WE DON'T KNOW WHO YOU ARE. THAT'S THE POINT.
Buzzio is built on one principle: your messages are yours, not ours. We cannot read them. We cannot sell them. We cannot hand them over. They don't exist on our servers in any readable form.
WHAT WE STORE (THE FULL LIST)
Here is everything we hold on our servers. No hidden clauses. No fine print.
| Data | Why | How Long |
|---|---|---|
| Your Buzzio ID (a random 64-character code) | To route encrypted messages to you | Until you delete your account |
| Account creation timestamp | Firebase Auth requirement | Until you delete your account |
| Last sign-in timestamp | Firebase Auth requirement | Until you delete your account |
| Your public encryption key | So others can encrypt messages only you can decrypt | Until you delete your account |
| FCM push token (device notification address) | To deliver push notifications to your device | Overwritten on each login; deleted on logout |
That's it. No name. No phone number. No email address. No IP logs. No contact list. No message history. No location history. No browsing habits. No advertising profile.
WHAT WE ABSOLUTELY DO NOT HAVE
- ❌ No metadata — We don't log who talks to whom, when, or how often
- ❌ No message content — All messages are end-to-end encrypted; our servers only see encrypted blobs
- ❌ No phone number or email — Your identity is a mnemonic phrase you control
- ❌ No contact list — Your contacts are stored only on your device in an encrypted database
- ❌ No IP address logs — We don't record your connection IP
- ❌ No location data — Location sharing is peer-to-peer and encrypted; we never see it
- ❌ No message timestamps on our servers — Messages are deleted from our relay after delivery
- ❌ No read receipts stored server-side — Receipts are transient signals, not permanent records
- ❌ No profile photos stored permanently — Profile photos auto-delete from our servers after 7 days
- ❌ No chat backups on our cloud — There are none. Your keys stay on your device.
HOW ENCRYPTION WORKS
- You create a 12-word mnemonic phrase — This is your identity. We never see it.
- Cryptographic keys are derived locally on your device — We never receive your private key.
- Messages are encrypted before leaving your device — Using the X3DH and Double Ratchet protocols (the same approach used by Signal).
- Our server is a blind relay — It passes encrypted blobs it cannot decrypt.
- Messages are deleted from our relay after delivery — They don't persist.
MEDIA & FILES
- Media files (photos, videos, audio) are encrypted before upload using your session keys.
- Uploaded media has an automatic expiry and is permanently deleted from our servers when it expires.
- We cannot view, scan, or analyze your media — it's encrypted gibberish to us.
CALLS (VOICE & VIDEO)
- Voice and video calls use peer-to-peer WebRTC connections when possible.
- Call signaling data passes through our servers but is encrypted and immediately discarded.
- We do not record calls. We cannot listen to calls. We have no call history.
QR ANONYMOUS SESSIONS
- QR-based chat sessions require no account creation for the scanner.
- Session data is automatically destroyed within 30 minutes of expiry.
- No identity information is retained from anonymous sessions.
PUSH NOTIFICATIONS
- We use Firebase Cloud Messaging (FCM) to wake your device when a message arrives.
- The push notification contains only an encrypted signal — not the message content.
- Your device decrypts the actual message locally after waking up.
SUBSCRIPTION & PAYMENTS
- Payments are processed entirely by Google Play (Android) or Apple App Store (iOS).
- We receive only a verification receipt confirming your subscription is active.
- We do not receive or store your payment card details, billing address, or real name.
- Your subscription status is linked to your Buzzio ID (anonymous code), not to any personal identity.
ANALYTICS
- We collect anonymous, aggregate performance metrics to keep the service running efficiently.
- These metrics contain no user identifiers — they cannot be traced back to any individual.
- No behavioral tracking. No advertising analytics. No third-party analytics SDKs.
LOCAL DEVICE STORAGE
- Your messages, contacts, and keys are stored in a locally encrypted database (SQLCipher) on your device.
- If you lose your device and your mnemonic phrase, your data is gone. We cannot recover it. This is by design.
WHAT HAPPENS IF LAW ENFORCEMENT ASKS
We can provide:
- That a Buzzio ID exists (a random 64-character hex string)
- The account creation date
- The last sign-in date
That's all we have. There are no messages to hand over. No metadata to analyze. No contacts to reveal. No IP logs to trace. The encryption keys exist only on your device.
DATA DELETION
- Delete your account: All server-side data (Buzzio ID record, public key, push token) is permanently removed.
- Uninstall the app: Your local encrypted database is destroyed with the app.
- Automatic cleanup: Media files, profile photos, group data, and session data are automatically purged on scheduled intervals (7–30 days depending on type).
THIRD-PARTY SERVICES
| Service | Purpose | What They Receive |
|---|---|---|
| Firebase Authentication | Anonymous account management | Synthetic email (buzzioID@buzzio.app) — not a real email |
| Firebase Cloud Messaging | Push notification delivery | Device token (rotated regularly) |
| Firebase Realtime Database | Encrypted message relay | Encrypted blobs only |
| Firebase Cloud Storage | Encrypted media relay | Encrypted files with auto-expiry |
| Google Play / Apple App Store | Subscription payments | Payment handled by them, not us |
We do not use any advertising networks, data brokers, or user profiling services.
PERMISSIONS EXPLAINED
| Permission | Why | Can You Deny It? |
|---|---|---|
| Camera | Take photos/videos to send, scan QR codes | Yes — you just can't send photos or scan QR |
| Microphone | Voice messages and calls | Yes — you just can't make calls or voice notes |
| Storage/Photos | Send existing photos/files | Yes — you just can't attach files |
| Location | Share your location in a chat (encrypted, peer-to-peer) | Yes — location sharing is optional |
| Notifications | Receive message alerts | Yes — you'll need to open the app manually |
| Background execution | Receive messages while app is closed | Yes — messages will wait until you open the app |
No permission grants us access to data we upload to our servers. All data leaving your device is encrypted first.
CHILDREN'S PRIVACY
Buzzio is not directed at children under 13. We do not knowingly collect any information from children. Since we collect virtually no information from anyone, this risk is inherently minimal.
CHANGES TO THIS POLICY
If we ever change this policy, we will notify users through an in-app update notice. Our core commitment — zero metadata, end-to-end encryption, no personal data collection — will never change. If it did, the app would cease to be Buzzio.
REQUEST ACCOUNT DELETION
To request the deletion of your anonymous account, please provide your Buzzio ID (found in the app's settings). Since we do not collect any personal identifiers, the Buzzio ID is the only way we can identify and remove your data. Once verified, all associated data will be purged within 48 hours.
CONTACT
If you have questions about this privacy policy, contact us at:
app449377@gmail.com