Introduction
Buzzio is a private messaging app with a clear architectural promise: sealed conversations stay sealed; shared rooms and feeds say what they store up front; and we never sell your data.
This page explains the account model, what’s inside the product, and how to choose the right surface for the job.
The Buzzio promise
Four boundaries define how Buzzio works:
-
On private encrypted surfaces, we aim to be a blind relay, not a permanent archive.
For 1-to-1 chat, Whisper, end-to-end encrypted groups, and private calls, message bodies are encrypted on your device. Servers move ciphertext for delivery and catch-up, then delete it. Readable history for those chats lives in a locally encrypted database on your devices — not as a cloud plaintext inbox we can open. -
“Zero metadata” means something specific — not “Buzzio stores nothing.”
After private 1-to-1 delivery (when nothing remains undelivered on the relay), after Whisper session expiry and cleanup, and for E2E group and call design goals, we do not keep a durable, searchable server archive of who privately talked to whom and what they said. Momentary routing envelopes, account records, safety tools (blocks and reports), and feature-specific admin state still exist where needed. -
Features that need shared history say so honestly.
Communities, broadcast channels, open-history groups, Stories, Whisper Questions, optional contact sync, and optional encrypted cloud backup store more on purpose so those products work. Content there is still encrypted in transit and at rest under the model each feature requires. -
We do not sell your data.
Not messages. Not metadata. Not Buzzio IDs. Not community posts. Not Whisper content. Not backups. Not wallet activity. Never.
In short: maximum secrecy where the product is a sealed conversation; transparent extra storage where the product is a shared room or public feed; never a data-broker model.
Full legal wording is in the /privacy policy. Product terms are in /terms.
Your Buzzio ID
What it is
Your public account identifier is a Buzzio ID: a randomly generated 12-digit number, shown with dashes for readability (for example 123-456-789-012).
How it is generated
At account creation:
- The app generates a 12-word recovery phrase (BIP-39 mnemonic) on your device.
- Separately, it generates a cryptographically random 12-digit Buzzio ID and checks that it is unused in our user registry.
- Messaging keys are derived locally from the mnemonic — not from the Buzzio ID.
- The Buzzio ID becomes your account address; public key and prekey material is published so others can encrypt to you.
Important: the Buzzio ID is not mathematically derived from the mnemonic. Signing in on another device requires both your Buzzio ID and your 12-word phrase.
What it is not tied to
| Identifier | Required for a Buzzio account? |
|---|---|
| Personal phone number | No |
| Personal email inbox | No |
| Hardware / device IMEI as identity | No |
| Real-name government ID | No |
Authentication may use a synthetic technical address derived from your Buzzio ID — not your real email. Push tokens attach to the account for notifications; they are delivery endpoints, not your public Buzzio identity.
How it is used for discovery and addressing
People reach you by:
- Buzzio ID — typed, pasted, or shared as the raw or dashed 12-digit ID when adding a contact or starting a chat
- Optional @username — a separate, optional global handle that maps to your Buzzio ID (subject to username privacy settings)
- QR / invite flows — for Whisper sessions, groups, communities, and channels (those use their own tokens; they are not a permanent stand-in for your Buzzio ID)
Your Buzzio ID is the durable address for routing encrypted traffic and looking up your public keys. Nicknames you give contacts are usually local labels on your device (unless you opt into optional contact sync).
What it reveals — and what it hides
Reveals (when someone can see it):
- That an account with that ID exists
- Enough to address you for messaging (and, if visible, to look up allow-listed profile fields)
Does not inherently reveal:
- Your phone number or personal email
- Your real-world legal name
- A server-side durable private “chat graph” of everyone you talk to on E2E surfaces after delivery
- Your recovery mnemonic or private keys (those never leave your control)
You control who can see your Buzzio ID with a field-level privacy setting (including “Nobody”). Default discoverability is open enough for people to add you by ID; tighten it if you want the ID itself hidden from others’ profile views.
