Skip to content
Legal

Privacy Policy

Last updated 2026-06-23

What we collect

Nothing that identifies you. Blink has no accounts, no phone numbers, no email, and no analytics or telemetry of any kind. We do not have a profile of you to sell, leak, or hand over.

Message content

End-to-end encrypted with libsignal (X3DH + post-quantum PQXDH + Double Ratchet). Keys are generated and stored on your device. We cannot read your messages, and neither can the relay that forwards them. With sealed sender, the relay does not even learn who sent a message.

Network metadata — the honest part

We can't fully hide it, so we won't pretend to. The relay runs on Cloudflare, which — like any server you connect to — sees your IP address, the timing and the size of your traffic. Sealed sender hides who you are at the app layer, not your network path. The relay itself runs zero-log (no DIDs or metadata are written to logs), and queued ciphertext is deleted after delivery or expiry. Hiding your IP from the relay would require Tor/I2P, which is on the roadmap, not shipped.

Push notifications

If you enable notifications, Blink registers a push token from Google Firebase Cloud Messaging (FCM) with the relay so it can wake your device when a message arrives. The push carries no message content and no sender — only a signal to come fetch. This does involve Google's push infrastructure; if you prefer zero Google contact, leave notifications off (a Google-free push path is on the roadmap).

This website

This marketing site sets no tracking cookies and runs no third-party analytics. Reviews you submit are stored with the name you choose to enter — leave it blank to stay anonymous.

Your control

Your identity lives on your device and is recoverable only from your 12-word phrase. Wipe the app and the keys are gone. There is no server-side copy to request or delete, because there isn't one.

Verify, don't trust

Blink is open-source under AGPL-3.0 — the full source, including the relay, is public at github.com/tralalananala-cloud/blink. You can read exactly what runs. See SECURITY.md for the complete threat model.

Changes

If this policy ever changes, the diff will be public in our changelog and git history. We will never quietly expand what we collect.