Frequently Asked Questions

Ephemeral Messaging

Every message transmitted through the Application is subject to a configurable time-to-live (TTL) period. Upon expiration, messages are permanently and irreversibly deleted from all systems. No readable copy of any message is retained by the Company at any point.

Zero-Knowledge Architecture

The Company operates under a strict zero-knowledge model. Our servers function solely as encrypted relay infrastructure. At no point does the Company possess the technical capability to read, access, or decrypt the content of any message, call, or file transmitted through the Application.

Key Ownership

All cryptographic keys used to protect your communications are generated and stored exclusively on your device. The Company does not generate, store, transmit, or have any access to your private keys. You retain full and exclusive control over your keys at all times. Keys may be revoked at your discretion through the Application.

Encryption Model

The Application employs industry-standard end-to-end encryption. All messages are encrypted on the sender's device prior to transmission and can only be decrypted on the intended recipient's device. Each conversation maintains its own independent set of cryptographic keys, ensuring that the compromise of one conversation does not affect the security of any other.

Voice and Video Calls

All voice and video calls made through the Application are end-to-end encrypted. Each call session uses a unique set of encryption keys that are generated immediately before the call begins and are permanently deleted as soon as the call ends. The Company has no technical capability to intercept, monitor, or record any call. Call audio and video content is never transmitted to or stored on Company servers.

Call Contact Requirement

Voice and video calls may only be initiated between Users who have mutually added each other to their respective contact lists. This mutual contact requirement is a technical and policy control designed to prevent unsolicited contact and protect User privacy. Calls from Users who are not mutual contacts are automatically rejected by the Application.

Application Protection

Access to the Application is protected by a User-defined PIN code. Following a configurable number of incorrect PIN entry attempts, the Application initiates an automatic data deletion and key revocation procedure. The Application does not use biometric authentication (such as Face ID or fingerprint recognition) as a primary access control measure, in order to maintain User privacy in situations where the device may be accessed by a third party under legal or physical compulsion.

Screenshot and Screen Recording Prevention

The Application implements platform-level technical controls to prevent screenshots and screen recordings of Application content on supported devices and operating system versions. These controls are enforced by the Application within the bounds permitted by the underlying mobile platform (iOS and Android). The effectiveness of these controls is subject to the capabilities and limitations of the device operating system in use. The Company does not guarantee absolute prevention of screen capture under all circumstances.

Device Security and User Responsibility

The security guarantees provided by the Application are contingent upon the integrity of the User's device. The Company assumes no responsibility or liability for any compromise of User data, communications, or cryptographic keys resulting from, or attributable to, any of the following conditions affecting the User's device:

• The presence of spyware, malware, keyloggers, or other malicious software;
• Unauthorized physical or remote access to the device;
• Use of a rooted, jailbroken, or otherwise modified operating system;
• Exploitation of operating system or hardware vulnerabilities;
• Screen mirroring, remote screen viewing, or accessibility service abuse;
• Any other condition that compromises the security of the device environment.

It is the User's sole responsibility to maintain the security and integrity of their device and operating system. The Application cannot protect communications if the device on which it is installed has been compromised at the hardware or operating system level.

Data Deletion

Due to the zero-knowledge architecture of the Application, the Company does not retain personally identifiable information, message content, or encryption keys. Users may permanently delete their data and revoke all cryptographic keys at any time by using the WPIN function or by initiating a manual key revocation. Upon key revocation, all messages associated with the revoked keys become permanently unreadable, and the revoked public key is removed from all active communication sessions across all registered devices.

Backup and Restore

Backup and restore functionality is intentionally unavailable in the Application. All Application data stored on the device is maintained in an encrypted format that is architecturally separated from the corresponding cryptographic keys. This design ensures that data cannot be accessed without the User's keys and is consistent with the Application's privacy-by-design principles. As a consequence, data recovery in the event of device loss or key deletion is not possible.

WPIN — Secure Data Wipe PIN

The WPIN is a designated secondary PIN code that, when entered, unlocks the Application while simultaneously and irrevocably deleting all private and public cryptographic keys stored on the device, along with all locally stored conversation data. Following WPIN entry, the Application automatically initiates a mass key revocation procedure, removing the User's public keys from all devices and communication sessions to which they were previously distributed. This feature is intended for use in situations where a User is under compulsion to provide device access to a third party.

Can HashTalks Access My Messages or Calls?

No. The Company has no technical capability to access, read, decrypt, or disclose the content of any message, call, or file transmitted through the Application. This is not a policy choice — it is an architectural constraint. Encryption keys exist only on User devices and are never transmitted to or stored on Company infrastructure. The Company cannot comply with requests to produce message or call content because such content is technically inaccessible to us.

What Happens If I Lose My Device?

If your device is lost or permanently inaccessible, the cryptographic keys and all encrypted data stored on that device are lost with it. The Company cannot recover keys, restore messages, or reinstate access to prior communications on your behalf. You are strongly advised to maintain access to a secondary registered device or to perform a key revocation immediately upon device loss to prevent any potential unauthorized access.

Contact

For questions or support, please contact:
Intelligent Trade SIA, Riga, Latvia, Apuzes iela 5-2/3, LV-1048
info@hashtalks.app