zukka
Private messenger · No phone number

The messenger that keeps nothing on your phone.

No phone number. No email. No message history saved on your device. You connect through disposable invites — and your conversations are unlocked by a phrase only you know.

Get zukka for Android See how it works

Free of ads, tracking and analytics — including this website.

Think about it simply

If it's saved on your phone, it can be found.

"What matters isn't how my messages travel. It's what someone holding my phone will find inside it." — the question zukka was built around

Most messengers protect your messages in transit — then quietly store the whole history on your device. zukka takes the opposite path: your phone holds no message history at all. Conversations stay encrypted on the server and are decrypted locally, on your screen, only while you read them. Close the app and your phone goes back to holding nothing.

A stateless phone

Messages, photos and files are never written to your phone's storage. They arrive encrypted, appear on screen, and leave nothing behind. Lose the phone, change the phone, hand the phone over — your history isn't in it.

A key split in two

Your encryption phrase produces a key that is split in half: one half lives on the server, the other on your device. Neither half works alone. Only you — typing your phrase — can complete it.

Remote kill

If a device is out of your hands, the server's half of the key can be destroyed. Whatever remains on the device can never be decrypted again — on that phone or any other.

A traveler calmly holds a phone with an empty dark screen at a night border checkpoint
"Open it." — Sure. There is nothing in it to find.

Built for the worst day

"You'll end up giving them the codes."
We know. So give them a code.

Under enough pressure, everyone talks — pretending otherwise would be dishonest. zukka is designed around that reality instead of against it.

More than one account

Different PINs open different accounts on the same app. Hand over the PIN of the everyday account — you "cooperated", and the conversation ends there.

No telltale to look for

Apps famous for "hidden compartments" have a fatal flaw: everyone knows to ask for the hidden part. zukka has no account limit — so there is no way to know whether someone has one account or five. Nothing signals that more exist.

Panic password

A separate password that, when used at login, destroys the data. You set it up deliberately, in advance. Once triggered, there is no undo — and we say that plainly.

A calm person willingly hands their unlocked phone, showing an ordinary chat screen, to an imposing silhouette
Here you go. You cooperated. They saw an account. The story ends there.

For the people who just want quiet

When zukka beeps, it's one of yours.

Many people shut their messengers because of the noise — scam calls, spam groups, strangers. On zukka there is no phone number to leak and no directory to be found in. The only people who can reach you are the ones you handed an invite to. So every notification means something.

Zero spam surface

Spammers work by dialing numbers and scraping directories. zukka has neither. No invite from you, no way to reach you. Your family's chats stay between your family.

A sound for every person

Give each contact their own notification and ring sound. When the important one calls at 3am, you know before you look — and when it's not that sound, you can keep sleeping.

Clean by default

Photos carry GPS positions; documents carry author names and dates. zukka strips this hidden metadata before anything is encrypted and sent — so you never share more than you meant to.

A person sleeps peacefully while a phone on the nightstand glows with a single soft cyan notification
If it beeps at 3am, it matters. Otherwise — sleep.

Disposable invites

A door you can change — without losing the people already inside.

On zukka you don't share a phone number. You create an invite — a disposable code — and hand it to a person, or even publish it on your website or bio. Anyone who activates it becomes a contact.

Here is the part that changes everything: the invite is only the door, not the relationship. Revoke or replace it whenever you like — everyone who already connected keeps talking to you, completely unaffected. Only new strangers are locked out.

  • Spammers found your public invite? Rotate the code. They're out. Every existing conversation continues as if nothing happened.
  • Try that with a phone number or email: changing it cuts off everyone you know. With zukka, it cuts off only the future strangers.
  • Need to cut one specific person? Delete that contact. One thread, surgically removed. Nothing else moves.
2605‑1142‑0937‑5114 2612‑0614‑3022‑4817
Invites can carry limits — how many people may use them and for how long — so a public invite stays exactly as open as you want it to be.

How it works

Four steps. No phone number anywhere.

1

Create your identity

Pick a nickname, a master password and an encryption phrase. The nickname is not searchable — nobody can look you up. No phone, no email, no SMS code.

2

Create an invite

A disposable code, made in seconds. For one person, for a group, or a public one for anyone you choose to let in.

3

Hand it over

Show it as a QR face-to-face, send it, or publish it. Whoever activates it becomes a contact — and only those people can ever reach you.

4

Talk freely

Messages, voice and video calls — encrypted with a separate key per conversation. Rotate or revoke invites anytime; existing contacts are never affected.

For advanced users

Decide how much you have to trust us.

"Just trust us" is a weak security argument — so zukka is engineered to need less and less of it. These are the levels of control, from our blind storage all the way to hardware you own. We label each one honestly: what's live, what's in development, what's planned.

