PRIVACY_POLICY
Zero Knowledge. Maximum Privacy.
TYOLLO operates on a zero-knowledge architecture where we collect no personal data, store no messages, and have no access to your communications.
DATA_COLLECTION_PROTOCOL
TYOLLO operates on a strict ZERO-COLLECTION principle with no personal data harvesting.
- NO personal identifiers required (email, phone, name)
- NO cloud storage of messages or media files
- NO behavioral tracking or analytics
- NO advertising or marketing data harvesting
- NO location data collection or GPS tracking
- NO contact list access or synchronization
ENCRYPTION_ARCHITECTURE
End-to-end encryption ensures complete message privacy with military-grade cryptographic protocols.
- Ed25519 signatures for message authentication
- X25519 key exchange for secure peer connections
- AES-256-GCM for message content encryption
- ChaCha20-Poly1305 for media file encryption
- Perfect Forward Secrecy with rotating session keys
- Local SQLite database encryption at rest
LOCAL_STORAGE_PROTOCOL
All data remains exclusively on your device with encrypted local storage and no cloud sync.
- Messages stored in encrypted local SQLite database
- Media files encrypted with per-message keys
- Contact information stored locally only
- No cloud synchronization or backup services
- No server-side message relay or storage
- Device storage secured via OS-level protections
NETWORK_COMMUNICATION
Minimal network usage for peer-to-peer messaging with encrypted transport only.
- Direct device-to-device encrypted message delivery
- No central servers storing or processing messages
- Optional relay servers ONLY forward encrypted data
- No logging of IP addresses or connection metadata
- No tracking of message delivery or read status
- Network requests limited to essential message transport
ANONYMITY_PROTECTION
Complete user anonymity by design with mnemonic-based identity and no registration.
- Mnemonic-based identity (no registration required)
- No association with real-world identity
- No phone number or email verification
- Cryptographic public keys as only identifiers
- No username requirements or profile creation
- Self-managed contact discovery via QR codes
THIRD_PARTY_SERVICES
TYOLLO minimizes third-party dependencies with no analytics or tracking services.
- NO analytics services (Google Analytics, etc.)
- NO advertising networks or tracking SDKs
- NO cloud storage providers (AWS, Google Cloud)
- NO crash reporting or telemetry services
- NO social media integration or APIs
- Limited to essential OS-level services only
DATA_RETENTION_POLICY
Zero server-side data retention with no message storage or user metadata logging.
- No message content stored on any servers
- No user metadata or connection logs maintained
- No backup copies or archived conversations
- Optional relay servers retain no message data
- Temporary network packets discarded immediately
- Version check requests (if any) not logged
SECURITY_MEASURES
Defense-in-depth security architecture with comprehensive protection protocols.
- End-to-end encryption for all communications
- Local database encryption with device keychain
- Screenshot protection in sensitive screens
- Secure random number generation for keys
- Memory clearing after cryptographic operations
- Regular security audits of encryption implementation
JURISDICTION_&_COMPLIANCE
Legal framework ensuring GDPR and CCPA compliance through data sovereignty principles.
- GDPR compliant by design (data minimization)
- CCPA compliant (no personal data collection)
- Operates under principle of data sovereignty
- No specific jurisdiction as no data is collected
- Cannot comply with data requests (no data exists)
- Open source code available for verification
USER_RIGHTS_PROTOCOL
ZERO_SERVER_MODEL:
DATA_FLOW:
Device → Encryption → Direct P2P → Recipient Device
SERVER_ACCESS:
Zero visibility into message content or metadata
BREACH_MITIGATION:
COMPROMISE_IMPACT:
Individual device only - no mass data exposure
FORWARD_SECRECY:
Past messages remain secure even after key compromise