Policy

Privacy Policy

Last updated: October 20, 2025

Fzztvlz is built around private, end-to-end encrypted messaging. This page explains what information we need to operate the service, how we protect it, and what options you have to control your data. This policy supplements our Terms of Service and applies to every product surface where encrypted DMs are available.

What We Encrypt

  • Direct messages, attachments, reactions, and typing indicators are encrypted end-to-end using the Signal Protocol before they reach our servers.
  • Attachment blobs live in Firebase Storage with AES-256-GCM encrypted keys; only participants’ devices can unwrap them.
  • We do not keep copies of your plaintext conversations or encryption keys on Fzztvlz infrastructure.

Metadata We Retain

  • Thread routing data: thread IDs, participant UIDs, unread counts, delivery/read timestamps, and attachment sizes so the service can sync across devices.
  • Device trust data: device IDs, platform info, identity key fingerprints, remaining pre-key counts, and whether a device has been verified or revoked.
  • Safety-number verification records: a hashed representation of the confirmed safety number, verification method, and timestamps so we can warn you if the fingerprints ever change.
  • Abuse-prevention signals: rate-limit counters, block lists, trust & safety audit trails, and moderator actions (never message content).
  • Operational telemetry: anonymized performance metrics and crash reports (via Sentry) that include stack traces, request IDs, and browser metadata but exclude message bodies.

How We Use Metadata

  • Route encrypted envelopes to the correct recipients and recover from transient delivery failures.
  • Warn both participants if a new device joins the thread or if safety numbers drift, helping you detect potential man-in-the-middle attempts.
  • Detect spam, fraud, and coordinated abuse while keeping the underlying conversation encrypted.
  • Meet legal requirements (GDPR, CCPA, lawful intercept orders) without weakening end-to-end encryption.

Your Choices & Controls

  • Use the in-app safety-number prompt to compare digits with your contact. Verified hashes are stored locally and can be cleared at any time by re-registering your device.
  • Download or delete your broader account data by emailing support@fzztvlz.com from the address on file. We will invalidate device keys and purge associated metadata within 30 days.
  • Block or report abusive accounts directly from any thread; doing so removes local message copies and revokes their ability to contact you.

Questions?

Email support@fzztvlz.com if you have privacy-related questions or would like to submit a data subject request. We respond to verified users within 10 business days.