buzzio
Privacy PolicyTerms & ConditionsHome

On this page

  • 0. WHO CONTROLS YOUR DATA
  • 1. OUR CORE PROMISE
  • 2. WHO WE ARE & WHAT THIS COVERS
  • 3. YOUR BUZZIO ID (IDENTITY)
  • 4. WHERE “ZERO METADATA” APPLIES
  • 5. ONE-TO-ONE CHAT
  • 6. WHISPER PRIVATE CHAT (QR ANONYMOUS SESSION)
  • 7. WHISPER QUESTIONS
  • 8. END-TO-END GROUPS
  • 9. OPEN-HISTORY GROUPS
  • 10. PRIVATE CALLS (VOICE & VIDEO)
  • 11. BROADCAST CHANNELS
  • 12. COMMUNITY
  • 13. STORIES
  • 14. PROFILE, USERNAME, PRESENCE & ACHIEVEMENTS
  • 15. OPTIONAL CONTACT SYNC
  • 16. OPTIONAL ENCRYPTED CLOUD BACKUP
  • 17. MEDIA & FILES
  • 18. PUSH NOTIFICATIONS
  • 19. SUBSCRIPTIONS, PREMIUM & LINK PACKS
  • 20. OPTIONAL BITCOIN WALLET
  • 21. GIFS & STICKERS (GIPHY)
  • 22. ANALYTICS, APP INTEGRITY & SECURITY TELEMETRY
  • 23. LOCAL DEVICE STORAGE
  • 24. WHAT WE ABSOLUTELY DO NOT DO
  • 25. LAW ENFORCEMENT REQUESTS
  • 26. DATA DELETION & WHAT MAY REMAIN
  • 27. THIRD-PARTY SERVICES (SUBPROCESSORS)
  • 28. PERMISSIONS & LOCATION
  • 29. CHILDREN'S PRIVACY
  • 30. LEGAL BASES (EEA / UK / SIMILAR LAWS)
  • 31. YOUR PRIVACY RIGHTS
  • 32. INTERNATIONAL DATA TRANSFERS
  • 33. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)
  • 34. COOKIES & SIMILAR TECHNOLOGIES (WEB)
  • 35. SECURITY MEASURES
  • 36. DATA BREACH NOTIFICATION
  • 37. CHANGES TO THIS POLICY
  • 38. CONTACT
  • 39. PLAIN-LANGUAGE SUMMARY

Legal

Privacy Policy

How Buzzio collects, uses, stores, and protects your data across private chat, groups, communities, broadcast, Whisper, and related services.

Last updated July 13, 2026Contact app449377@gmail.comTerms & Conditions →
On this page (40)
  • 0. WHO CONTROLS YOUR DATA
  • 1. OUR CORE PROMISE
  • 2. WHO WE ARE & WHAT THIS COVERS
  • 3. YOUR BUZZIO ID (IDENTITY)
  • 4. WHERE “ZERO METADATA” APPLIES
  • 5. ONE-TO-ONE CHAT
  • 6. WHISPER PRIVATE CHAT (QR ANONYMOUS SESSION)
  • 7. WHISPER QUESTIONS
  • 8. END-TO-END GROUPS
  • 9. OPEN-HISTORY GROUPS
  • 10. PRIVATE CALLS (VOICE & VIDEO)
  • 11. BROADCAST CHANNELS
  • 12. COMMUNITY
  • 13. STORIES
  • 14. PROFILE, USERNAME, PRESENCE & ACHIEVEMENTS
  • 15. OPTIONAL CONTACT SYNC
  • 16. OPTIONAL ENCRYPTED CLOUD BACKUP
  • 17. MEDIA & FILES
  • 18. PUSH NOTIFICATIONS
  • 19. SUBSCRIPTIONS, PREMIUM & LINK PACKS
  • 20. OPTIONAL BITCOIN WALLET
  • 21. GIFS & STICKERS (GIPHY)
  • 22. ANALYTICS, APP INTEGRITY & SECURITY TELEMETRY
  • 23. LOCAL DEVICE STORAGE
  • 24. WHAT WE ABSOLUTELY DO NOT DO
  • 25. LAW ENFORCEMENT REQUESTS
  • 26. DATA DELETION & WHAT MAY REMAIN
  • 27. THIRD-PARTY SERVICES (SUBPROCESSORS)
  • 28. PERMISSIONS & LOCATION
  • 29. CHILDREN'S PRIVACY
  • 30. LEGAL BASES (EEA / UK / SIMILAR LAWS)
  • 31. YOUR PRIVACY RIGHTS
  • 32. INTERNATIONAL DATA TRANSFERS
  • 33. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)
  • 34. COOKIES & SIMILAR TECHNOLOGIES (WEB)
  • 35. SECURITY MEASURES
  • 36. DATA BREACH NOTIFICATION
  • 37. CHANGES TO THIS POLICY
  • 38. CONTACT
  • 39. PLAIN-LANGUAGE SUMMARY

0. WHO CONTROLS YOUR DATA

ItemDetail
Controller / operatorThe Buzzio Team — currently an unincorporated operator of the Buzzio app and related services. We may assign operations to a future registered legal entity; this policy will be updated with the entity’s legal name and address when that happens.
Contact for privacyapp449377@gmail.com — use subject Privacy Request
Websitehttps://buzzio.dev
Data Protection Officer (DPO)Not appointed at this time. If law later requires a DPO or an EU/UK representative, we will publish those details here and notify users in-app.

