Privacy Policy

1. Legal Framework & Regulatory Status

HushHush operates under the laws of the United Kingdom, including the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

Not a "User-to-User" Service
Under the Online Safety Act 2023, HushHush is classified as a local cryptographic utility, not a regulated communication service.

• No Transmission: The app does not provide the means to generate or encounter content over the internet.
• Offline Functionality: HushHush operates as an offline safe-deposit box for data.
• Third-Party Delivery: Users choose their own external channels (e.g., email or physical media) to move encrypted data. Consequently, the app does not fall under duties for content scanning or children's access assessments.

2. Zero-Data Collection

In accordance with the principle of data minimisation, we do not act as a "Data Controller" for your message content:

• No Accounts: We do not require or store names, emails, phone numbers, or IP addresses.
• Local Storage: All messages and keys live exclusively on your device; there is no central server to subpoena or hack.
• No Metadata: We have no record of who you communicate with or when.

3. OS Interaction & Transparency

To ensure complete transparency regarding how HushHush interacts with your mobile or desktop operating system, please note the following mechanics:

A. Clipboard Access
Because HushHush relies on copying and pasting encrypted text (ciphertext) to communicate, it utilizes the native clipboard.

• Manual Only: Clipboard access is strictly manual. We only read your clipboard when you explicitly press the "Paste" button.
• No Monitoring: We do not monitor your clipboard in the background, nor do we store its contents outside of your local encrypted vault.

B. OS Share Sheet Integration
When you use the "Share" button to export ciphertext to another app, HushHush hands fully encrypted data over to the native operating system.

• Encryption First: Data is encrypted through four independent layers before it leaves the app environment.
• No External Control: HushHush does not control or track the external applications you choose to share this ciphertext with.

C. Secure Storage & Hardware Protection
Critical key material is protected using your device’s native hardware-backed security.

• Hardware Keystore: We utilize the device's Secure Enclave (iOS/macOS) or hardware-backed Keystore (Android) to ensure keys cannot be extracted even if the device's file system is compromised.

4. Plausible Deniability (Duress Mode)

HushHush includes a sophisticated Duress Password system for users in high-risk environments.

• Decoy Vault: If you configure a Duress Password, the app creates a decoy environment populated with synthetic conversations.
• Local Generation: These fake conversations are generated entirely locally on your device from a built-in static library. No network requests or external AI services are used to generate this decoy data.
• Wipe Mode: Alternatively, a Duress Password can be set to cryptographically destroy the real vault by overwriting the hardware pepper, making the data permanently irrecoverable.

5. Encryption Standards

We employ a "Defense in Depth" strategy using published, peer-reviewed algorithms:

• 4-Layer Chain: AES-256-GCM, XChaCha20-Poly1305, XSalsa20-Poly1305, and AES-256-CBC + HMAC-SHA-256.
• Ultra Mode: Adds post-quantum protection via ML-KEM-1024 (NIST FIPS 203).

6. No Backdoors

There is no "forgot password" or recovery feature. If you lose your master password, your data is permanently inaccessible. We architecturally cannot comply with data requests from any authority because we possess no user data.

For questions regarding this policy or your privacy rights under the UK GDPR, you may contact the UK Information Commission.