Legal & Privacy Center

Our core directive: If we don't have your data, no one can demand it from us.

1. Data Minimization & Cryptography

• Blind Identity Protocol: We do not store your raw username, email, or phone number. We utilize client-side Argon2id hashing. The server only stores a cryptographic hash (`usernameHash`), rendering your identity mathematically irreversible to us.
• Encrypted Metadata: Your display name, bio, and avatar are symmetrically encrypted on your device. To our infrastructure, your profile is an opaque blob of ciphertext.
• E2EE Communication: All direct messages, voice notes, and file attachments are End-to-End Encrypted using the Signal Protocol (Double Ratchet).
• Zero-Knowledge Burner Sessions: These sessions operate exclusively within your browser's volatile memory (RAM). No account metadata is stored on disk or server; keys are cryptographically shredded the instant the tab is closed (Zero-Footprint).
• Secure Media Enclaves: Every image or file attachment is mutated into a randomized binary blob on your device using XChaCha20-Poly1305 symmetric encryption before cloud transmission. NYX servers act as blind storage enclaves and never possess the keys to decrypt your media.

2. Ephemeral Network Logging

To maintain network integrity and prevent DDoS/Botnet attacks, we temporarily process:

• IP addresses (irreversibly hashed upon connection).
• WebSocket connection timestamps (swept automatically from Redis).
• Encrypted offline message queues (automatically purged upon successful delivery to the recipient).

• Trust-Tier Gating: To protect the network, unverified accounts are placed in a restricted "Sandbox Mode". Full capabilities require biometric hardware verification or cryptographic Proof-of-Work.
• Zero-Tolerance Abuse Policy: You agree not to utilize the NYX network for illicit activities, automated API abuse (botting), or distributing malware. Violations will result in immediate network bans.

The NYX source code is proudly open-source and fiercely protected under the GNU Affero General Public License v3.0 (AGPL-3.0).

The AGPL-3.0 Constraint

If you modify the NYX codebase and allow users to interact with it over a network (e.g., hosting it as a SaaS), you are legally obligated to release your modified source code to the public. Closed-source SaaS deployments of NYX under this license are strictly prohibited and constitute copyright infringement.

We do not use tracking, advertising, or third-party analytics cookies. Local storage is used strictly for cryptographic persistence and authentication.

NYX operates with Zero Telemetry. We do not track your clicks, screen time, or feature usage.

Smart Reply (Optional AI)

We provide an experimental "Smart Reply" feature utilizing the Google Gemini API. This feature is strictly Opt-In.

• Messages are decrypted locally before being sent to the AI.
• The NYX Server acts as a blind proxy; it does not log the prompt or the AI's response.
• Data processed by the Gemini API is ephemeral and is not used to train foundational AI models, per Google's enterprise API terms.

Our cryptographic implementations are open for audit.