Delete Your Data
Reflecto is designed with privacy at its core. We use end-to-end encryption and do not maintain user accounts — your identity is tied solely to your device pairing, not to an email address or personal information.
Below you'll find how to delete your data and what gets removed.
Delete Data from the App
The fastest way to delete all your data is directly within the Reflecto app:
- Open the Reflecto app on your Android device
- Go to Settings
- Tap "Disconnect"
- Confirm the disconnection
This immediately and permanently:
- Revokes your device session on our server
- Deletes your encryption keys from the device
- Removes your FCM push token registration
- Clears all local preferences and app filter settings
- Disconnects your paired Chrome extension
After disconnecting, our server can no longer associate any data with your device. No residual data remains.
What data does Reflecto store?
On our server (sync.reflecto.dev)
- A server-assigned device ID (random identifier, not tied to your name or email)
- Your device's public encryption key (used to route encrypted messages)
- Your FCM push token (used to send dismiss/reply commands to your phone)
- Encrypted notification payloads in a temporary queue (auto-deleted after 72 hours)
All notification content (titles, message text, images) is end-to-end encrypted. Our server cannot read it — it only stores opaque ciphertext until your Chrome extension picks it up.
On your device
- Your encryption key pair (stored in Android Keystore-backed encrypted storage)
- Your paired extension's public key
- Your app filter settings (which apps to mirror)
- Onboarding progress flags
On Firebase (Google)
- Your FCM token (for push notification delivery)
- Anonymized crash reports via Firebase Crashlytics (stack traces only, no notification content or personal data)
Lost or no longer have your device?
If you can't access the app, here's what happens automatically:
- If the app was uninstalled or the device was factory reset: Your encryption keys are permanently destroyed on the device. Without those keys, the encrypted payloads on our server are cryptographically unrecoverable. They will also auto-delete within 72 hours.
- All notification content was already end-to-end encrypted before it ever reached our server. We cannot read it and it becomes permanently inaccessible once your keys are gone.
- Your device session (device ID, FCM token, public key) will persist on our server in an orphaned state but cannot be linked to you in any way — Reflecto has no accounts, no email addresses, and no personal identifiers. It is a random identifier with no associated personal data.
In short: if you no longer have the device, the data is already effectively deleted. There is nothing further for you or us to do.
After deletion
Once disconnected via the app:
| Data | Status |
|---|---|
| Device session | Immediately revoked |
| Queued encrypted notifications | Deleted (or auto-expire within 72 hours) |
| FCM token | Deregistered from our server |
| Crashlytics data | Retained by Firebase per Google's policy (anonymized, no personal data) |
| Local encryption keys | Destroyed |
| Local preferences | Cleared |
You can re-pair at any time by setting up Reflecto again. A new device ID and new encryption keys will be generated — there is no continuity with the previous session.
Crash report data (Firebase Crashlytics)
Reflecto uses Firebase Crashlytics for crash reporting in release builds. This data is:
- Fully anonymized (no notification content, no personal identifiers)
- Limited to stack traces and non-sensitive log breadcrumbs
- Managed by Google under their data retention policies
To opt out of Crashlytics data collection, disable "Usage & diagnostics" in your Android device settings (Settings > Google > Usage & diagnostics).