Live now

Blind storage

The default. Your conversations sit on our server as ciphertext we hold no keys to — a database leak would reveal neither keys nor messages. Your phone stays empty; our server stays blind.

Arriving at launch

Master mode

For those who don't want their data — even encrypted — living with us. A second device you own, kept somewhere safe, becomes the vault that holds everything: contacts, messages, files. Our server stores nothing at all — it becomes a blind courier. Your everyday phone asks; we relay the request to your master; your master answers; we pass it back. Every byte lives on hardware that's yours.

Planned

Self-hosted network

The final step: remove us from the picture entirely. A ready-made package that runs the whole zukka backend on your own server, for your own closed circle. Fully autonomous — it works even if zukka the company disappears. The trade-off: it connects only your own group.

A smartphone rests in a private vault room, connected by a thin cyan thread of light to a distant phone in the night city
Master mode: every byte lives on hardware that's yours — we only carry the light between.
For organizations and government security agencies, custom deployments are part of the longer-term roadmap — engineered case by case, at the cost serious infrastructure implies.

Straight answers

What we won't promise you.

If you're considering zukka, you deserve precision, not marketing. These are the limits, stated plainly.

We don't promise you are "safe" against anyone. No app can guarantee outcomes against a determined adversary. What we can tell you is the mechanism: your phone stores no message history, and the key that protects your data is never complete in any one place.
If you lose your phrase, your data is gone. Forever. There is no recovery, no reset email, no support ticket that can bring it back. That isn't a flaw — it's the price of nobody else being able to open it either.
What the server holds: ciphertext. Messages are stored encrypted with keys the server doesn't keep. A leak of the database would reveal neither your keys nor your messages.
No ads. No tracking. No analytics. Not in the app, and not on this website. We don't load third-party scripts, we don't use tracking pixels, and your visit here is not measured by anyone.

Questions & answers

Everything, explained properly.

Direct answers with real examples. If your question isn't here yet, it will be — this page grows.

What exactly is zukka?

zukka is a private messenger for Android built around one idea: your phone should hold nothing worth finding. There is no phone number and no email at sign-up — you create a nickname, a master password and an encryption phrase. Messages live encrypted on the server and are decrypted only on your screen, while you read them. You connect with people through disposable invite codes instead of a contact directory.

Do I need a phone number or email to use it?

No — neither. Registration asks for a nickname, a master password and an encryption phrase. Nothing else. The nickname is used only to log in and is shown only to people you've invited; it is not searchable, so nobody can find you by guessing it. There is no SMS verification, which also means there is no phone number anywhere to leak, sell or subpoena.

What is an invite, and what happens if I delete one?

An invite is a disposable code like 2612-0614-3022-4817. You hand it to someone (or publish it); when they activate it, you become contacts.

The crucial part: the invite is only the entry door, not the relationship. Deleting or revoking an invite never affects the people who already joined through it — their conversations with you continue exactly as before. Revoking only stops new people from using the code. Example: you give one invite to ten colleagues; later you revoke it. All ten keep chatting with you. The eleventh person who finds the old code gets nothing.

Can I post an invite publicly — on my website or social bio?

Yes — that's a core use case. Publish a public invite where people can find you: your site, your bio, a flyer. Anyone interested activates it and reaches you directly.

When spammers eventually discover it, you simply rotate the code: revoke the old invite and publish a fresh one. Every real contact you made keeps talking to you, and the spammers are locked out instantly. Compare that with a phone number: to escape spam you'd have to change it — and lose everyone. Invites can also carry limits (how many activations, until when), so a public door is only as open as you choose.

What is actually stored on my phone?

No message history, no photo or file archive, no readable contact list. Your conversations are stored encrypted on the server and decrypted locally, on screen, only while you view them. The device keeps just what's needed to log in — including one half of the split encryption key, which is useless by itself.

Practical consequence: if your phone is lost, stolen or taken, your message history simply isn't in it. And the half-key it holds cannot decrypt anything without the other half and your phrase.

What happens if my phone is seized or I lose it?

Three layers work for you. First, there is no stored history on the device to read. Second, the encryption key is split — the half on the phone cannot decrypt anything alone. Third, remote kill: the server's half of the key can be destroyed, after which nothing tied to that account can ever be decrypted again, on any device.

We choose our words carefully here: we describe mechanisms, not guarantees. No app can promise what a determined adversary with unlimited resources may achieve. What zukka ensures is that your phone holds as close to nothing as we can engineer.

What if someone forces me to unlock the app?

zukka assumes that under real pressure, people give up codes — so it's built for that. You can run multiple accounts behind different PINs on the same app. Under pressure, you give the PIN of an unremarkable account: you cooperated, they saw an account, the story ends.

