Last updated: February 2026
BLIP is designed to know nothing about you. This isn't just a policy—it's how we built the system. What we can't collect, we can't leak.
Most privacy policies explain what data companies collect and how they use it. Ours is different: we explain why we can't collect your data even if we wanted to. BLIP's architecture makes mass surveillance technically impossible.
We do not collect: user accounts, email addresses, phone numbers, names, profiles, message content, chat history, contact lists, or any form of personal identifier. Your conversations are end-to-end encrypted and never touch our database. We literally cannot read them.
When you use BLIP, our servers briefly process: encrypted message payloads (unreadable ciphertext) and temporary connection metadata (IP addresses for WebSocket routing). This data exists only in volatile memory (RAM) and is never written to disk. Once your session ends, it's gone.
All messages are encrypted on your device using Curve25519 ECDH key exchange and XSalsa20-Poly1305 encryption before transmission. Encryption keys are generated locally in your browser and never sent to our servers. Even under legal compulsion, we cannot provide message content—we don't have it.
BLIP uses minimal local storage for: theme preferences (dark/light mode), language settings, and temporary encryption keys during active sessions. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies. Encryption keys are automatically destroyed when you close the browser tab.
BLIP uses Supabase for real-time WebSocket communication (message relay only, no storage). We may display contextual advertisements. Ad providers may use their own cookies subject to their privacy policies. We never share any conversation data with advertisers—because we don't have any.
BLIP is not intended for users under 13 years of age. Since we don't collect personal information, we cannot verify age. If you believe a child is using this service inappropriately, please contact us.
We may update this policy to reflect changes in our practices or for legal compliance. Significant changes will be posted on this page. Since we don't collect email addresses, we cannot send notifications—please check this page periodically. For questions, visit our GitHub repository.