Effective July 15, 2026
Privacy starts with collecting less.
This notice explains what remains on your devices, what QEYET infrastructure processes to deliver the service, and which external services are involved only when you choose them.
Standard identities
A standard QEYET identity does not require a phone number, legal name, or email address. You may choose a display name, and contacts may assign their own local name or note to you.
Messages and local content
Readable message history, drafts, call logs, contact notes, cached media, and account state are stored on authorized devices. QEYET routing nodes receive encrypted envelopes, not the conversation keys required to read their contents.
Deleting local data removes the selected information from that device. Six recovery words restore identity material; they do not recreate messages deleted from every authorized device and backup.
Routing and operational data
Delivering an internet service necessarily exposes some metadata. QEYET nodes and network providers may process source network addresses, connection timing, approximate encrypted packet size, mailbox routing identifiers, delivery attempts, rate-limit state, and abuse signals.
QEYET clients also send privacy-limited operational telemetry containing the application version, a heartbeat, an observation time, and aggregate event counters such as delivery, retry, file-transfer, and call outcomes. This telemetry is used for system health and does not include message bodies, attachment contents, recovery words, or conversation keys.
Voice, video, and direct files
WebRTC connects participants for calls and direct file transfer. Depending on network conditions, participants, internet providers, and relay services may observe network addresses and timing. File bytes are not retained for offline download by QEYET's message queue; a pending transfer waits for both endpoints.
Push notifications
If you enable notifications, the browser or operating system creates a push subscription that QEYET nodes use to wake the installed experience. Apple, Google, Microsoft, browser vendors, and their delivery networks may process push-routing metadata under their own terms. Notification previews can be disabled in QEYET.
Backups and Google Drive
Backups occur only when you initiate them. Local exports remain under your control. If you configure and use Google Drive backup, Google processes authorization and file storage under your Google account and privacy terms. QEYET does not receive your Google password.
Hermes connections
When you connect a user-owned Hermes Agent, the bridge runs on the machine you pair. QEYET transports encrypted agent messages; Hermes receives readable prompts and produces replies on that paired machine. Your Hermes installation and any tools it invokes remain subject to your own configuration and the Hermes provider's terms.
Enterprise accounts
Enterprise administrators can process usernames, display names, membership status, directory visibility, spaces, enrollment events, client versions, and aggregate operational health for their tenant. They can reissue organizational access but cannot use that authority alone to decrypt an employee's local message vault.
Retention
Local content remains until you delete it, the browser removes site data, or a configured disappearing-message rule expires it. Encrypted queued envelopes are retained only within configured delivery and storage limits. Operational logs, abuse controls, aggregate metrics, push subscriptions, and enterprise administration records may be retained as needed to operate, secure, and troubleshoot the network.
Your choices
- Use a standard identity without providing a phone number or email address.
- Disable notifications and notification previews.
- Delete local messages, call logs, cached media, or all local application data.
- Export an encrypted backup manually.
- Disconnect linked devices and Hermes bridges.
- Ask an enterprise administrator to suspend or remove organizational membership.
Security and limitations
No security design eliminates compromised devices, malicious browser extensions, traffic analysis, software defects, or user disclosure of recovery material. Review the QEYET security architecture for current protections and assurance status.
Contact
Privacy questions can be sent to admin@qeyet.com. Do not send recovery words, private keys, or confidential message content by email.
Changes
This notice may change as QEYET adds providers, applications, or commercial services. Material changes will be reflected by a new effective date on this page.