1. OUR CORE PROMISE

Buzzio is built so that your private conversations stay private.

We design private messaging so that, wherever possible:

  • we cannot read your end-to-end encrypted messages
  • we do not keep a durable server-side archive of who you privately talk to
  • we do not sell your data — never have, never will

We do not sell your data.
Not messages. Not metadata. Not Buzzio IDs. Not community posts. Not Whisper answers. Not reactions. Not blocks. Not reports. Not backups. Not wallet activity. Never.

Under California law (CCPA/CPRA), we also do not “sell” or “share” personal information for cross-context behavioral advertising. See §33.

This policy explains, feature by feature:

  1. What we store
  2. What we do not store
  3. How encryption and deletion work
  4. Where “zero metadata” applies — and where it does not

If a feature needs more storage to work (Community, Broadcast, Stories, Whisper Questions, open-history groups, optional contact sync, optional cloud backup), we say so honestly. Even then, we still do not sell that data.


2. WHO WE ARE & WHAT THIS COVERS

This Privacy Policy applies to the Buzzio mobile app and related Buzzio services, including:

  • One-to-one private chat
  • Whisper private chat (QR anonymous sessions)
  • Whisper Questions (whisper.buzzio.dev and related web pages)
  • End-to-end groups and open-history groups
  • Private voice & video calls
  • Broadcast channels
  • Communities
  • Stories
  • Profile / username / privacy settings
  • Optional encrypted cloud backup
  • Optional non-custodial Bitcoin wallet
  • Buzzio Premium and in-app purchases (including Whisper Questions Link Packs)

By using Buzzio, you acknowledge this Privacy Policy. Where law requires a separate consent for a specific processing activity (for example optional contact sync, non-essential cookies, or certain analytics), we will ask for that consent in-product or on the web.

If you do not agree, do not use the app or related sites.


3. YOUR BUZZIO ID (IDENTITY)

What a Buzzio ID is

Your public account identifier is a Buzzio ID — a randomly generated 12-digit identifier (shown with dashes for readability).
Internally, systems may still refer to this same identifier as a technical ghostId field for historical compatibility. For users, the name is Buzzio ID.

What only you control

  • A 12-word mnemonic recovery phrase is generated on your device.
  • Cryptographic private keys are derived locally.
  • We never receive your mnemonic or private messaging keys.
  • If you lose your device and your mnemonic, we cannot recover your private chat keys or local history. That is intentional.

Core account data we hold

DataWhyHow long
Buzzio IDRoute traffic to your accountUntil account deletion
Account creation timestampAuth / account integrityUntil account deletion
Last sign-in timestampAuth / account integrityUntil account deletion
Public encryption key / prekey materialSo others can encrypt only for youUntil account deletion / key rotation
FCM push token(s)Deliver notificationsOverwritten on login changes; deleted on logout / account deletion
Optional profile fields you setNickname, username, description, photo, privacy settings, achievements, premium statusUntil you change/remove them, they expire, or you delete your account

What we do not require

  • No personal phone number as identity
  • No personal email as identity
  • Auth may use a synthetic technical address derived from your Buzzio ID for Firebase Auth — not your real email inbox identity

We do not sell Buzzio ID or account data. Never.


4. WHERE “ZERO METADATA” APPLIES

“Zero metadata” is not a blanket claim for every Buzzio surface.

It applies to these private encrypted surfaces:

FeatureZero durable “who talks to whom” archiveEncryption model
1-to-1 chatYes — once there are no undelivered messages left on our relay for that conversationEnd-to-end (X3DH + Double Ratchet)
Whisper private chatYes — after the session expires and cleanup runsEnd-to-end session crypto
End-to-end groupsYes for message archives — no durable readable transcript of what was saidEnd-to-end sender-key style
Private callsYes for durable call history/recordings on our serversEncrypted signaling + peer-to-peer WebRTC media

What “zero metadata” means here

It means we do not keep a durable, searchable server-side conversation graph or readable private chat/call archive on those surfaces after delivery/expiry — beyond:

  • momentary encrypted delivery traffic
  • the limited account / safety / admin data listed in this policy

What it does not mean

It does not mean “Buzzio stores nothing anywhere.”
Features like Community, Broadcast, Stories, Whisper Questions, open-history groups, blocks, reports, optional pins, optional contact sync, and optional cloud backup store more by design so those features can work.

