Privacy Policy

1. Server Infrastructure

Walubee operates a central relay server that facilitates real-time communication between users. The server routes encrypted messages and relays public keys, but never has access to the content of your messages — all messages are end-to-end encrypted before they leave your device.

2. End-to-End Encryption

All private messages and files within walubee are protected by end-to-end encryption:

• Message Encryption: Messages are encrypted using AES-256-GCM with keys derived via ECDH key exchange. Only the intended recipient can decrypt them.
• Digital Signatures: Every message is signed with your RSA key, ensuring the sender's identity is verifiable.
• Server-Blind: The relay server only sees encrypted ciphertext and routing metadata — it cannot read message content.

3. Data Collection

We collect as little data as possible:

• We do not require an account with an email address or password.
• We do not track your IP address or physical location under normal operation.
• We do not use tracking cookies or third-party analytics scripts that profile your behavior.

Exception — Reporting: When a user is reported by another user for potential policy or legal violations, we generate an encrypted string that contains the reported user's IP address. The raw IP address itself is never stored on our server — only this encrypted string. It may be decrypted to reveal the IP address and disclosed to law enforcement authorities if legally required (e.g., by court order). See Section 7 for details.

4. Server-Side Data

The following data is held in the server's memory only while you are online and deleted immediately when you disconnect:

• Public Keys: Your RSA signing public key and ECDH encryption public key (required for other users to send you encrypted messages).
• Discovery Profile: Your display name and hashtags (optional, shown to other online users).
• Connection State: Your socket connection ID for routing messages.

No message content, chat history, or personal data is stored on the server. Offline messages are buffered temporarily (up to 24 hours) in encrypted form and automatically purged upon delivery.

Push Notification Data

If you enable push notifications, your browser's push subscription (an endpoint URL and cryptographic keys required by the push service) is stored on our server. This data is necessary to deliver notifications when you are offline. It is automatically deleted after 30 days of inactivity — each time you come online, the retention period is reset. You can disable push notifications at any time in Settings, which immediately removes the stored subscription.

Push notifications only contain the information that a new message is waiting. They never include message content, as all messages remain end-to-end encrypted.

5. Local Storage

Any data required for the app to function (such as your encryption keys, chat history, or settings) is stored exclusively on your own device using IndexedDB. You have full control over this data and can clear it at any time through your browser settings.

6. Third-Party Services

The application may display advertisements provided by third-party ad networks. These services may collect data according to their own privacy policies. We encourage you to review the policies of any external services you interact with through the app. The core messaging functionality is not affected by these services.

7. Reporting & Limited Privacy Exception

walubee provides a reporting feature that allows users to flag others for potential violations of our Community Guidelines or applicable law. When a report is submitted, a limited exception to our usual privacy protections applies:

• Encrypted IP Token: Upon a report, the server generates an encrypted string (token) that contains the reported user's IP address. The raw IP address is never stored. We do not generate or store such tokens for users who have not been reported.
• Decryption & Disclosure: Encrypted tokens can only be decrypted by authorized server operators. We may decrypt a token to reveal the IP address and disclose it to law enforcement.

This exception exists solely to address serious misconduct and legal obligations. It does not affect the end-to-end encryption of your messages — message content remains inaccessible to us at all times.