buzzio
IntroductionHome
Introduction1-to-1GroupsCommunitiesBroadcastWhisper
PrivacyTerms

1-to-1 Chat

Buzzio 1-to-1 chat is private two-person messaging designed so that even we cannot read your messages. Encryption happens on your device; servers move encrypted envelopes for delivery, then delete them; your readable history stays in a locally encrypted database on your devices.

The same private surface includes encrypted voice and video calls, plus tools like Secure View, Vanish, disappearing timers, once-view, and view-once media.

We do not sell your data — not messages, not who you talk to, not your Buzzio ID. Details: /privacy · overview: /introduction.


How private chat works

In plain terms:

  1. Your message is encrypted on your phone before it leaves.
  2. Our servers only move an encrypted envelope — enough to deliver it, never enough to read it.
  3. Only the other person’s device can unlock it.
  4. After delivery, that server copy is deleted.
  5. Your chat history lives in a locally encrypted database on your devices — not as a Buzzio archive we can open.
PromiseWhat you get
We can’t read your chatsEnd-to-end encryption on device
No lasting “who talks to whom” graphWhen nothing is waiting to deliver, we don’t keep a server social graph of that private chat
No permanent cloud inboxDelete-on-delivery + short safety purge for undelivered traffic
History stays yoursReadable thread on your devices
Extra locks when you need themVanish, Secure View, disappearing, once-view

End-to-end encryption

Buzzio 1-to-1 uses modern private-messaging cryptography. Naming how the lock works is transparency — not a backdoor. Private keys and your 12-word phrase never leave your control.

PieceWhat it means for you
X3DHSecure way two devices agree on secrets when a chat starts — without shipping a password over the network
Double RatchetKeys keep evolving as you chat
Per-message keysEach message gets its own derived key — not one static password for the whole conversation
Forward secrecyIf one message key were ever exposed, past (and normally future) messages stay protected because keys move on
AES-GCMIndustry-standard authenticated encryption for the message blob (and for media file contents)
secp256k1 + HKDFThe elliptic-curve / key-derivation foundation under that stack

In one sentence: keys are negotiated with X3DH, then ratchet forward so every message is sealed tighter than “one shared chat password.”

How a private chat starts

  1. You create an account. Keys are derived on your device from your 12-word recovery phrase. We never receive that phrase or your private messaging keys.
  2. Only public key material is published so others can encrypt to you.
  3. On first contact, devices run X3DH, then switch to the Double Ratchet for ongoing chat.
  4. Photos and files get their own encryption keys; those keys ride inside the already-E2E message — not as something Buzzio can open.

Sessions can recover from a lost first delivery without weakening the model. You do not need to understand that detail to trust the result: your private keys stay on your devices.

What servers see (and don’t)

While a message is waiting to deliver, servers see an encrypted blob plus the minimum routing info needed to wake the right account (for example who it is for / from, timing, and delivery flags).

They never see the readable text, photos, or voice content.

You can verify safety numbers / fingerprints in-app when you want out-of-band confirmation that you’re talking to the right person.


Delete-on-delivery — no permanent inbox

Buzzio is not building a cloud folder of your private chats.

  • While the other person is offline, an encrypted copy may sit briefly on the relay.
  • When their device takes delivery (decrypts and stores it locally), that relay copy is removed.
  • “Delivered” means the recipient’s device processed the message — not merely that they opened and read it.
  • If someone never comes online, undelivered envelopes are safety-purged after about 3 days. Stale traffic does not live forever.

Multi-device note

Delivery is to the account, not an infinite cloud mirror. The first device that successfully receives the message consumes the server copy. Your readable history stays on each device (unless you restore an optional encrypted backup you control). That is intentional privacy — not a bug.


Zero metadata — no social graph of private chats

This is one of Buzzio’s strongest product claims.

If there are no undelivered messages left on our relay for that private conversation:

We do not have a server-side social graph of who you privately talk to for that chat.
We don’t keep a lasting record of “User A chats with User B.”
Your conversation list and message contents stay on your devices — not in a Buzzio address book of your private relationships.

