Privacy Policy

Last updated: January 1, 2026

Introduction

Welcome to Juztuz. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and protect your data when you use our messaging service.

Juztuz is built with privacy at its core. We use end-to-end encryption (E2EE) to ensure that only you and your recipients can read your messages. We cannot read your messages, and we store minimal metadata about your communications.

1. Information We Collect

1.1 Account Information

  • Phone number: Stored in E.164 format for authentication and also hashed with SHA-256 for additional security lookups.
  • Username: Required identifier you choose to personalize your profile.
  • Display name: Optional name you can provide to personalize your profile.
  • Profile avatar: Optional image uploaded to our secure image hosting service (Cloudinary).
  • Device information: Device IDs and push notification tokens to enable message delivery across your devices.

1.2 Message Metadata

While your message content is end-to-end encrypted and cannot be read by us, we collect limited metadata to provide and improve our service:

  • Message timestamps (when messages are sent and delivered)
  • Read receipts and delivery status
  • Reaction counts (emojis added to messages)
  • Message length (but not content)
  • Conversation participants

Important: This metadata is retained for only 30 days and is automatically deleted thereafter.

1.3 Technical Information

  • IP address: Temporarily collected for security and service delivery purposes.
  • Geolocation: Approximate location based on IP address for analytics (country and city level only).
  • Device type: iOS, Android, or web platform information.
  • User agent: Browser or app version information.

1.4 Payment Information

If you subscribe to Juztuz ($1.99/month), we use Stripe to process payments. We only store:

  • Stripe customer ID
  • Subscription status (active, cancelled, etc.)
  • Subscription start and end dates

We never store your credit card information. All payment data is securely handled by Stripe.

2. How We Use Your Information

We use the information we collect to:

  • Provide our service: Enable you to send and receive encrypted messages.
  • Deliver notifications: Send push notifications when you receive new messages.
  • Process payments: Manage your subscription and billing.
  • Improve our service: Analyze usage patterns to enhance features and performance.
  • Security and abuse prevention: Detect and prevent spam, fraud, and abuse (using metadata only, not message content).
  • Comply with legal obligations: Respond to lawful requests from authorities when required by law.

3. End-to-End Encryption

All messages in Juztuz are encrypted using XSalsa20-Poly1305 encryption before they leave your device. This means:

  • We cannot read your messages: Your encryption keys are stored only on your devices, not on our servers.
  • Messages are encrypted for each device: If you use multiple devices, messages are individually encrypted for each one.
  • Server sees only encrypted data: Our servers only see encrypted message blobs, not the actual content.

Your encryption keys are generated on your device and never transmitted to our servers. If you lose your device, you will lose access to your encrypted message history.

4. Message Retention & Auto-Deletion

Juztuz is designed for ephemeral communication:

  • Configurable DM expiry: For direct messages, you choose your expiry preference (24 hours, 7 days, 30 days, or 1 year). When chatting with someone, the stricter preference applies.
  • 24-hour room expiry: All room messages are automatically deleted 24 hours after the room is created.
  • 30-day metadata retention: Message metadata is retained for 30 days for analytics and abuse prevention, then automatically deleted.
  • Screenshot protection: Recipients must request permission to take screenshots, and senders are notified when screenshots are taken.

This automatic deletion is enforced by our database and cannot be disabled. Your messages truly disappear.

5. Third-Party Services

We use the following third-party services:

Stripe (Payment Processing)

Handles subscription payments. We share your phone number with Stripe for billing purposes. Read their privacy policy.

Twilio / MessageBird (SMS OTP)

Sends one-time password codes for phone number verification. Your phone number is shared with these services only for authentication purposes.

Cloudinary (Image Hosting)

Hosts profile avatars and image messages. Images are stored securely and accessible only to authorized users.

Expo (Push Notifications)

Delivers push notifications to your devices. We share your device push token with Expo for notification delivery.

6. Cookies & Website Analytics

Our website uses cookies and similar technologies to improve your experience and understand how visitors use our site.

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and understand how you interact with our site.

6.2 How We Use Cookies

We use the following types of cookies:

  • Essential cookies: Required for basic website functionality, such as remembering your cookie consent preference. These are stored in your browser's localStorage.
  • Analytics cookies: Help us understand how visitors use our website, which pages are most popular, and how users navigate the site.

6.3 Analytics Information

We use analytics services to collect anonymized information about website usage, including:

  • Pages visited and time spent on each page
  • How you arrived at our site (referral source)
  • Your general geographic location (country/city level)
  • Device type, browser, and operating system
  • Interactions with buttons and links

This data is aggregated and does not personally identify you. Our analytics providers may set cookies on your device to track your session.

6.4 Your Cookie Choices

When you first visit our website, you will see a cookie consent banner. You can:

  • Accept: Allow analytics cookies to help us improve the website.
  • Decline: Block analytics cookies. Only essential cookies (like your consent preference) will be stored. If you decline, we may ask again after 30 days.

Your preference is saved in your browser's localStorage. You can change your preference at any time by clearing your browser data and revisiting the site.

You can also control cookies through your browser settings or by using browser extensions that block tracking.

7. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize us to share your information.
  • Service providers: With third-party services listed above that help us operate our platform.
  • Legal compliance: When required by law, court order, or government request.
  • Safety and security: To protect the rights, property, or safety of Juztuz, our users, or the public.

Note: Because messages are end-to-end encrypted, we cannot provide message content to law enforcement even if legally compelled. We can only provide metadata (timestamps, participants, etc.) when required by law.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct your account information at any time in the app.
  • Deletion: Delete your account and all associated data from our servers. See our account deletion page for details.
  • Objection: Object to our processing of your personal data for specific purposes.
  • Portability: Request an export of your data in a machine-readable format.

To exercise these rights, contact us at contact@juztuz.com.

9. Children's Privacy

Juztuz is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at contact@juztuz.com, and we will delete the information.

10. International Data Transfers

Juztuz operates globally. Your information may be stored and processed in the United States or other countries where our service providers operate. By using Juztuz, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

11. Security Measures

We implement industry-standard security measures to protect your data:

  • End-to-end encryption (XSalsa20-Poly1305) for all messages
  • Hashed phone numbers (SHA-256) - never stored in plaintext
  • Encrypted database connections (TLS)
  • Secure password hashing (bcrypt) for OTP codes
  • Regular security audits and updates
  • Screenshot protection and permission system

However, no system is completely secure. We cannot guarantee absolute security of your information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending you a notification. Your continued use of Juztuz after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Privacy Summary

  • End-to-end encrypted messages - We cannot read your messages
  • Auto-expiring messages - DMs expire based on your preference, rooms expire in 24 hours
  • Secure phone storage - Stored with SHA-256 hash backup
  • 30-day metadata retention - Minimal data kept, then deleted
  • Screenshot protection - Permission-based with notifications
  • Cookie consent - You choose whether to allow website analytics
  • Transparent third-party use - Only essential services