Privacy by Architecture

Most privacy policies explain what data companies collect and how they use it. Ours is different: we explain why we can't collect your data even if we wanted to. BLIP's architecture makes mass surveillance technically impossible.

We do not collect: user accounts, email addresses, phone numbers, names, profiles, message content, chat history, contact lists, or any form of personal identifier. Your conversations are end-to-end encrypted and never touch our database. We literally cannot read them.

When you use BLIP, our servers briefly process: encrypted message payloads (unreadable ciphertext) and temporary connection metadata (IP addresses for WebSocket routing). This data exists only in volatile memory (RAM) and is never written to disk. Once your session ends, it's gone.

All messages are encrypted on your device using Curve25519 ECDH key exchange and XSalsa20-Poly1305 encryption before transmission. Encryption keys are generated locally in your browser and never sent to our servers. Even under legal compulsion, we cannot provide message content—we don't have it.

BLIP uses minimal local storage for: theme preferences (dark/light mode), language settings, saved room data, and temporary encryption keys during active sessions. We use Google Ads conversion tracking (gtag.js) which may set cookies to measure ad effectiveness. We do not use analytics cookies that track your browsing behavior across sites. Encryption keys are automatically destroyed when you close the browser tab.

BLIP uses Supabase for real-time WebSocket communication (message relay only, no storage). We use Google Ads (gtag.js, ID: AW-874567055) for conversion tracking to measure ad campaign effectiveness. We may display contextual advertisements. Ad providers may use their own cookies subject to their privacy policies. We never share any conversation data with advertisers—because we don't have any.

BLIP is not intended for users under 13 years of age. Since we don't collect personal information, we cannot verify age. If you believe a child is using this service inappropriately, please contact us.

We may update this policy to reflect changes in our practices or for legal compliance. Significant changes will be posted on this page. Since we don't collect email addresses, we cannot send notifications—please check this page periodically. For questions, visit our GitHub repository.

BLIP Community stores encrypted posts in our database. All post content and author names are encrypted client-side using XSalsa20-Poly1305 before storage—the server holds only unreadable ciphertext. Report fingerprints (anonymized hash of connection metadata) are retained to prevent duplicate reports. If you choose to save your community password in your browser, it is stored in localStorage on your device only—never transmitted to our servers. Community data can be permanently deleted by the community administrator at any time.