None of that data is sold. Never.


5. ONE-TO-ONE CHAT

How collection & delivery work

  1. Messages are end-to-end encrypted on your device before they leave it.
  2. Our servers act as a blind relay: they see encrypted blobs, not readable message text.
  3. While waiting for delivery, an encrypted envelope may temporarily include routing fields needed to deliver it (for example sender Buzzio ID, ciphertext, message type, sequence, and flags such as view-once / disappearing / secure-mode related flags).
  4. After the recipient’s device receives the message, the encrypted copy is removed from our relay.
  5. Your readable history lives in a locally encrypted database (SQLCipher) on your device — not as a cloud plaintext archive we can open.

Exact retention for undelivered relay traffic

  • Undelivered 1-to-1 pending envelopes are safety-purged on a 3-day retention schedule.
  • Stale undelivered traffic does not stay forever.

The key guarantee

If there are no undelivered messages left for a conversation on our relay, we do not retain a server-side record of who you are talking to for that chat.
Your conversation list and message contents remain on your device.

Privacy controls inside 1-to-1 chat

FeatureWhat it does
Secure ViewMutual mode that strengthens protection against screenshots / screen recording while active. Pending Secure View requests expire (about 2 hours).
Secure Mode / vanish-style TTL after seenMessages can be set to disappear after being seen on short TTLs (options from seconds up to hours).
Disappearing messagesChat-level disappearing timers: 24 hours / 7 days / 90 days.
Once-view modeMessages are designed to disappear shortly after seen (about 5 seconds) with stronger screenshot protection.
View-once mediaPhotos/videos open once, then are removed from the chat experience as designed.
Kept messagesLets you exempt specific messages from disappearing behavior until unkept. This is a participant control signal — not a reason for us to store a readable cloud transcript.
BlockStops contact. Block relationships may be enforced server-side (user_blocks) so the block works across sessions. Safety control only — not sold.
ReportYou may submit limited evidence (typically the last 5 messages already on your device) so moderation can review abuse. Reports exist for safety, not advertising. Not sold. Report evidence may be retained until reviewed/handled (typically up to 90 days, or longer if needed for an active safety/legal matter).
Private device storageContacts, keys, and private chat history are stored in your device’s encrypted local database.

Optional / exceptional 1-to-1 server records

These are not your full chat transcript, but can exist if you use the feature:

  • Shared pins: limited pin metadata may include a short plaintext snippet (capped) so both sides can see the pin; pin durations include 24h / 7d / 30d.
  • Blocks / reports: safety enforcement as above.
  • Presence / last seen: optional online / last-seen signals with privacy allow-lists you control; stale presence is cleaned (about 24 hours for stale offline nodes).

Even where these exist: we do not sell them. Never.


6. WHISPER PRIVATE CHAT (QR ANONYMOUS SESSION)

Whisper private chat lets people start a time-limited, end-to-end encrypted conversation (often via QR) without building a permanent social graph of that chat on our servers.

Encryption

  • Messages are end-to-end encrypted with a session key for that Whisper session.
  • We treat Whisper private chat as a zero-metadata conversation surface for chat content and durable “who talked to whom” message history after expiry.

Session controls

  • Duration presets typically range from 1 hour up to 168 hours (7 days).
  • Optional vanish timers (for example seconds to hours).
  • Optional screenshot restriction.
  • Scan limits (for example up to 50 scans depending on settings).

What session setup may store (honest list)

To operate and expire the session, we may temporarily store operational fields such as:

  • expiry time, scan count / max scans
  • vanish / screenshot settings
  • session status / name
  • creator push token for notifications
  • creator Buzzio ID (used so Cloud Functions / notifications can operate the session)

Message bodies remain end-to-end encrypted. Operational session fields exist to run and delete the session — not to build advertising profiles.

Deletion after expire

  • When a Whisper private session expires, associated session data and relay paths are deleted from our servers (with safety cleanup jobs for expired/orphaned sessions).
  • Local session messages/media are removed according to the session design.

We do not sell Whisper private chat data. Never.


7. WHISPER QUESTIONS

Whisper Questions is a separate feature from Whisper private chat. It is anonymous Q&A via links such as whisper.buzzio.dev.

Important: different privacy model

Whisper Questions is not end-to-end encrypted like Whisper private chat.
Answers must be stored so the link owner can read them.

What we store

DataWhy
Question + answers (plaintext to the service that stores them for the owner)Feature function
Owner Buzzio IDOwnership
Link slug / template / statusPublic link routing
Expiry timestampsAuto-expire
Salted IP hash on answers / rate-limit docsAbuse prevention (not your real IP stored in clear for profiling)
Reports / stop / delete actionsSafety

Exact retention

  • Free links: about 24 hours
  • Link Pack (paid) links: about 15 days
  • Expired links/answers are cleaned according to those windows

What we promise

  • We do not sell Whisper Questions data. Never.
  • We do not use answers to build advertising profiles.
  • Owners can stop collecting, delete answers, and report abuse.
  • Share/growth counters may be aggregated operationally; answer text is not sold to advertisers.