What that means for users

After delivery (nothing left undelivered)
Do we keep a durable “who talks to whom” graph for that private chat?No
Do we keep a searchable archive of what you said?No
Can we open your private transcript later?No — we never had plaintext
Where is your chat list?On your devices

What exists only while a message is undelivered

A short-lived encrypted delivery envelope (routing + ciphertext). Once delivery completes, that envelope is gone. That momentary hop is how push delivery works — it is not a permanent relationship database.

What “zero metadata” does not mean

It does not mean Buzzio stores zero bytes anywhere. Accounts need an ID, public keys so encryption can start, push tokens so notifications work, and safety tools (blocks, reports) so abuse can be handled. Those are operational and safety — not a private chat social graph.

Other Buzzio surfaces (Communities, Broadcast, open-history groups, etc.) store more by design because those products need shared rooms and discovery. Private 1-to-1 is the sealed lane.


Privacy tools

Secure View

Mutual mode: both people agree to harden the chat against screenshots / screen recording while sensitive bubbles are on screen.

  • Pending requests expire in about 2 hours.
  • Android: strong OS-level block.
  • iOS: Apple does not let apps fully block screenshots — Buzzio detects and mitigates in-app.
  • Web: browser limits apply; treat capture blocking as best-effort.

Use it when you want to share something private without leaving a casual screenshot trail.

Vanish mode

Short timers that start after the message is seen — from seconds up to hours (5s → 6h options). Mutual request/agree flow. Session setting; each message gets its own countdown once seen.

Disappearing messages

Chat-level timers: 24 hours · 7 days · 90 days. Countdown starts when you send (not when they read). Applies to text and media. Either side can turn it on.

Kept messages let you exempt specific ones until you unkeep them — without creating a Buzzio-readable cloud transcript.

Once-view & view-once media

ToolWhat it does
Once-view modeChat-level: messages designed to leave ~5 seconds after seen, with stronger screenshot policy
View-once mediaThat photo/video/voice opens once, then is removed from the experience (viewer uses screen security; images auto-clear after a short open window)

Encrypted voice & video calls

Private calls ride the same privacy story:

  • Setup signaling is encrypted — not parked as a permanent call dossier.
  • Audio/video uses peer-to-peer WebRTC when possible (relay only when networks need help).
  • We do not record calls. We can’t play back your call from a Buzzio server archive.
  • The call list you see in the app lives on your device (local history ages out ~24 hours in the UI).
  • When nothing remains for setup, private calls are treated as a zero durable call-metadata surface — no lasting “who called whom” server file for browsing.

Everyday chat features

FeatureHow it fits the promise
Typing indicatorsEphemeral; you can turn them off globally or per contact
Delivery & read receiptsShort-lived ticks for UX; you can limit read receipts
ReactionsShared emoji state for that message — not a full chat backup for Buzzio to read
Reply / forwardForward re-encrypts to new people (limits apply; media types may be blocked)
Shared pinsOptional; both sides see the same pin for a set duration — a small shared exception, not your whole transcript
Delete for everyoneCoordinates removal of pending / local copies
Block & reportSafety only. Reports may use limited evidence already on your device (e.g. last few messages).
Backup (optional)Default = no Buzzio-readable cloud inbox. Optional encrypted export / paid cloud backup uses a recovery key you control

There is no first-class “edit message” for 1-to-1 today — send a correction or delete if needed.


How a message moves

You encrypt on device  →  Blind relay holds ciphertext briefly
                       →  Their device unlocks & saves locally
                       →  Relay copy deleted
                       →  If nothing left undelivered: no who-you-talk-to graph for that chat

Offline friend? The encrypted envelope waits (up to the ~3-day safety window), then is purged if never collected.


Summary

1-to-1 chat is end-to-end encrypted with X3DH and Double Ratchet, per-message keys, and forward secrecy. We cannot read your private messages. Delete-on-delivery means we are a courier, not a filing cabinet. When nothing is undelivered, there is no durable server social graph of who you privately talk to. Your history lives on your devices. Extra modes — Secure View, Vanish, disappearing, once-view — and encrypted calls harden the same private lane.

Related: /introduction · /whisper · /groups · /privacy · /terms

HomeFeaturesHow to useGuidesCompanyPrivacyTermsReport Bug

Buzzio © 2026