Why is this better than "hidden folders"? Because hidden-folder apps betray themselves: once such an app is known, everyone knows to demand the hidden part. zukka has no account limit, so there is no way to tell whether a person has one account or several — nothing to demand, because nothing indicates more exist.

There is also a panic password: a separate password you configure in advance which, when entered at login, destroys the data. It has no undo — we state that clearly when you set it up.

Can zukka — the company — read my messages?

The server's job is to store and route ciphertext — encrypted blobs it has no keys to open. Message content is encrypted with per-conversation keys that are themselves stored wrapped under your phrase-derived key, which only you can compute. A leak of our database would reveal neither your keys nor your messages.

We hold ourselves to honest claims: we won't dramatize, and we publish what the design does and doesn't protect. What we never do is store your conversations in readable form, log message content, run ads, or sell data — there is nothing readable to sell.

What if I forget my master password or my encryption phrase?

Your data is gone. There is no recovery. No reset email (we don't have your email), no security questions, no support backdoor. The phrase is the only thing that can complete the key protecting your conversations — and we never see it.

We say this loudly on purpose: any service that can "recover" your encrypted data can also open it without you. The absence of recovery is what your privacy costs. Write your phrase somewhere only you control.

How is zukka different from Signal, Telegram or WhatsApp?

Signal is excellent at encrypting messages in transit — but it requires your phone number, and it stores your message history on your device. WhatsApp likewise requires a number and keeps local history, and it lives inside an advertising company. Telegram requires a number and doesn't even encrypt chats end-to-end by default.

zukka's difference is the focus: it is designed for the moment the device itself falls into the wrong hands. No phone number to identify you, no local history to extract, a split key that's never whole in one place, multi-account plausible deniability and a panic password. If your threat is "someone reads my traffic", several apps do well. If your threat includes "someone takes my phone", that is what zukka is built for.

Who is zukka for? Give me concrete examples.

The traveler: crossing borders where phones get inspected. There is no message history on the device to scroll through.

The journalist and the source: each source enters through their own invite. Cancel one invite or contact and only that thread disappears — no address book ever links them together.

The family that wants quiet: parents and kids connected only to each other. No number means no scam calls, no "you won a prize" messages, ever. Each family member gets their own notification sound, so you know who needs you without looking.

The professional with a public face: publish a public invite as your "line" — clients reach you directly. When spam starts, rotate the code: clients stay, spam dies.

Anyone whose work pressures their privacy: a separate account behind a separate PIN keeps the sensitive line invisible inside the everyday one.

Does zukka support voice and video calls? Groups?

Yes — encrypted one-to-one voice and video calls, plus groups (up to 20 members) created the same way everything happens on zukka: through invites. Messages support photos, videos, files, voice notes and locations; photos and documents are stripped of hidden metadata (GPS, author, timestamps) before they're encrypted and sent.

Is there an iPhone version?

zukka is launching on Android first — both on Google Play and as a direct APK download from this site, with a published checksum so you can verify what you install. An iOS version is on the roadmap after the Android launch settles.

I don't trust zukka's server at all. What are my options?

That instinct is exactly who zukka is built for — and we're engineering it so you need to trust us less and less.

Today (live): our server stores only ciphertext it has no keys to open. A database leak would reveal neither your keys nor your messages.

At launch — Master mode (the "Master (advanced)" account type in the app): you run two devices. One — the master — stays somewhere safe with a good connection and holds all your data: contacts, messages, files. Your everyday phone holds nothing, as always. And our server? It stores nothing at all — it becomes a blind courier. When your everyday phone needs something, the request is relayed to your master; the master answers from its own storage; the answer is relayed back. Your data — even in encrypted form — never lives on our infrastructure. (A direct device-to-device link is theoretically possible if you can set it up, but today's networks make that hard — that's what the relay solves.)

Planned — Self-hosted: a ready-made package that runs the entire zukka backend on your own server, for a fully autonomous closed network — zukka the company is no longer part of the picture. The trade-off: it connects only your own circle.

For organizations and government security agencies, custom deployments are on the longer-term roadmap.

Why should I trust this page? You could be lying.

Healthy instinct — keep it. We try to earn trust the only way that works: by claiming less, precisely. Notice what this site does not say: it never promises you are "untouchable", "invisible" or "safe at any checkpoint". It explains mechanisms — what is stored where, what each half of a key can and cannot do, what is unrecoverable and why. Where there is a limit, we state it (see What we won't promise you). Bold claims are cheap; precise ones can be checked.

Get zukka for Android

Direct APK from this page with a published SHA-256 checksum — so you can verify exactly what you install. Also coming to Google Play.

Final testing — releasing shortly

When released, this section will show: version · APK size · SHA-256 fingerprint