ZERO-PII METADATA POLICY

Effective Date: May 22, 2026 • Last Revised: May 24, 2026

This Privacy Policy explains how **the BlackBox 1:1 Project Operator** operates a strictly zero-knowledge metadata framework for the free, zero-knowledge communications utility **BlackBox 1:1**. We operate in full compliance with standard global and regional data privacy principles (including GDPR, CCPA, and regional equivalents). By utilizing this platform, you execute local cryptographic scripts that mathematically isolate your personal data from our databases. The platform operates on the premise that what we do not collect cannot be compromised.

1. Cryptographic PII Blind Indexing

To manage logins and user directories without compromising your identity, BlackBox utilizes **Zero-Knowledge Blind Indexing**. When you register a username or email, your browser normalizes and hashes the value client-side using **SHA-256** combined with a cryptographic salt. The server stores and performs directory lookups strictly using these hashes. The database remains completely blind to your actual username or email.

Client Email Input → "user@domain.com"

Local Derivation → SHA-256("user@domain.com" || salt) → a4f2e9c1...

Server Logged Value = a4f2e9c1... (Plaintext email never sent)

📝 PLAIN-ENGLISH TRANSLATION: We do not collect your real name, cleartext email, or IP address. Any email you register is converted into a scrambled hash on your device *before* it leaves your browser. We only hold encrypted chat payloads and public keys, which we cannot read.

2. Detailed Data Handled (Transient & Persistent)

A. Persistent Encrypted Storage (Server-Side)

We store only the absolute minimal parameters required to establish sockets and route encrypted ciphertexts between clients:

Encrypted Message Ciphertext: Encrypted using AES-GCM-256 client-side. We have no keys to decrypt.
Double Ratchet Public Keys & Sequence Counts: Required dynamically to align the client-side DH ratchets.
Blind Index Username Hash: Salted SHA-256 digest of your registration alias.
Encrypted Private Key Backup Blob: Encrypted locally using PBKDF2-SHA256 derived from your Device Secret, stored solely for multi-device sync.
Blocked Users Reference: An array of user ObjectIds representing accounts you have blocked, stored purely to validate socket message restrictions.
Disappearing Message Mode: The chosen disappearing interval timer status (24 hours, 7 days, keep forever, or after-seen) stored to determine automated message pruning triggers.

B. Data We Do NOT Collect or Log

We physically cannot read, track, or monitor the following, as they are never transmitted or logged:

Plaintext message text, files, images, or conversation audio/video.
Cleartext passwords, Device Secrets, or master recovery keys.
Symmetric ratchet roots or transient conversation chain keys.
Persistent IP logs, geolocational coordinates, or device fingerprints.
Backend telemetry trackers, proprietary customer analytics, or custom profiling databases.

3. No Financial or Billing Data Collection

Because BlackBox 1:1 is provided completely **free of charge**, we do not collect, solicit, store, or process any billing details, credit card numbers, or transaction histories.

There are no payment gateway integrations, and we possess zero capability to handle financial credentials. Your account remains isolated from commercial transaction parameters.

📝 PLAIN-ENGLISH TRANSLATION: We do not charge money. We do not use credit cards, Stripe, or payment systems. We will never collect your financial data.

4. Purposes of Processing & Legal Grounds

We process transient metadata strictly on the legal grounds of **Contractual Necessity** (to operate the real-time E2E socket connection) and **Legitimate Interests** (preventing platform abuse and spam). Under data protection principles, the Operator acts as a Data Fiduciary / Processor for the encrypted data, while absolute data custody remains with your local cryptographic keys.

Because we do not collect personal identifiers in plaintext, we maintain zero records that could associate a real-world identity with a given chat index.

5. Cookie & Zero-Advertising Policy

To maintain the zero-knowledge session framework, our platform utilizes browser **LocalStorage** and dynamic RAM state solely to preserve your cryptographic session keys, password digests, and device configuration values on your physical terminal. These are never shared with or processed by third parties.

