Privacy Policy

The Zero Approach

Unlike traditional messaging apps, Zero operates as a pure relay system. Messages pass through our servers and are immediately deleted upon delivery. We have implemented technical measures that make it impossible for us to:

• 🚫
  Read your messages All messages are end-to-end encrypted with post-quantum cryptography (Kyber + X25519). We do not have the keys.
• 🚫
  Store your messages Messages are relayed and instantly deleted. Zero server-side storage means zero data to breach.
• 🚫
  See who messages whom Sealed sender technology encrypts metadata. We cannot see sender/recipient relationships.
• 🚫
  Access your contacts Your contact list never leaves your device. We don't upload or process your address book.
• 🚫
  Track your location We do not request, collect, or store any location data whatsoever.
• 🚫
  Collect analytics or telemetry No usage tracking, no behavior analysis, no third-party analytics. None.

What We Do NOT Collect

To be absolutely clear, Zero does not collect:

• Message content (text, images, files, voice messages)
• Message metadata (who messaged whom, when, how often)
• Contact lists or address books
• Location data or IP addresses
• Device identifiers or advertising IDs
• Usage patterns or analytics
• Biometric data
• Any personal information

Encryption Technology

Zero uses state-of-the-art post-quantum encryption:

• Kyber (ML-KEM) — NIST-approved post-quantum key encapsulation
• X25519 — Elliptic curve Diffie-Hellman key exchange
• AES-256-GCM — Symmetric encryption for message content
• HMAC-SHA256 — Message authentication
• Sealed Sender — Encrypted metadata protection

Your encryption keys are generated on your device and never leave it. We cannot decrypt your messages even if compelled to do so — we simply don't have the capability.

Local Data Storage

All your data is stored locally on your device:

• Messages are stored in an encrypted database on your device
• Encryption keys are stored in your device's secure enclave (iOS) or Keystore (Android)
• Backups, if enabled, are encrypted with AES-256 and stored locally
• You have full control to delete all local data at any time

Account Information

Zero accounts are pseudonymous:

• No phone number required
• No email verification required
• You are identified only by a randomly generated ID
• We cannot link your Zero account to your real identity

Third Parties

We do not share any data with third parties because we have no data to share. We do not use:

• Third-party analytics (no Google Analytics, no Mixpanel, nothing)
• Advertising networks
• Data brokers
• Social media trackers

Law Enforcement

In the event of a legal request:

• We cannot provide message content — we don't have it
• We cannot provide message metadata — we don't store it
• We cannot identify who messaged whom — sealed sender prevents this
• We can only confirm whether a randomly generated user ID exists

Our zero-knowledge architecture means we are technically unable to comply with requests for user data, because that data does not exist on our systems.

Data Breaches

Because we store no user data, a breach of our servers would expose nothing. There are no messages to leak, no metadata to expose, and no user information to steal. This is privacy by design.

Children's Privacy

Zero is not intended for users under 13 years of age. We do not knowingly collect any information from children. Since we collect no information from any users, this is inherently enforced.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Our core commitment to zero data collection will never change.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: support@zeromessenger.org