8. END-TO-END GROUPS

Message privacy

  • Message bodies are end-to-end encrypted.
  • Encrypted group delivery traffic is retained briefly for catch-up, then purged — E2E group message bucket retention is 5 days.
  • We do not keep a durable readable transcript of what E2E group members said.
  • Future joiners do not automatically receive old E2E history the way an open archive would.

Zero metadata vs membership

  • Zero metadata here means: no durable private message archive / conversation transcript of content.
  • Membership & roles are different: to run a group we know who is a member and who has admin powers. That is administration data, not a sold chat graph.

Group controls

FeatureMeaning
Group passwordJoin can require a password (stored as a hash).
SuperadminHighest control (manage admins, ownership transfer, critical controls).
AdminManage members/settings within permissions.
Add / remove memberIntentional membership administration.
Banned membersSafety / moderation state for the group.
Vanish modeMessages disappear on devices per group vanish settings.
Secure view / screenshot protectionStrengthens protection against screenshots / recording in that group.
View-once mediaOpen once, then disappear from the chat experience.
Temporary groupsCan be time-limited (up to about 30 days / 720 hours depending on settings).

We do not sell E2E group data. Never.


9. OPEN-HISTORY GROUPS

Some groups use open-history mode with a server-held encryption key (DEK) so:

  • history can be available to members (including later joiners)
  • shared media pool / storage features can work

Honest differences from E2E groups

  • Open-history is not the same as end-to-end groups.
  • Durable encrypted history is stored as required by the feature.
  • Default history retention is on the order of 365 days, subject to plan / media-pool / boost limits (for example freemium media-pool style caps such as about 100 MB before boosts).

We still do not sell open-history group data. Never.


10. PRIVATE CALLS (VOICE & VIDEO)

  • Call signaling (setup data) is encrypted and is not kept as a permanent call transcript.
  • While ringing/connecting, short-lived signaling may include operational hints needed to fetch keys / route the call.
  • Call media uses peer-to-peer WebRTC whenever possible.
  • We do not record calls. We cannot play back your call audio/video from a Buzzio server archive.
  • Call history you see in the app is stored locally on your device.
  • We treat private calls as a zero durable call-metadata archive surface: no server-side call history/recordings of who called whom.

We do not sell call data. Never.


11. BROADCAST CHANNELS

Broadcast channels are one-to-many publishing feeds. They are not end-to-end encrypted like 1-to-1 / Whisper private / E2E groups. They use server-managed encryption so a public or invite-gated feed can work.

Public vs unpublic at creation

  • When you create a channel, use the “Public channel” / discoverable toggle.
  • Public (ON): discoverable/searchable so people can find and follow it.
  • Unpublic / not public (OFF): not openly listed for everyone; access is limited to how the channel is shared and followed (admins / followers), not open search discovery.

Who can message

  • Admins compose and post.
  • Followers receive posts and can engage as allowed (for example reactions).
  • Followers do not get free-for-all posting like a community chat unless permissions say otherwise.

Retention

  • Broadcast history is retained for 30 days, then deleted.

Reactions

  • Users can react with emoji.
  • Public viewers may see anonymous tallies.
  • To prevent duplicate spam voting, the server may keep per-user uniqueness records.
  • That is product integrity data — not sold.

We do not sell broadcast data. Never.


12. COMMUNITY

Communities are shared spaces with roles, channels, media, and durable history.
They are not end-to-end encrypted like 1-to-1 chat. They use server-held encryption keys (DEK) so history, roles, and moderation work across members and devices.

How messages are stored

  • Messages and media are stored in community infrastructure under the community encryption model.
  • Default history retention is about 365 days, plus media-pool / plan limits.
  • Supported content includes text, images, videos, GIFs, and stickers (permissions controlled by roles).

Deletion

  • Members with permission can delete messages, including delete-for-everyone style controls where supported.
  • Deleted messages are tombstoned / removed from active history according to community deletion design.
  • Leaving or being removed ends your membership access; remaining members may still see community history under retention rules.

Reactions

  • People can react to messages.
  • Reactions may store who reacted (for example user id / display name + emoji) so the feature works.
  • Not sold.

Roles & administrators

  • Communities support role creation and administrator / privileged roles.
  • Roles control sending text/media/GIF/sticker, reacting, pinning, moderating, and more.
  • Role maps, member lists, bans, invites, password join hashes, channel vanish / screenshot settings, and audit-style privileged-action logs may be stored so moderation works.

