abuse & takedowns
What we can help with — and what we can't.
Last updated: May 2026
Adults only
msgforyou.in is intended for users 18 years of age or older. By using the service you confirm that you are 18+. We do not knowingly serve minors.
The honest constraint
msgforyou is built so that messages cannot be read by us, and so that they disappear after a single view. That privacy promise is the entire point of the product. It also means our abuse capabilities are unusual:
- We cannot read message content. The encryption key never reaches our servers.
- We cannot recover a message that has already been opened. The atomic database function that delivers a message also overwrites its ciphertext on the same row. There is no second copy.
- We cannot identify a sender. We don't collect names, emails, phones, or contact lists. The link arrived via WhatsApp (or another messenger) — that is the trail to follow if identification is needed.
We will not build a backdoor that allows us to decrypt user messages, even for emergencies. We have no master key, and we will not create one. This is the same position taken by Signal, ProtonMail, and Apple for end-to-end encrypted iMessages.
What you can ask us to do
Take down a link before it is opened.
If you have a msgforyou link in WhatsApp that worries you, send us the URL without opening it. We will mark it expired so that no one can read it, and it will auto-reap shortly after. If the message has already been opened, there is nothing left for us to take down — the content is gone from our system.
Retract a link you yourself sent.
Senders sometimes regret a message before it is read. If you sent a link and want it pulled back, send us the URL — same process. As long as it has not been opened, we can stop it.
Block our service from accepting new messages from a source.
If a particular sender is repeatedly using msgforyou to harass you, we can add the hashed network signature of their requests to a block list, so that source can no longer create new messages on the service. This is coarse — it does not prevent them from switching networks — but it raises the friction.
Preserve metadata for police investigations.
For serious cases — credible threats, child sexual abuse material, suspected harm to a minor, suspected suicide, court orders — we can preserve the row-level metadata of a specific slug past its normal reap window. The metadata we have is timestamps, the emotion tag, the sender_name field if filled, and hashed request signatures. We do not have the message content. We do cooperate with lawful investigations to the extent of providing what we have.
What we cannot do, even when asked
- Decrypt a message we hold only as ciphertext. We do not have the key — it never left the user's browser.
- Recover a message that has been opened or expired. The ciphertext is overwritten on consume, and rows are reaped on schedule.
- Identify the sender of a message in a way that bypasses the messenger they used to deliver the link.
- Build a tool, secret or otherwise, that allows decryption of messages where we do not already have the link. Such a tool would compromise the privacy promise for every user, including the vulnerable ones, and we will not build it.
If you have a serious investigation that requires content, you will need to recover the original link, with its #fragment intact, from a device that has it — typically the receiver's WhatsApp or browser history.
An honest caveat: a complete link is the key
The link itself contains the encryption key (in the URL fragment, after the #). That is how the receiver's browser is able to decrypt the message. Mathematically, anyone who holds a complete msgforyou link can decrypt that one message — until it has been opened, after which the ciphertext is gone.
This includes us, if a complete link is sent to us. We cannot pretend otherwise. What we can do is set strict policy on what we do with such a link.
Our policy on links shared with us
When a msgforyou link is sent to us — typically in an abuse report — we follow this policy:
- We do not decrypt it. Acting on an abuse report does not require us to read the message. The right action is to expire the slug so no one reads it, including us. Expiring a slug only requires the slug, not the key.
- We do not log links. Abuse reports are not retained as searchable records. Once we have acted on a report (slug expired, metadata preserved if asked), we delete the message containing the link from our inbox.
- We do not pass links to anyone. Not to advertisers, not to research partners, not to other users. Links sent to abuse stay with the operator handling the report and end with that report.
The single exception: a lawful order from an Indian court or equivalent authority that names a specific slug and the lawful basis for compelled disclosure. We have not designed the system to make compliance with such an order impossible — we simply have nothing to disclose unless we are given the link or the link is recovered from another device. If we are compelled and we have the link, we comply with the order. We will publish a yearly transparency note on whether any such orders have been received.
What this means for you: the safest place for your message is the normal flow — the sender shares the link directly with the receiver, the receiver opens it, and the message is gone. We never see the link, the abuse path is never invoked, and there is nothing to decrypt or disclose.
How to report
Use the form below. Reports go straight to us — no email needed. We aim to respond within 72 hours for take-downs, faster for serious harm.
When reporting, please include:
- The full msgforyou link, including the part after
#if you have it. - What you would like done (take down, preserve metadata, block source).
- Any context that helps us understand urgency — without sharing more personal detail than necessary.
Child safety
msgforyou.in is for adults. If you encountered content involving a minor through a msgforyou link, please report it to the National Cyber Crime Reporting Portal (India) immediately, and to the appropriate national authority if you are outside India. Send us the slug separately and we will preserve all metadata we hold for use in the investigation.
Crisis
msgforyou is not a crisis support service. If you or someone you know is at risk of harm, please contact a qualified mental-health helpline or emergency service in your country. For India, the Ministry of Health and Family Welfare maintains a directory of free helplines.