Qlavis™ · Messenger
Architecture Contact
EN ES
Privacy Policy

We built Qlavis to know as little about you as technically possible.

What limited data Qlavis processes, what it deliberately never collects, and why end-to-end encryption means we cannot read your content even if we wanted to.

Last updated 4 July 2026  ·  Effective 4 July 2026

Privacy at a glance
  • End-to-end encrypted. Messages, calls, files, and in-chat payments are encrypted on your device with post-quantum cryptography. No one but you and the people you talk to can read them.
  • No sign-up data. No phone number, no email, no real name. Your identity is created on your device and secured by a 12-word recovery phrase that never leaves it.
  • No tracking, no ads, no analytics SDKs. We do not use advertising, third-party analytics, or the device advertising identifier. We do not sell or share your data.
  • We store as little as possible. Encrypted message content is deleted from our servers once it has been delivered.
  • Your wallet is yours. The built-in wallet is non-custodial. Your keys and funds live only on your device — we never hold, see, or store them.
01 · Who we are

Controller

Qlavis is a post-quantum, end-to-end encrypted messenger with an integrated non-custodial wallet, published for iOS. This policy describes how Qlavis, Inc. (“Qlavis,” “we,” “us”), a United States corporation, handles information in connection with the Qlavis app and the qlavis.app website. Contact: hello@qlavis.app.

02 · What we do not collect

Data minimization by design

Qlavis is built so there is little about you to collect in the first place. We do not:

  • require or collect your phone number, email address, or legal name to create an account;
  • read, scan, or retain the plaintext of your messages, calls, files, or payments — everything is end-to-end encrypted;
  • upload, store, or scan your device address book on our servers;
  • use advertising, ad networks, or the device advertising identifier (IDFA) — and we do not track you across other apps or websites;
  • embed third-party analytics, telemetry, or crash-reporting SDKs; or
  • sell, rent, or share your personal information, or use it for advertising of any kind.
03 · Information we process

The minimum needed to deliver messages and calls

Because your content is end-to-end encrypted, most of what our servers hold is either a public key, an opaque identifier, or ciphertext we cannot decrypt.

DataWhat it is / whyLegal basis (GDPR)
Qlavis IDA username you choose (@handle) so others can reach you. Not linked by us to your real identity.Contract
Public keysYour public encryption and signing keys and public prekeys, so others can establish encryption with you. Your private keys never leave your device.Contract
Device fingerprint hashA one-way hash binding your account to your device, to resist account takeover. We store the hash, not the device data.Legitimate interest — security
Encrypted push tokenAn encrypted reference used to route Apple push notifications to your device.Contract
Encrypted message contentCiphertext we cannot read. Deleted on delivery to all recipients; only a content-less stub remains so delivery status works.Contract
Delivery & read statusWhether a message was delivered/read, to show status ticks. You can disable read receipts.Contract / consent
Presence signalsCoarse “last seen” and online/typing indicators. Last-seen is rounded for privacy; every signal is individually switchable off.Consent
AvatarsEncrypted per-recipient key-wraps and encrypted image blobs. We cannot view your avatar.Contract
Safety dataUsers you block and reports you submit, so we can keep the service safe and act on abuse.Legitimate interest — safety

Contacts stay on your device. Your contact list and Zero-Knowledge Lookup data are stored locally in an encrypted database. Our servers hold none of it.

The qlavis.app website collects nothing. It is a static site: no cookies, no analytics, no third-party code. Our web server keeps only anonymized technical logs (time, request, status) that contain no IP addresses.

04 · End-to-end encryption

We hold no key that can read your content

All conversation content — text, voice and video calls, photos, videos, files, voice messages, and in-chat payments — is encrypted on your device before it is sent, and can only be decrypted on the recipient’s device. Qlavis uses a post-quantum, CNSA 2.0-aligned stack (ML-KEM-1024 / FIPS 203 key encapsulation, ML-DSA-87 / FIPS 204 signatures, AES-256-GCM authenticated encryption) over a ratchet protocol with forward secrecy and post-compromise security.

This means we — and our hosting providers, and anyone who compromised our servers, now or after a future quantum computer exists — cannot read your content. The trade-off: we cannot recover your content or your account if you lose your 12-word recovery phrase. Keep it safe; it is the only key.

