Privacy Policy for Nulla

Your privacy matters. Protect yourself with a secure VPN.
Sponsored

Effective Date: 2025-12-05

Introduction Nulla ("we," "our," or "us") provides a secure, anonymous messaging service designed to protect your digital privacy above all else. This Privacy Policy outlines our zero-knowledge architecture and explains how your data is handled. By using Nulla, you agree to the terms outlined below.

Our Core Philosophy: You Are Not the Product We do not collect, store, sell, or monetize your personal data. Nulla is a paid service because you are our customer, not our data source.

1. Information We Do NOT Collect

To guarantee your anonymity, Nulla has been architected to operate without needing your personal information. We never ask for, access, or store:

Real Name or Surname

Phone Number (No SMS verification required)

Email Address (Except for support inquiries)

Contact List / Address Book

Device Location (GPS)

Camera or Microphone

Photo Gallery or File Storage

2. Account Security & Recovery Key

A. Anonymous Identity

Your account is identified solely by a randomly generated User ID and the pseudonym (Username) you choose. This username is not linked to any real-world identity markers.

B. The Recovery Key (Zero-Knowledge Storage)

Since we do not use emails or phone numbers, account recovery relies entirely on a Recovery Key.

Generation: When you create an account, a unique Recovery Key is generated on your device.

Storage: We do not store this key in plain text. We apply a one-way cryptographic hash (SHA-256) to the key and store only this "digital fingerprint" on our servers.

Verification: When you recover your account, the key you enter is hashed on your device and compared to the fingerprint on our server.

Result: Even if our servers were compromised, it is mathematically impossible to reverse-engineer your original Recovery Key from the stored hash. If you lose this key, your account is lost forever.

3. Messages and Encryption

A. End-to-End Encryption (E2EE)

Nulla uses state-of-the-art cryptography (X25519 / AES) to secure your communications.

1-on-1 Chats: Messages are encrypted using a shared secret derived from your private key and the recipient's public key. Only the intended recipient can decrypt the message.

Group Chats: Groups use strong symmetric encryption based on the group's unique identifier.

Server Blindness: Our servers (Google Firebase) only transport encrypted data packets. We cannot read, decipher, or view the content of your messages.

B. No-Log Policy & RAM-Only Storage

No Logs: We do not keep logs of who messaged whom or when.

Volatile Memory: The app is configured to disable disk persistence (persistenceEnabled: false). This means your chat history is stored in your device's RAM (Temporary Memory) while the app is running.

Auto-Wipe: When you close the app completely, the cached data in the memory is cleared.

4. Privacy Features

Nulla provides advanced controls for your privacy:

A. Ghost Mode (Hidden Chats)

You can hide specific chats from your main list. These chats remain invisible and do not trigger notifications on the main screen until you manually unhide them via search or settings.

B. Profile Privacy

You have the option to "Hide Profile from Search." When enabled, other users cannot find you even if they search for your exact username, unless you have an existing chat history.

C. Delete for Everyone

You can delete messages or entire chats at any time. This action triggers a permanent deletion command that removes the encrypted data from our servers and the recipient's device immediately.

D. Group Privacy

Group creators have full control over their communities, including the ability to toggle "Public/Private" status, restrict invites, mute members, and ban users permanently.

5. Data Destruction (Digital Suicide)

We provide a "Delete My Account" feature in the profile settings. This is a destructive action that:

Removes your User ID from all groups.

Deletes your cryptographic keys.

Wipes your metadata from our database.

Clears all local data on your device. Once executed, this action is irreversible. Not even a trace of your account remains.

6. Device Permissions

Nulla requests minimal permissions to function:

Internet Access: Required solely to transmit encrypted data packets to our relay servers.

Biometrics (Optional): Used only locally to lock/unlock the app or view your Recovery Key. We never transmit biometric data.

We do NOT request storage permissions. We do not access your files or media.

7. Third-Party Infrastructure

We use Google Firebase solely as a backend infrastructure provider for database synchronization and authentication.

All data stored in Firebase is encrypted or hashed by Nulla before upload.

Google cannot access your plain-text messages or your Recovery Key.

8. Changes to This Policy

We may update our Privacy Policy to reflect new features or security improvements. You are advised to review this page periodically.

9. Contact Us

If you have questions about our security architecture or privacy practices, please contact us at: nulla_app@protonmail.com