Security Overview
Buzzio is designed so private messaging can stay a blind relay, not a permanent cloud inbox. On sealed surfaces, messages are encrypted on your device, relayed for delivery, then removed from the server path. Readable private history lives in an encrypted local database on your phones.
This page explains the security story in plain language — what protects you, and where the limits are.
Get started
- Create your account and write down the 12-word recovery phrase.
- Keep the phrase offline — Buzzio never stores it for you.
- Use sealed features (1-to-1, Whisper private chat, E2E groups, private calls) when you want maximum private-chat secrecy.
- Turn on optional encrypted backup only if you want a restore copy you control.
Keys and recovery phrase
- Your messaging keys are derived on-device from a 12-word recovery phrase.
- Buzzio never receives that phrase or your private messaging keys.
- Public key material is published so other people can encrypt messages to you.
- Your Buzzio ID is a separate random address — not calculated from the phrase.
- New-device sign-in needs Buzzio ID + phrase. Losing both devices and the phrase (with no unlockable backup) means those private keys cannot be rebuilt.
Local encrypted history
Private readable chat history is stored in an encrypted database on your device (SQLCipher). That means:
- Your phone keeps the conversation you can open in the app.
- Uninstalling the app removes that local copy on that device.
- A new phone does not magically inherit full private history unless you restore an encrypted backup you unlock yourself.
Delete-on-delivery (private 1-to-1)
For private 1-to-1 chat:
- Your message is encrypted on your device before it leaves the phone.
- Servers move an encrypted envelope for delivery.
- When the recipient’s device takes delivery, that relay copy is removed.
- Undelivered envelopes are also purged on a short schedule (about 3 days) so stale traffic does not live forever.
Buzzio is designed so staff cannot open your private 1-to-1 message bodies as plaintext.
Zero metadata — the scoped claim
When nothing remains undelivered on a private 1-to-1 conversation, Buzzio aims not to keep a durable server archive of who privately talked to whom for that chat.
Same spirit applies to related sealed goals (Whisper private sessions after expiry, private call setup that no longer needs relay state).
This does not mean “Buzzio stores zero data.” Account identity, push tokens, blocks/reports, and shared-history features still exist where the product needs them.
Optional encrypted backup
Default = no Buzzio-readable private cloud inbox.
If you enable on-device export or paid encrypted cloud backup:
- Backup blobs are encrypted.
- Unlock uses a recovery key you control.
- Buzzio is not building a staff chat-reading panel from those blobs.
Safety tools still exist
Security is not the opposite of safety. Buzzio still supports tools like block and report so people can stop abuse. Those tools need limited operational records — they are not a license to sell private conversations.
Tips and limits
- Protect the 12-word phrase first; everything private starts there.
- “We can’t read sealed chats” is not the same claim as “shared rooms store nothing.”
- Use the Privacy model overview when you need a feature-by-feature matrix.
- Private call media is not kept as a server recording archive.
- If you use optional wallet features tied to the same phrase, treat the phrase as both messaging and funds access.
Related features
- Privacy model overview — which features are sealed vs shared-history.
- Account and Buzzio ID — identity, username, multi-device login.
- Backup and recovery — restore path and plan limits.
- Safety and moderation — block, report, community tools.