Built differently · The architecture

We don't know who you are.
We built it that way.

Most apps treat privacy as a policy. We treat it as a structure. This page is the architecture, not the legalese — the choices we made when we drew the system, and why.

We don't have your
name
Never asked. Never assigned.
We don't have your
email
Not requested. Not stored.
We don't have your
phone
No SMS. No SIM lookup.
We don't have your
card
App Store handles every cent.
The architecture

Where every piece lives.

The further left, the less identity is ever attached. The further right, the less of it exists at all.

On your phone
Your messages
Encrypted at rest on our servers, and used only to create the calm version your partner receives.
Encrypted at rest
Your content is encrypted in our database, never sold, and never used to train AI.
6-digit partner code
If you forget your password, your partner generates a single-use code. No email recovery exists.
On our servers
An encrypted blob
Has no name, email, or identity attached. Tied only to an opaque token.
An opaque token
Says you're a real device. Not who you are, where you live, or how to reach you.
AI pipeline (transient)
Reads your draft long enough to help. Then forgets. Never trains on it.
Nowhere
Your real name
No legal-name field exists. Not in our DB. Not even nullable.
Your card number
Apple and Google charge you. We get a "subscription active" yes/no.
Identifying ad data
No SDKs. No fingerprinting. No analytics on personal flows.
What we hold · What we don't

A smaller surface, on purpose.

Things we never collect

Not "with your permission." Not "anonymized." Just absent — at the schema level.

  • Email address
  • Phone number or SMS code
  • Your real name (pick any username)
  • Profile photo or avatar
  • Card number or billing address
  • Searchable username
  • Training data from your sessions
Things we do hold

The minimum required to make a private space work for two people who chose to be in it.

  • A username and a hashed password
  • Content with no name, email, or identity attached
  • A short-lived invite code (then it expires)
  • A pairing link between two anonymous tokens
  • A subscription status (active / not)
  • Aggregate, non-personal usage counts
  • Crash logs, with no content attached
How the everyday parts work

Sign in. Pay. Find each other.

The three places most apps leak your identity. Each one re-thought.

01 · SIGN IN
A username. A password. Nothing else.
No email, no phone, no SMS code. You pick a username and a password to sign in. Forgot your password? Recover with a single-use code your partner generates.
usernameuser-chosen
emailnull
recoverypartner code
02 · PAYMENT
Apple Pay or Google Pay
The store handles the transaction. We get back "active subscription" — that's it. We pay the platform cut on purpose, so your name never has to hop through a payment processor.
card_numbernull
billing_addrnull
sub_statusactive
03 · PAIRING
An invite code, not a number
Generate a code, share it through the channel you already trust, your partner pastes it. Two devices we cannot identify are now in a room together. The code expires.
code7H-K3PQ
partner_phonenull
pairtok_a ↔ tok_b
What we cannot promise

The edges, said out loud.

We say "we don't know who you are" because it's true. We don't say "Accordial is untraceable" because it isn't, and we won't lie to you about something this important.

Edge 01
If your phone is unlocked, it's readable
The protection is structural at our company — not a force field around your device. If someone can unlock your phone, take that seriously.
Edge 02
Apple and Google know who you are
A warrant to them gets data Accordial never gave them. We can't stop that. We can only say the data they have did not come from us.
Edge 03
A warrant to us gets a smaller surface
We'd hand over what we have: content with no name, email, or identity attached, tied to an opaque token. Smaller than any other product in this category exposes.
How to verify any of this

Don't take our word.
Read the wire.

No identifying information leaves the app during sign-up. Run a packet inspector and watch the request yourself. Our Privacy Policy documents exactly what we hold and what we never hold.

We don't know who you are.
We built it that way.

That is the product.