What’s inside Buzzio
| Feature | One-line description |
|---|---|
| 1-to-1 chat | Private two-person messaging with end-to-end encryption, delete-on-delivery, zero durable chat graph when nothing is undelivered, Secure View, Vanish, disappearing / once-view tools, and encrypted calls. |
| Groups | Small/mid group chat with a choice of E2E or open-history encryption, permanent or temporary lifetime, vanish / Secure View, and Super Admin vs Admin roles. |
| Broadcast channels | One-to-many announcement feeds with public search/discovery, admin-only posting, server-managed encryption, and ~30-day post retention. |
| Communities | Discord-style spaces: channels, roles, permissions, events, moderation, and durable encrypted history under server-held keys. |
| Whisper | Time-limited, QR-started anonymous private sessions — end-to-end encrypted, deleted after expiry, no lasting Whisper chat graph on our servers. |
Encrypted voice and video calls ship as part of the private 1-to-1 surface, covered in that page.
Account-level security
These controls apply to the whole account, not just one chat surface.
Keys and recovery phrase
- A 12-word mnemonic is generated on-device and used to derive your messaging private keys.
- We never receive your mnemonic or private messaging keys.
- Public encryption material (public key / prekeys) is uploaded so others can start encrypted sessions with you.
- If you lose both your devices and your mnemonic, we cannot reconstruct your private chat keys or local history. That is intentional.
If you enable the optional non-custodial Bitcoin wallet, it may use the same 12-word phrase on a separate derivation path — anyone with that phrase can control messaging keys and wallet funds. Protect it accordingly.
Signing in on another device
Buzzio does not treat a phone number as the account. To use the same identity on a new device:
- Enter your Buzzio ID and 12-word mnemonic.
- The device re-derives keys, verifies an encrypted login challenge, and publishes or updates push and prekey material.
What transfers automatically: account identity, keys, and server-side account profile / public crypto state.
What does not appear from the cloud by default: your full private local chat history (that lives on each device unless you restore a backup). Multiple push tokens can exist so notifications reach more than one device; that is push delivery, not a full cloud mirror of every private thread.
Backup and export
| Path | What it is |
|---|---|
| Default (no backup) | Private E2E chat bodies are not kept as a decryptable cloud archive we can open. History stays on-device. |
| On-device encrypted export | You can export an encrypted backup file controlled by a recovery key you set — separate from day-to-day “Buzzio can read your chats.” |
| Optional paid encrypted cloud backup | Encrypted backup blobs may be stored so you can restore; recovery depends on your recovery key. We are not building a readable cloud chat panel for ourselves. |
| Privacy / account export request | You can request certain account data via privacy channels. E2E message bodies we cannot decrypt are not exportable from our servers as plaintext. |
Uninstalling the app destroys local data on that device. Losing the mnemonic (and having no encrypted backup you can unlock) means those private keys and that local history are gone for good.
Profile privacy at the account layer
Beyond chat features, the account supports field-level privacy for Buzzio ID, username, photo, description, last seen, and who may add you to groups. Optional contact sync is off by default; enabling it stores a server-side saved-contact map only because you opted in.
How to choose a surface
| If you want… | Use |
|---|---|
| Sealed two-person chat and minimal durable server chat graph | 1-to-1 |
| Time-boxed anonymous meeting without exchanging IDs | Whisper |
| Operator-blind group chat | E2E groups |
| Shared group backscroll for later joiners | Open-history groups |
| Multi-channel home with roles and events | Communities |
| One-to-many announcements without chat replies | Broadcast channels |
The privacy model changes with the surface. The commercial rule does not: we do not sell the data either way.
Summary
Buzzio separates sealed conversations (1-to-1, Whisper, E2E groups, private calls) from shared products that need durable history (open-history groups, communities, broadcast). Your account identity is a random Buzzio ID plus an on-device recovery phrase — not a phone number or personal email. Readable private history stays on your devices unless you restore a backup you control.
Related: /privacy · /terms · /one-to-one-chat · /groups · /communities · /broadcast-channels · /whisper