Privacy Policy

Last updated: December 10, 2025

Introduction

Welcome to Juztuz. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and protect your data when you use our messaging service.

Juztuz is built with privacy at its core. We use end-to-end encryption (E2EE) to ensure that only you and your recipients can read your messages. We cannot read your messages, and we store minimal metadata about your communications.

1. Information We Collect

1.1 Account Information

  • Phone number: Stored in E.164 format for authentication and also hashed with SHA-256 for additional security lookups.
  • Username and display name: Optional information you provide to personalize your profile.
  • Profile avatar: Optional image uploaded to our secure image hosting service (Cloudinary).
  • Device information: Device IDs and push notification tokens to enable message delivery across your devices.

1.2 Message Metadata

While your message content is end-to-end encrypted and cannot be read by us, we collect limited metadata to provide and improve our service:

  • Message timestamps (when messages are sent and delivered)
  • Read receipts and delivery status
  • Reaction counts (emojis added to messages)
  • Message length (but not content)
  • Conversation participants

Important: This metadata is retained for only 30 days and is automatically deleted thereafter.

1.3 Technical Information

  • IP address: Temporarily collected for security and service delivery purposes.
  • Geolocation: Approximate location based on IP address for analytics (country and city level only).
  • Device type: iOS, Android, or web platform information.
  • User agent: Browser or app version information.

1.4 Payment Information

If you subscribe to Juztuz ($1.99/month), we use Stripe to process payments. We only store:

  • Stripe customer ID
  • Subscription status (active, cancelled, etc.)
  • Subscription start and end dates

We never store your credit card information. All payment data is securely handled by Stripe.

2. How We Use Your Information

We use the information we collect to:

  • Provide our service: Enable you to send and receive encrypted messages.
  • Deliver notifications: Send push notifications when you receive new messages.
  • Process payments: Manage your subscription and billing.
  • Improve our service: Analyze usage patterns to enhance features and performance.
  • Security and abuse prevention: Detect and prevent spam, fraud, and abuse (using metadata only, not message content).
  • Comply with legal obligations: Respond to lawful requests from authorities when required by law.

3. End-to-End Encryption

All messages in Juztuz are encrypted using XSalsa20-Poly1305 encryption before they leave your device. This means:

  • We cannot read your messages: Your encryption keys are stored only on your devices, not on our servers.
  • Messages are encrypted for each device: If you use multiple devices, messages are individually encrypted for each one.
  • Server sees only encrypted data: Our servers only see encrypted message blobs, not the actual content.

Your encryption keys are generated on your device and never transmitted to our servers. If you lose your device, you will lose access to your encrypted message history.

4. Message Retention & Auto-Deletion

Juztuz is designed for ephemeral communication:

  • 24-hour message lifespan: All messages (DMs and room messages) are automatically deleted after 24 hours.
  • 30-day metadata retention: Message metadata is retained for 30 days for analytics and abuse prevention, then automatically deleted.
  • Screenshot protection: Recipients must request permission to take screenshots, and senders are notified when screenshots are taken.

This automatic deletion is enforced by our database and cannot be disabled. Your messages truly disappear.

5. Third-Party Services

We use the following third-party services:

Stripe (Payment Processing)

Handles subscription payments. We share your phone number with Stripe for billing purposes. Read their privacy policy.

Twilio / MessageBird (SMS OTP)

Sends one-time password codes for phone number verification. Your phone number is shared with these services only for authentication purposes.

Cloudinary (Image Hosting)

Hosts profile avatars and image messages. Images are stored securely and accessible only to authorized users.

Expo (Push Notifications)

Delivers push notifications to your devices. We share your device push token with Expo for notification delivery.

IP Geolocation Services

We use ipapi.co and ip-api.com to determine your approximate location (country and city) for analytics purposes.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize us to share your information.
  • Service providers: With third-party services listed above that help us operate our platform.
  • Legal compliance: When required by law, court order, or government request.
  • Safety and security: To protect the rights, property, or safety of Juztuz, our users, or the public.

Note: Because messages are end-to-end encrypted, we cannot provide message content to law enforcement even if legally compelled. We can only provide metadata (timestamps, participants, etc.) when required by law.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct your account information at any time in the app.
  • Deletion: Delete your account and all associated data from our servers.
  • Objection: Object to our processing of your personal data for specific purposes.
  • Portability: Request an export of your data in a machine-readable format.

To exercise these rights, contact us at contact@juztuz.com.

8. Children's Privacy

Juztuz is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at contact@juztuz.com, and we will delete the information.

9. International Data Transfers

Juztuz operates globally. Your information may be stored and processed in the United States or other countries where our service providers operate. By using Juztuz, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

10. Security Measures

We implement industry-standard security measures to protect your data:

  • End-to-end encryption (XSalsa20-Poly1305) for all messages
  • Hashed phone numbers (SHA-256) - never stored in plaintext
  • Encrypted database connections (TLS)
  • Secure password hashing (bcrypt) for OTP codes
  • Regular security audits and updates
  • Screenshot protection and permission system

However, no system is completely secure. We cannot guarantee absolute security of your information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending you a notification. Your continued use of Juztuz after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Privacy Summary

  • End-to-end encrypted messages - We cannot read your messages
  • 24-hour auto-delete - Messages disappear automatically
  • Secure phone storage - Stored with SHA-256 hash backup
  • 30-day metadata retention - Minimal data kept, then deleted
  • Screenshot protection - Permission-based with notifications
  • No ads or tracking - Your privacy is our priority
  • Transparent third-party use - Only essential services