right now there are plenty of messaging apps whose entire value is encryption — they won't provide the exact same set of features as Cocoon but can certainly check that box. End-to-end encryption is something we are actively working towards, along with other data controls like the ability to export all of your content in a useful format.
We're at the very beginning of our journey. Given our commitment to ongoing progress in each category, we welcome your feedback, questions, and ideas for what privacy means to you and how we can serve you best. You can email us any time at firstname.lastname@example.org.