Community metadata (honest list)

MetadataWhy
Community profile / settingsOperate the space
Member list & rolesPermissions & admin tools
Messages & media (server-encrypted)History & media features
ReactionsReaction UI & uniqueness
Channel settings (vanish / screenshot protection / password)Access & privacy controls
Bans, invites, moderation / audit logsSafety & administration
Storage / media-pool usageEnforce limits

This is more metadata than private 1-to-1 E2E chat by design.
It is still not sold, not used for advertising profiles, and not shared with data brokers.

We do not sell community data. Never.


13. STORIES

  • Stories are short-lived posts with about a 24-hour lifetime.
  • Story media/metadata needed to deliver and show viewers is stored for that window, then cleaned up.
  • Audience controls (for example contacts / privacy lists) determine who can see a story.
  • If you enable optional contact sync (below), story privacy audiences can use synced contact sets.

We do not sell story data. Never.


14. PROFILE, USERNAME, PRESENCE & ACHIEVEMENTS

Depending on what you set, we may store:

  • Nickname / display name
  • @username (global username mapping to your Buzzio ID)
  • Description / bio (with optional short TTLs you choose, for example hours to days)
  • Profile photo (auto-deleted from our servers after about 7 days)
  • Field-level privacy settings (who can see Buzzio ID, username, photo, description, last seen, group-add, etc.)
  • Achievements you earn
  • Premium / badge / subscription status fields needed to unlock features

Presence / last-seen can be limited by your privacy allow-lists.

We do not sell profile or achievement data. Never.


15. OPTIONAL CONTACT SYNC

By default, your contact nicknames live on your device.

If you opt in to contact sync (for features such as story audiences / cross-device contact convenience):

  • we may store a saved_contacts_sync-style map of contact IDs and nicknames on your account
  • this creates a server-side contact set only because you enabled it
  • you can turn it off; synced data is for product function, not advertising
  • turning it off stops new sync; previously synced entries are removed from our servers within a reasonable period (typically within 30 days, or sooner when account deletion runs)

Separately, limited mutual-messaging / visibility graphs may exist so profile privacy rules (who can see what) can work.

We do not sell contact lists. Never.


16. OPTIONAL ENCRYPTED CLOUD BACKUP

Buzzio may offer optional paid encrypted cloud backup.

  • Backups are encrypted before upload.
  • Recovery depends on keys/recovery material you control on your device.
  • We store encrypted backup blobs so you can restore — we are not building a readable cloud chat panel for ourselves.
  • If you never enable backup, private E2E chat bodies are not kept as a decryptable cloud archive by default.

We do not sell backups. Never.


17. MEDIA & FILES

  • On E2E surfaces (1-to-1, Whisper private, E2E groups), media is encrypted before upload. E2E media relays typically expire quickly (about 24 hours for many E2E media uploads).
  • Community / Broadcast / open-history / Stories media follow those features’ retention and media-pool rules.
  • Group profile images for permanent groups may be cleaned on a longer schedule (about 20 days in cleanup jobs).

We do not sell media. Never.


18. PUSH NOTIFICATIONS

  • We use Firebase Cloud Messaging (FCM) to wake your device.
  • Notification payloads are designed to avoid exposing private message contents in the clear.
  • Short-lived operational notification logs may be retained briefly for delivery reliability (about 7 days), then cleaned.
  • Push tokens are delivery addresses — not sold.

19. SUBSCRIPTIONS, PREMIUM & LINK PACKS

  • Payments are processed by Google Play and/or the Apple App Store.
  • We receive verification that a purchase/subscription is active.
  • We do not receive your card number or store checkout billing identity as a payment processor.
  • Buzzio Premium and Whisper Questions Link Packs are separate purchase types.
  • Entitlement status is linked to your Buzzio ID for feature unlocks.

We do not sell payment or subscription data. Never.


20. OPTIONAL BITCOIN WALLET

If you activate the optional wallet:

  • It is non-custodial. We never hold your Bitcoin, seed, or wallet private keys.
  • Wallet keys are derived locally on a separate BIP-84 path from messaging keys.
  • Important: the wallet may use the same 12-word recovery phrase as your messaging identity. Anyone with that phrase can control both your messaging keys and your Bitcoin. Protect it carefully.
  • Public blockchain APIs (for example Blockstream Esplora) and optional price APIs (for example CoinGecko) may be used to show balances/prices.
  • If enabled, a public receive address may be visible to mutual contacts who also enabled the wallet, solely to send Bitcoin between contacts.
  • Wallet activation has a higher age requirement in our Terms (18+).

Blockchain transactions are public by nature of Bitcoin. That is the network, not Buzzio selling data.

We do not sell wallet data. Never.


21. GIFS & STICKERS (GIPHY)

  • GIF/sticker search may use GIPHY.
  • Search queries and related request data may be processed by GIPHY under GIPHY’s own terms/privacy policy.
  • This is for sticker/GIF features only — not a Buzzio sale of your private chats.

