Privacy Policy
zukka is built so that we hold as little about you as technically possible. This page lists, precisely, what we do not collect, the little we do hold, how long we hold it, and what we are unable to see under any circumstances.
1. What we never collect
- No phone number and no email address. Registration asks for a nickname, a master password and an encryption phrase — nothing else. We have no way to contact you and nothing that links your account to your real-world identity.
- No address book access. We never read, upload or match your device contacts. Connections are made only through invite codes.
- No advertising, no tracking, no analytics — in the app and on this website. We load no third-party scripts, use no tracking pixels, and sell no data. There is nothing readable to sell.
- No message content, ever, in readable form. See section 3.
2. The little we do hold
Account record
- Your nickname (used only for login; it is not searchable and is shown only to people you have invited);
- a hash of your master password (we never see the password itself);
- one half of the hash derived from your encryption phrase (the other half exists only on your device — neither half alone can decrypt anything);
- account creation date and a two-letter country code.
Session records
- Per signed-in device: device model, OS version, login timestamps, a country code, and the connection IP address.
- Raw IP addresses are automatically and permanently deleted after 30 days. Only the country code remains. This is enforced by an automated daily job — we cannot produce what we no longer keep.
Content — stored, but unreadable to us
Your messages, files and contact details (names you give contacts, photos, settings) are stored on our servers only as ciphertext. The keys derive from your encryption phrase and per-conversation keys sealed under it; the complete key never exists on our side. A leak of our database would reveal neither your keys nor your content. We cannot read it, and therefore cannot moderate it, hand it over, or recover it if you lose your phrase.
3. This website
- One functional cookie (
zk_locale) remembers your language choice. No consent banner is needed because it tracks nothing. - Fonts and all assets are served from our own servers — your visit triggers no third-party request.
- Language suggestion uses your browser's language header and, as a fallback, a country lookup of your IP against a database on our own server — no third-party geolocation service is ever contacted.
- Our web servers keep standard, short-lived technical logs for security and operations.
4. Retention and deletion
- Messages remain stored (encrypted) until you or your contacts delete them, or until auto-clear timers you configure remove them.
- Deleting your account removes your account record, sessions, contacts, invites and messages.
- Losing your encryption phrase makes your stored data permanently undecryptable — there is no recovery, by design.
- Raw login IPs: deleted after 30 days (see above).
5. Disclosure to authorities
We respond only to valid legal process served on Smartago LLC, as described in our Legal Process Guidelines. What can exist to be disclosed is limited to the items in section 2. Our policy is to notify the affected user before disclosure unless we are legally prohibited from doing so, and to provide delayed notice once such a prohibition lapses. We publish a biannual Transparency Report.
6. Your rights
You can access and delete everything we hold about you directly from the app (your data is listed in section 2 — there is nothing else). Users in the EU/EEA and similar jurisdictions may additionally exercise statutory rights (access, rectification, erasure) by writing to legal@zukka.app. Note that we cannot identify an account from a name, email or phone number — we do not have them; you must contact us from within the context of your account or provide your nickname.
7. Age
zukka is intended for users who are at least 18 years old or the age of majority in their jurisdiction.
8. Changes
If this policy changes, the new version will appear at this address with an updated date. We will never weaken the core commitments above (no phone/email, no ads or tracking, content stored only as ciphertext) silently.