**Zero-Advertising Policy:** Because BlackBox 1:1 is committed to absolute user privacy and a clean, distraction-free environment, we do not serve advertisements, partner with Google AdSense or any other advertising network, or deploy third-party advertising trackers or cookies on our interface. Your session remains completely isolated from commercial profiling networks.

📝 PLAIN-ENGLISH TRANSLATION: We only use your local browser storage to hold your private encryption keys. We do not display any ads, we do not partner with Google AdSense, and we serve zero tracking or advertising cookies.

6. Security Safeguards & Local Sandbox Safety

The Operator implements advanced server-side protections, including Transport Layer Security (TLS/SSL), CORS origin validation, and socket throttling, to defend the platform database against unauthorized access.

**Local Cryptographic Session Timeout (5-Min):** To prevent local device unauthorized access, the Platform incorporates an automated client-side inactivity tracker. If no input (mouse movement, keypress, click, scroll, touch) is detected for 5 minutes, in-memory cryptographic private keys are immediately destroyed, and the session cookie is wiped (a slide-up warnings alerts you at 2 minutes and 30 seconds).

However, because BlackBox operates client-side E2EE, your security depends strictly on your local device health:

Ensure your browser and operating system are updated with the latest security patches.
Maintain active biometrics or passkeys to protect physical access to your device.
Keep your browser sandbox clean and avoid installing untrusted, third-party extensions.

📝 PLAIN-ENGLISH TRANSLATION: We protect the database and socket traffic. However, you are automatically logged out in your browser after 5 minutes of total inactivity to protect your local E2EE keys. Keep your own physical device secure from local malware.

7. Data Retention & Deletion Policy

**Encrypted Ciphertext & Selective Deletion (Clear Chat):** Ciphertexts are stored in the database until deleted. Performing "Clear Chat" flags E2EE records as deleted strictly for your account (`deletedFor: "sender"`). The conversation partner retains their corresponding records until they initiate their own deletion.

**Volatile Disappearing Messages Timers:** When a conversation uses Disappearing Messages, messages are permanently purged from database storage when their active age exceeds the selected timer (24 Hours or 7 Days). In "After-Seen" mode, messages are flagged as deleted for the sender instantly upon recipient read confirmation, and permanently deleted when both parties have cleared.

**Ephemeral Socket Relays:** Payloads are kept in server memory (RAM) and flushed instantly upon delivery.

**Automatic Inactivity Erasure (7-Day Purge):** Anonymous accounts that exhibit zero activity for 7 consecutive days are automatically deleted from the server by a background sweeper. This sweep permanently and irreversibly cascade-purges the user record, active conversation rooms, E2EE message records, and reported abuse data.

**Absolute Erasure:** You have the perpetual, statutory right to request absolute deletion of all server-side records. Clicking "Delete Account" in settings instantly sweeps your public identity keys and blind index hashes from our server, wiping the profile permanently.

📝 PLAIN-ENGLISH TRANSLATION: Ephemeral messages are wiped from memory instantly once routed. Chats are saved until you delete them. Inactive anonymous accounts are completely deleted after 7 days of inactivity. Clicking "Delete Account" wipes your keys and email hashes instantly.

8. Incident Response & Breach Notification

In the event of a physical server or cloud database breach, the Operator will post a public alert notice on the landing portal.

Because we implement **Zero-Knowledge Blind Indexing**, you are mathematically insulated from credit card theft or cleartext email harvesting. A database breach will only expose salted digests and encrypted ciphertexts, which are cryptographically secure and unreadable by unauthorized parties.

📝 PLAIN-ENGLISH TRANSLATION: If our server is ever hacked, we will post a notice on the homepage. Since we only store scrambled hashes and encrypted chats, hackers cannot read your emails or chats.

OPERATIONAL COMPLIANCE DIRECTIVE

Data Correspondence Contact: BlackBox Support Team

Official Correspondence Email: support@blackbox1to1.com