Privacy Policy

Last updated: June 2026

🛡️ Privacy Summary: HushHush is an encrypted messaging vault designed for maximum privacy through a "Zero-Knowledge" architecture. By design, we cannot see, store, or intercept your data.

1. Project Status & Legal Framework

HushHush is currently an independent personal project, not a registered company. It is intended to be based in the EEA and operates internationally. We apply the principles of the EU General Data Protection Regulation (EU GDPR) as our baseline for data protection, and we comply with applicable laws in the jurisdictions where we operate.

Nature of the Application
HushHush is a local cryptographic utility, not a communication service. It does not operate servers, process your message content, or act as an intermediary between users.

  • Encryption First: All message content is encrypted on-device before it leaves the app. HushHush never transmits, stores, or has access to unencrypted content.
  • Third-Party Delivery: By default, users choose their own external channels (e.g., clipboard, share sheet) to move encrypted ciphertext. HushHush has no involvement in or visibility over that delivery.
  • Optional Automation: Users may optionally link a third-party messaging service (currently Telegram or Matrix, with additional channels such as email coming soon) as an automated delivery channel. HushHush routes already-encrypted ciphertext through the user's own account on that service and does not operate any relay servers. Each service's own privacy policy governs the transport layer.

2. Zero-Data Collection

In accordance with the principle of data minimisation, we do not act as a "Data Controller" for your message content:

  • No Accounts: We do not require or store names, emails, phone numbers, or IP addresses.
  • Local Storage: All messages and keys live exclusively on your device; there is no central server to subpoena or hack.
  • No Metadata: We have no record of who you communicate with or when.

3. OS Interaction & Transparency

To ensure complete transparency regarding how HushHush interacts with your mobile or desktop operating system, please note the following mechanics:

A. Clipboard Access
Because HushHush relies on copying and pasting encrypted text (ciphertext) to communicate, it utilizes the native clipboard.

  • Manual Only: Clipboard access is strictly manual. We only read your clipboard when you explicitly press the "Paste" button.
  • No Monitoring: We do not monitor your clipboard in the background, nor do we store its contents outside of your local encrypted vault.

B. OS Share Sheet Integration
When you use the "Share" button to export ciphertext to another app, HushHush hands fully encrypted data over to the native operating system.

  • Encryption First: Data is encrypted through four independent layers before it leaves the app environment.
  • No External Control: HushHush does not control or track the external applications you choose to share this ciphertext with.

C. Secure Storage & Hardware Protection
Critical key material is protected using your device’s native hardware-backed security.

  • Hardware Keystore: We utilize the device’s Secure Enclave (iOS/macOS) or hardware-backed Keystore (Android) to ensure keys cannot be extracted even if the device’s file system is compromised.

D. Automation Channels (Optional)
Users may optionally link a third-party messaging service as an automated delivery channel. Currently supported: Telegram and Matrix. Additional channels (including email) are coming soon. When any automation is active:

  • Always Encrypted First: Messages are encrypted through all cryptographic layers on-device before being handed to the automation channel. The channel carries ciphertext only — it never has access to your plaintext.
  • Your Account, Your Transport: HushHush uses your own account on the chosen service as the delivery channel. We do not operate relay servers. Your authentication credentials for that service are stored locally on your device using the same hardware-protected storage described above.
  • Offline Queuing: If your device has no internet connection when you send a message, the encrypted ciphertext is queued locally and delivered automatically when connectivity is restored. No data is ever sent to HushHush’s infrastructure.
  • Network Status: When automation is enabled, the app monitors your device’s network connectivity solely to show you accurate delivery status. This check is entirely local; no data is transmitted for this purpose.
  • Third-Party Policy: The transport of your already-encrypted ciphertext via any linked service is subject to that service’s own privacy policy. HushHush has no visibility into or control over third-party infrastructure.

4. Plausible Deniability (Duress Mode)

HushHush includes a sophisticated Duress Password system for users in high-risk environments.

  • Decoy Vault: If you configure a Duress Password, the app creates a decoy environment populated with synthetic conversations.
  • Local Generation: These fake conversations are generated entirely locally on your device from a built-in static library. No network requests or external AI services are used to generate this decoy data.
  • Wipe Mode: Alternatively, a Duress Password can be set to cryptographically destroy the real vault by overwriting the hardware pepper, making the data permanently irrecoverable.

5. Encryption Standards

We employ a "Defense in Depth" strategy using published, peer-reviewed algorithms:

  • 4-Layer Chain: AES-256-GCM, XChaCha20-Poly1305, XSalsa20-Poly1305, and AES-256-CBC + HMAC-SHA-256.
  • Ultra Mode: Adds post-quantum protection via ML-KEM-1024 (NIST FIPS 203).

6. No Backdoors

There is no "forgot password" or recovery feature. If you lose your master password, your data is permanently inaccessible. We architecturally cannot comply with data requests from any authority because we possess no user data.

For questions regarding this policy or your data protection rights, contact us at support@thehushhush.com. EU/EEA residents may also contact their national data protection authority.