22. ANALYTICS, APP INTEGRITY & SECURITY TELEMETRY

What we use

  • Firebase Analytics (Google) may collect app usage and reliability events (for example feature usage counts, session/engagement metrics, device/app version, crash-adjacent diagnostics as configured).
  • We use this to understand delivery health, fix bugs, and keep Buzzio running — not to sell ads or build advertiser profiles of who you talk to.
  • We may also collect anonymous / aggregate operational metrics (infrastructure cost, reliability).
  • App Check / device integrity (for example Play Integrity / DeviceCheck) may be used to reduce abuse.
  • Rate limits may temporarily store counters to stop spam (reports, Whisper Questions, push flooding, etc.).

What we do not do with analytics

  • We do not run advertising networks that profile you to sell ads.
  • We do not sell analytics. Never.

How to limit analytics

  • Use your device OS privacy / ad / analytics controls where available.
  • Uninstalling the app stops further app analytics from that install.
  • Email app449377@gmail.com (subject: Privacy Request — Analytics) if you need help with a specific request.
  • Exact Firebase Analytics configuration can change as we ship updates; material changes will be reflected in this policy.

23. LOCAL DEVICE STORAGE

On your device, Buzzio stores:

  • encrypted message databases
  • contacts / keys
  • local call history
  • settings and caches needed for the app

Uninstalling destroys local app data on that device. Losing the mnemonic means we cannot reconstruct your private keys.


24. WHAT WE ABSOLUTELY DO NOT DO

Across every feature:

  • ❌ Sell your data — never
  • ❌ Sell access to advertisers, data brokers, or “partners” for profiling
  • ❌ “Share” personal information for cross-context behavioral advertising (CCPA/CPRA meaning)
  • ❌ Build advertising profiles of who you are or who you talk to
  • ❌ Require your personal phone number or personal email as identity
  • ❌ Keep a default cloud backup of your E2E 1-to-1 chat bodies that we can decrypt

For private E2E surfaces (1-to-1, Whisper private, E2E groups, private calls), after delivery/session needs are done:

  • ❌ No durable “who talks to whom” private chat graph left on the server when nothing remains undelivered / when the session expired
  • ❌ No readable private message archive or call recording archive on our side

25. LAW ENFORCEMENT REQUESTS

What we can provide is limited to what we actually hold for that account/feature, for example:

  1. That a Buzzio ID exists
  2. Account creation / last sign-in timestamps
  3. Feature-specific records only if that feature was used and data is still within retention (for example community membership, broadcast posts within 30 days, Whisper Questions still within TTL, blocks/reports, undelivered encrypted envelopes still waiting, optional synced contacts if enabled, optional encrypted backup ciphertext if enabled)

For 1-to-1 chat with no undelivered messages, expired Whisper private sessions, E2E group message archives, and private call recordings: there is no readable private history for us to hand over, because we do not keep one.

We cannot decrypt E2E message bodies. Private keys stay on devices.


26. DATA DELETION & WHAT MAY REMAIN

How to delete

  • Delete account in-app: removes core account records we control (Buzzio ID account doc fields, public keys, push tokens, and associated deletable server data).
  • Email deletion request: app449377@gmail.com (subject: Privacy Request — Delete Account)
  • Uninstall: destroys local encrypted database on that device.

Automatic cleanup examples

  • 1-to-1 pending relay: 3 days
  • E2E group buckets: 5 days
  • Broadcast history: 30 days
  • Community / open-history default history: 365 days
  • Profile photos: 7 days
  • Stories: 24 hours
  • Whisper Questions: 24 hours free / 15 days Link Pack
  • Whisper private sessions: deleted at expiry
  • Notification logs: about 7 days

Feature controls (disappearing, once-view, vanish, delete-for-everyone, stop Whisper Questions, leave community) remove or limit data according to each design.

After account deletion — what we may still keep

We aim to delete account-linked data we control promptly (typically within 30 days of a verified deletion request). We may retain limited records when reasonably necessary for:

RetentionTypical periodWhy
Open abuse reports / enforcement recordsUp to 90 days after closure (or longer if an active legal matter)Safety & legal defense
Purchase / entitlement verification logs needed for store disputesAs required by Apple / Google or tax/accounting rulesTransactions
Aggregated, de-identified analyticsOngoing (not tied to your Buzzio ID)Product reliability
Backup ciphertext you paid forUntil you delete backup / account, then purged under cleanup jobsFeature function

Community/Broadcast content you posted may remain visible to other members under those features’ retention rules even after you leave, until that content ages out or is deleted by admins.


