Most apps promise privacy and then collect everything anyway. Hushwire is built the other way around: the things you'd most want kept private are encrypted on your device before they ever reach us, so we couldn't hand them over even if we wanted to. This page explains, in plain language, exactly what we collect, what we don't, and why.
Last updated: June 22, 2026
To run your account, we store a randomly generated user ID and the username you choose. That's it for the data that identifies you.
Your messages, calls, group names, and profile pictures are end-to-end encrypted. Our server only ever sees ciphertext it cannot read.
We use your IP address to deliver your messages, the same way the postal system needs an address to deliver a letter. We do not log it, store it, or build a history from it.
We don't sell your data. We don't run ads. We don't track you across the web. There is nothing to monetize, because we never collect it.
We try to collect as little as possible. Here is the complete list of information our service handles, and what each piece is for.
| What | Why |
|---|---|
| User ID | A random identifier created when you register. It ties your account to your messages and keys. It is not derived from your name, email, or any personal detail. |
| Username | The name you choose so other people can find and recognize you. You decide what it is; it does not have to be your real name. |
| Encrypted content | Your messages, attachments, voice, community names, and profile pictures pass through or rest on our server only as ciphertext we cannot decrypt. We store it so it can be delivered to the right devices, never to read it. |
| Encrypted recovery backup | If you set up account recovery, we store an encrypted backup of your identity keys plus a one-way verifier hash, so you can restore your account on a new device. The backup is locked with a recovery key we never receive — see account recovery below. |
| IP address (in transit) | Used in the moment to route your connection and deliver your messages. See the note below — we do not log or retain it. |
| Support messages | If you email us or use the contact form, we receive whatever you choose to write, plus a name if you provide one. We use it only to reply. |
| Subscription status | If you pay to host a community, we keep a record that your account has an active subscription so we can enable those features. Payments themselves are processed by the app store or payment provider — we never see or store your card details. |
Just as important as what we collect is what we deliberately leave out:
We do not sell, rent, or trade any of your information to anyone, ever. Our business model is simple: people who host communities pay us directly, which is exactly what frees us from needing to monetize your data.
To deliver a message from one person to another, a server has to know where to send it — and on the internet, that means an IP address. There is no way around this for any messaging service. The difference is in what happens next.
Hushwire uses your IP address only in the moment, to route your live connection and deliver your messages and voice traffic. We do not write it to a log file, store it alongside your account, or keep any history of the addresses you've connected from. Once your connection ends, it's gone.
Note that infrastructure providers between you and us (your internet provider, and our hosting and network providers) may handle IP-level traffic as part of running the network. If you want to hide your IP from the network path entirely, a VPN or Tor is the right tool — Hushwire works over both.
There's one nuance to "we can't read your data" that we want to state precisely rather than gloss over, because it's the one place we store anything related to your keys.
So you can get back into your account if you lose your device, Hushwire stores an encrypted backup of your identity keys on the server. That backup is locked with a recovery key — the recovery phrase you're shown when you turn on recovery. The recovery key is generated on your device and never sent to us. We store only the locked backup, plus a one-way hash of a verifier we use to check that you typed your recovery phrase correctly.
The practical result: we cannot open this backup ourselves. Without your recovery key, it is just unreadable ciphertext to us — the same as your messages. Recovery works only because you supply the recovery phrase, which re-derives the key that unlocks the backup on your own device. If you lose your recovery phrase, not even we can restore your account.
To be unambiguous: we hold no key shares, no partial keys, and no master key or back door that could let us reconstruct your keys. Our cryptography is open source, so you don't have to take our word for how recovery works — you can read exactly how the recovery key is generated on your device and why it never reaches our servers.
We use the limited information above only to:
We never use it for advertising, profiling, or sale to third parties.
We keep your account information (user ID and username) for as long as your account exists. Direct messages are removed from the server once they've been delivered to your devices. Group messages are different: so that history can be restored on demand — for example when you sign in on a new device — they are retained on the server in encrypted form. The exception is groups set to transient, where messages are never stored on the server and exist only on members' devices. In every case the server holds ciphertext it cannot read. Support emails are kept as long as needed to handle your request, and IP addresses are not retained at all.
In-app account deletion isn't available yet — it's something we're building. In the meantime, if you'd like your account and its data removed, email privacy@hushwire.io and we'll take care of it. Some information may persist briefly in encrypted backups before being cycled out.
Because we hold so little about you, there is very little to manage — but you remain in control of it:
Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA — for example, to access, correct, or delete personal data, or to object to certain processing. To exercise any of these, contact us at the address below. We honor these rights regardless of where you live.
Privacy and security are the same project here. Everything sensitive is end-to-end encrypted using the Signal Protocol, implemented in Rust, with post-quantum protection. You can read exactly how on our cryptography page. Connections to our servers are encrypted in transit, and we minimize what we store specifically so there is less to protect.
If we update this policy, we'll change the "last updated" date at the top and, for significant changes, give notice in the app or on this site. The core commitment won't change: we collect as little as possible, and we encrypt what matters so that we can't read it.
Questions about your privacy, or want to exercise a data right? Email privacy@hushwire.io, or reach us through the contact form. Security researchers can reach the team at security@hushwire.io.