Terms of Service
Summary
Ciphar is a free, browser-based encrypted chat tool with no account. Use it for legal, good-faith communication. Don't use it to attack the service or to coordinate concrete harm to specific people. We provide it as-is, with no warranty and no compliance certifications. By using Ciphar you accept these terms.
The service
Ciphar lets two or more people exchange end-to-end encrypted messages, files, and voice over a temporary channel that self-destructs after 60 minutes. Encryption happens in your browser; the server holds only ciphertext. There is no account creation, no profile, no message history beyond the 60-minute window. Ciphar is operated by an individual based in the Kingdom of Saudi Arabia.
Acceptable use
Ciphar exists to give ordinary people a private place to talk. It is not a sanctuary for harm. By using the service you agree not to use it for any of the following, grouped into four broad categories.
1. Harm to people
You may not use Ciphar to plan, coordinate, or carry out concrete harm against another person or group. This includes child sexual abuse material and the grooming, sextortion, or sexual exploitation of a minor in any form; the sharing or threatened sharing of intimate images of any person without their explicit, informed consent; human trafficking of any kind, including for sexual exploitation, forced labor, smuggling, or forced marriage; credible threats of violence, stalking, or coordinated targeted harassment of a specific person; and publishing a person's home address, workplace, identity documents, or other private identifying information in order to expose them to harm.
2. Mass-harm and violent extremism
You may not use Ciphar to plan, recruit for, finance, glorify, or carry out acts of terrorism, mass violence, or organized violent extremism, nor to provide operational guidance for the creation, acquisition, or deployment of chemical, biological, radiological, nuclear, or other weapons capable of mass casualties.
3. Fraud and illegal commerce
You may not use Ciphar to run scams, phishing, financial fraud, identity theft, or impersonation intended to deceive someone out of money, credentials, or property; to offer, broker, or solicit clearly illegal goods or services — controlled substances at scale, off-record firearms, stolen data, malware or exploit kits, hire-for-violence; to distribute malware, ransomware, exploit code, or stolen credentials with intent to harm; or to infringe third-party intellectual property in a manner you know to be unlawful.
4. Service abuse
You may not send spam, run automated abuse, or operate the service through bots without permission, nor attempt to attack, overload, reverse-engineer, or otherwise compromise the service or other users' channels. Penetration testing of your own channels in good faith is fine — see /security. You also agree not to use the service to violate the law applicable to you or to the operator.
Ciphar's zero-knowledge design means the operator cannot read channel contents and cannot proactively detect any of the above. That technical fact does not make these uses acceptable. The list above reflects what is off-limits as a matter of policy, what is unlawful in most jurisdictions, and what causes real harm to real people. Where action is possible against the limited surface the operator can see — channel names, traffic patterns, repeat infrastructure abuse — the operator will take it. See Abuse and enforcement below.
Abuse and enforcement
The 60-minute self-destruct makes most enforcement moot by design — a channel is gone before most disputes can be raised. Where intervention is possible, we reserve the right to: rate-limit traffic by IP at the infrastructure layer, temporarily block IPs that attempt sustained abuse such as denial-of-service or brute-force attempts on access keys, and terminate channels that are being used in violation of these terms. We do not need notice to take any of these actions when the service or other users are at risk.
Law enforcement requests
The server only ever holds ciphertext, and after 60 minutes it holds nothing at all. Requests for plaintext, decryption keys, or message history will return nothing useful, because nothing useful exists. The operator will respond to lawful process directed at the data we actually hold, which is opaque encrypted blobs that expire on a one-hour clock.
No warranty
Ciphar is provided "as is" and "as available" with no warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, or freedom from undiscovered cryptographic flaws. The cryptography we use (AES-256-GCM, PBKDF2-HMAC-SHA-256) is standard and well-reviewed, but no security system is guaranteed.
Not for regulated uses
Ciphar has not been formally assessed against HIPAA, GDPR data processing agreements, PCI-DSS, FedRAMP, ISO 27001, SOC 2, or any other regulatory framework. If you have a legal or regulatory obligation that requires a certified processor, a signed BAA, a signed DPA, or audited controls, do not use Ciphar for that workload. Use a service that has been certified for your specific framework.
Limitation of liability
To the maximum extent permitted by applicable law, the operator's total liability for any claim arising out of or related to Ciphar is capped at the amount you paid to use the service, which is zero. Neither the operator nor any contributor is liable for indirect, incidental, consequential, special, or exemplary damages.
Indemnification
You agree to indemnify and hold harmless the operator from any claim, loss, or expense arising from your misuse of Ciphar or your violation of these terms.
Changes to these terms
Updates are posted on this page with a new "Last updated" date. Continued use of Ciphar after a change constitutes acceptance.
Termination
The operator may suspend or terminate channels that violate the acceptable use policy. You may stop using Ciphar at any time; closing the tab is sufficient.
Age
Ciphar is not intended for anyone under 16. Do not use it if you are under 16.
Governing law and dispute resolution
These terms are governed by the laws of the Kingdom of Saudi Arabia. Disputes that cannot be resolved informally shall be subject to the courts competent under Saudi law.
Contact
Last updated: 21 April 2026.
This document describes Ciphar's current practices and is provided for transparency. It is not legal advice. For binding regulatory obligations, consult counsel in your jurisdiction.
Related: Privacy Policy · Security model · FAQ.