27. THIRD-PARTY SERVICES (SUBPROCESSORS)

ServicePurposeWhat they receive
Firebase (Auth, Firestore, RTDB, FCM, Storage, Functions, App Check, Remote Config, Analytics)Backend, auth, relay, notifications, integrity, product metricsAccount/operational data required to run Buzzio; E2E bodies remain ciphertext where designed; Analytics events as configured
Cloudflare R2 / Workers (including history API surfaces such as history-api.buzzio.dev)Durable history for applicable featuresFeature-scoped encrypted/history objects under retention rules
Bunny storage/CDNMedia for community / open-history / broadcast / stories / backupsFeature-scoped media/backup objects
Google Play / Apple App StorePayments & distributionPurchase handling by the store; we get entitlement verification
GIPHYGIF/sticker searchSearch/request data per GIPHY’s policy
Blockstream Esplora (or similar)Optional wallet chain dataPublic blockchain queries if wallet enabled
CoinGecko (or similar)Optional price referencePrice API requests if wallet UI needs fiat estimates

We treat these providers as service providers / processors for running Buzzio — not as buyers of your data.
We do not use advertising networks or data brokers.
We do not sell data through any third party. Never.

A living subprocessor list may also be published at https://buzzio.dev or in SUBPROCESSORS.md in our project docs when updated.


28. PERMISSIONS & LOCATION

PermissionWhyCan you deny it?
CameraPhotos/videos, QR scanningYes
MicrophoneVoice notes & callsYes
Storage / PhotosAttach mediaYes
LocationOptional location sharing inside chat (you choose to send a location message)Yes
NotificationsAlertsYes
Background executionReceive while closedYes

Location data (detail)

  • Buzzio does not continuously track your GPS in the background for advertising.
  • Location is used when you pick and send a location (lat/lng and optional address text) as a message.
  • On E2E surfaces, that location payload is treated like other message content (encrypted to recipients). We do not keep a separate durable “location history” archive for private chats beyond normal message relay rules.
  • On server-stored surfaces (for example Community), a location message follows that feature’s retention (for example ~365 days).
  • Reverse-geocoding (address lookup) may use on-device or map/provider APIs as implemented in the app; deny Location to disable the feature.

Denying a permission disables the related feature. Permissions do not grant us readable copies of your E2E private chats.


29. CHILDREN'S PRIVACY

Buzzio is not directed at children under 13.
You must be at least 13 years of age to use Buzzio (see Terms).

We do not knowingly collect personal information from children under 13.
If we learn that a user is under 13, we will delete the account.

(Wallet features require 18+ under our Terms.)

If you believe a child under 13 has created an account, email app449377@gmail.com (subject: Privacy Request — Under 13).


30. LEGAL BASES (EEA / UK / SIMILAR LAWS)

Where the GDPR, UK GDPR, or similar laws apply, we process personal data on these bases:

ProcessingTypical legal basis
Creating and operating your account, delivering messages/calls, Premium entitlementsContract (performance of the Terms)
Optional contact sync, optional cloud backup, certain device permissionsConsent (you can withdraw)
Firebase Analytics / reliability metrics, abuse prevention, App Check, rate limits, securityLegitimate interests (run a secure, reliable service) — balanced against your rights
Blocks, reports, enforcement, responding to lawful requestsLegitimate interests and/or legal obligation
Salty IP hashes on Whisper QuestionsLegitimate interests (abuse prevention)

You may object to processing based on legitimate interests where the law allows. Email app449377@gmail.com (subject: Privacy Request — Objection).


31. YOUR PRIVACY RIGHTS

Depending on where you live, you may have some or all of these rights:

RightWhat it meansHow to exercise
AccessAsk what personal data we hold about youEmail app449377@gmail.com — subject Privacy Request — Access
CorrectionFix inaccurate account/profile dataEdit in-app where possible, or email Privacy Request — Correction
DeletionDelete your account / request erasureIn-app account delete or email Privacy Request — Delete Account
PortabilityReceive a copy of certain account data in a common formatEmail Privacy Request — Export (we will provide what we reasonably can; E2E message bodies we cannot decrypt are not exportable from our servers)
Restrict / objectLimit certain processingEmail Privacy Request — Restrict or Objection
Withdraw consentTurn off optional features you opted intoDisable in-app (contact sync, backup, permissions) or email us
ComplaintLodge a complaint with a supervisory authorityYour local data-protection authority (EEA/UK) or equivalent

We will respond within a reasonable period (typically 30 days, or sooner if local law requires). We may need to verify you control the Buzzio ID before fulfilling a request.


32. INTERNATIONAL DATA TRANSFERS

Buzzio uses cloud infrastructure that may process data in multiple regions, including the United States and other countries where our providers operate (for example Google Firebase / Google Cloud and Cloudflare).

When personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision:

  • we rely on appropriate safeguards offered by our providers, such as the European Commission’s Standard Contractual Clauses (SCCs) (and UK equivalents where applicable), plus the technical measures in this policy (encryption, access limits, retention); and/or
  • other lawful transfer mechanisms recognized under applicable law.

By using Buzzio you acknowledge that operational processing may occur on those systems. This acknowledgment is not a substitute for the safeguards above where law requires them.


33. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)

If you are a California resident, you may have rights to:

  • Know categories and specific pieces of personal information collected
  • Delete personal information (subject to exceptions)
  • Correct inaccurate personal information
  • Opt out of sale or sharing of personal information
  • Limit use of sensitive personal information (where applicable)
  • Non-discrimination for exercising these rights

We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.

To exercise California rights, email app449377@gmail.com with subject Privacy Request — California. You may use an authorized agent as permitted by law; we may require proof of authorization and identity verification.

Categories we may collect (depending on features you use) include identifiers (Buzzio ID, usernames), internet/network activity (usage events, IP hashes for abuse control), commercial information (subscription entitlement), geolocation (only if you send a location message), audio/visual content you upload, and inferences limited to product operation (not ad profiles).


34. COOKIES & SIMILAR TECHNOLOGIES (WEB)

Buzzio’s mobile app is not a traditional browser cookie environment. Our web surfaces (for example Whisper Questions at whisper.buzzio.dev) may use:

TypeExamplesPurposeConsent
Strictly necessaryLoad balancing, security, rate-limit / salted IP hash processing, session needed to submit an answerMake the page work and stop abuseAllowed as essential
Preferences / analyticsIf we add non-essential analytics or preference cookies laterUnderstand traffic or remember settingsWe will ask for consent where required before setting them

Today, Whisper Questions is designed around essential operation (fetch question, submit answer, abuse controls). We do not use advertising cookies.

How to control cookies: use your browser settings to block or delete cookies. Blocking essential storage may break the page. See also the short notice on the Whisper web page linking to this policy.


35. SECURITY MEASURES

We use technical and organizational measures appropriate to the sensitivity of the data, including:

  • End-to-end encryption for private chat / Whisper private / E2E groups (we cannot read message bodies)
  • Encryption in transit (TLS) for client–server connections
  • Local encryption of private databases on device (SQLCipher) where designed
  • Server-side encryption / access controls for Community, Broadcast, open-history, and similar features
  • App Check / device integrity checks to reduce automated abuse
  • Least-privilege access for operators and automated jobs
  • Retention limits and cleanup jobs described in this policy

No method of transmission or storage is 100% secure. You remain responsible for protecting your device and mnemonic.


36. DATA BREACH NOTIFICATION

If we become aware of a personal-data breach that affects Buzzio users:

  1. We will investigate and contain the incident.
  2. Where legally required, we will notify the competent authority without undue delay (for GDPR, that is generally within 72 hours of becoming aware, where feasible).
  3. If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, via in-app notice and/or email where we have a contact path, describing what happened and steps you can take.

37. CHANGES TO THIS POLICY

  • We may update this Privacy Policy from time to time.
  • The Last Updated date at the top will change.
  • For material changes (for example new categories of data, new advertising practices, or weaker privacy guarantees), we will provide in-app notice and, where appropriate, an additional prompt before continued use.
  • We will not use a policy update to start selling your data.

Commitments that do not change without a clear, user-visible update:

  1. We do not sell your data — never.
  2. 1-to-1 chat, Whisper private chat, end-to-end groups, and private calls remain private-by-design surfaces with end-to-end / peer-to-peer protection and no durable zero-metadata private conversation archive after delivery / expiry.
  3. Where a feature needs more storage, we will keep describing that honestly — and still will not sell the data.

38. CONTACT

Questions about privacy, rights requests, or under-13 notices:

Email: app449377@gmail.com
Subject line examples: Privacy Request — Access / Delete / Export / California / Under 13
Website: https://buzzio.dev


39. PLAIN-LANGUAGE SUMMARY

  • Buzzio is run by the Buzzio Team (unincorporated operator for now). Contact: app449377@gmail.com.
  • Age: 13+ to use the app; wallet 18+.
  • 1-to-1 chat: E2E; relay purged after delivery (3-day safety net); if no undelivered messages remain, we don’t have who you talk to.
  • Whisper private: E2E; deleted after expiry.
  • Whisper Questions: plaintext for the owner; salted IP hash for abuse; 24h / 15d; not sold.
  • E2E groups: E2E messages (5-day relay buckets).
  • Open-history / Community: server-held keys; longer history (~365 days); not sold.
  • Broadcast: 30-day deletion.
  • Calls: P2P media; no durable server call archive.
  • Analytics: Firebase Analytics for product/reliability — not ads.
  • Delete / export / rights: in-app delete or email Privacy Request.
  • California: we do not sell or share for ads.
  • Transfers: Firebase / Cloudflare and similar; SCCs/provider safeguards where required.
  • Everywhere: we do not sell your data, and we never will.

This privacy policy is effective as of July 13, 2026.
© 2026 Buzzio. All rights reserved.

HomePrivacy PolicyTerms & ConditionsProduct overviewHelp

© 2026 Buzzio. All rights reserved.