air-gapped · open source Verify ↗ Request access →

Legal

Privacy policy

A genuine, data-minimising policy that reflects how this product actually works.

This policy describes the data we do not collect, the little we do handle, and why. It reflects real practice, not aspiration. The product is designed to avoid collecting identity in the first place, and this site is built to practise the same restraint.

What we do not collect

  • Message content. Your messages, calls, and files are end-to-end encrypted. We hold no keys to them and operate no vendor-readable server, so we cannot read them — not on request, not under compulsion, not at all.
  • Connection logs and IP addresses. Traffic is routed through Tor and reaches us, where it reaches us at all, without a usable network identity. We do not build profiles of who connected, from where, or when.
  • Name, email, or phone number. Access does not require an account tied to your identity. The messenger needs no phone number. We do not ask for a real name to use the product.

The minimal data we handle

To operate the service and fulfil orders for the GuardTalk Mobile Protector, a small amount of data is unavoidable. We keep it to the minimum and no longer than necessary.

  • A random account identifier. Access uses a random identifier rather than a name or email, so the account is not linked to your identity.
  • A shipping destination, only when you buy the GuardTalk Mobile Protector. When you purchase the GuardTalk Mobile Protector from us, the device has to be sent somewhere. We collect a delivery destination solely to fulfil that order, handle it minimally, and do not retain it as a marketing record. A locker, forwarder, or alternative destination is your choice.
  • Monero payment confirmation. Payment is made with Monero. We confirm that a payment was received for an order; we use no third-party card processor and obtain no card number, bank trail, or full identity in the process.

No cookies, no trackers, no third-party scripts

This site sets no cookies, runs no analytics that identify you, and loads no third-party scripts, ad pixels, or off-origin fonts. Every asset is served from our own origin; nothing on these pages contacts a third party at runtime. The site is fully usable in Tor Browser with JavaScript disabled.

No third-party data sharing

We do not sell, rent, or share your data with third parties, and we run no advertising or data-broker relationships. The minimal data described above is used only to operate the service and fulfil your order. Where a law-enforcement demand is received, we can only ever produce what we actually hold — which, by design, is almost nothing, and never message content.

Data security

The product is built on a GrapheneOS-based hardened operating system, the air gap that keeps your phone off the internet, and routing through Tor. We hold no keys to your messages and ship no backdoor — the source is open so you can confirm it rather than trust us. The protections here are bounded by our threat model, which states plainly what they do and do not cover.

Changes to this policy

If this policy changes, the updated version will be published here with a new date below, and material changes will be noted. We will not quietly broaden what we collect.

Last updated 15 June 2026.

Don't trust the policy — check it.

The same restraint, shown in source and in the transparency centre.

Transparency centre →Read the terms →