05 · The wallet

Non-custodial — we store nothing about your funds

The built-in wallet supports the Stellar and XRP Ledger networks and is fully non-custodial. Your wallet keys are derived on your device from your recovery phrase and stored only on your device. Our servers hold no wallet balances, keys, addresses, or transaction history.

  • On-chain data is public. A blockchain transaction is recorded on a public ledger we do not control and cannot alter or delete. Anything in a public memo field is permanent and public.
  • Privacy relay. When your wallet reads the blockchain, requests go through our relay, which strips identity-revealing headers and forwards a fresh request — the network operators see our relay, not your device.
06 · Push notifications

Generic alerts; your content is never in the push

To alert you when the app is closed, we send push notifications through Apple’s Push Notification service (APNs). The alert shown on your lock screen is generic — “New message” or “Incoming encrypted call,” never the message content. So your device can label the notification, the push payload carries the sender’s Qlavis @handle (never a phone number, and never any message content); your messages are fetched and decrypted only on your device. You can hide the sender on the lock screen in Settings.

07 · Service providers

Who processes data on our behalf

ProviderPurposeLocation
Amazon Web ServicesServer hosting and encrypted storageUnited States
AppleApp distribution and push delivery (APNs)United States
Stellar / XRP LedgerPublic blockchains your wallet transacts on (only if you use the wallet)Decentralized
Call relay (TURN)Relays call media when a direct connection isn’t possible; media stays end-to-end encryptedUnited States

We do not use these providers for advertising or profiling. We may disclose data if required by valid legal process — but because of end-to-end encryption and data minimization, what we can produce is limited to the account data described above — never message content.

08 · Data retention

We keep it briefly, then delete it

  • Message content: deleted from our servers once it has been delivered. Undelivered ciphertext is kept no longer than 14 days, then deleted.
  • Delivery / read status: up to 14 days.
  • Call records (time and duration only — call audio and video are end-to-end encrypted and never touch our servers): removed once the call ends or, for a missed call, once your device has been notified of it. Backstop: no longer than 14 days.
  • Account data (Qlavis ID, public keys, device fingerprint hash): kept while your account exists, deleted when you delete it.
09 · Your controls

You are in charge

  • Delete your account in-app, any time. Settings → Account → Delete Account removes your identity and associated data from our servers and wipes local data. Blockchain transactions already recorded on public ledgers cannot be deleted.
  • Privacy toggles. Read receipts, online status, typing indicators, last-seen, profile-photo visibility, and lock-screen sender hiding — each independently in Settings.
  • App lock. Manage your recovery phrase and biometric/PIN app-lock in Settings.
10 · Your rights

GDPR, CCPA, and more

Depending on where you live, you may have legal rights to access, correct, delete, or restrict the personal data we hold about you. Because Qlavis is built on data minimization and end-to-end encryption, that data is limited — and you can already see and delete most of it yourself in-app. We do not sell your data, so there is nothing to opt out of. To make a request, email hello@qlavis.app; we verify requests through your control of your Qlavis account, and we will never ask for more data to fulfil one.

11 · International transfers

Processed in the United States

Our servers are in the United States. If you use Qlavis from outside the U.S., the limited data described above is processed in the U.S. Where personal data is transferred from the EEA or the UK, we rely on appropriate legal safeguards for such transfers, as required by applicable law.

12 · Security

Security is the product

Beyond end-to-end encryption: your on-device database is encrypted at rest; secret keys are protected by the iOS Keychain and Secure Enclave; the app supports biometric and PIN app-lock; and your account is bound to your device to resist takeover. No method is 100% secure, but we design to minimize what could ever be exposed. To report a security issue, email hello@qlavis.app or see security.txt.

13 · Children

Not directed to children

Qlavis is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact hello@qlavis.app and we will delete it.

14 · Changes

Updates to this policy

We may update this policy. We will change the “Last updated” date and, for material changes, give notice in the app or on qlavis.app. Continued use after an update means you accept the revised policy.

15 · Contact

Reach us

Questions about privacy: hello@qlavis.app.

Qlavis™ · Messenger · © 2026 Qlavis, Inc.
security.txt Privacy Terms Support