Privacy Policy

Last Updated: January 13, 2026
Version: 1.0

1. Introduction

Welcome to Tuijo's Privacy Policy. Tuijo is a private messaging application designed specifically for couples, featuring advanced end-to-end encryption (RSA-2048 + AES-256).

Your privacy is fundamental to us. This policy explains what data we collect, how we use it, and what rights you have over your personal data.

🔐 Core Principle

Zero-Knowledge Architecture: Thanks to end-to-end encryption, your messages, photos, and documents are readable ONLY by you and your partner. Not even we, the developers, can access your content.

2. Data We Collect

2.1 Encryption System

Tuijo uses an asymmetric key pair encryption system (RSA-2048) to ensure maximum security and privacy:

Personal Private Key: Automatically generated on your device and never shared with the server. It always remains only on your device, protected by the operating system (Keychain on iOS, Keystore on Android). This key is necessary to decrypt the messages you receive.
Public Key (QR Code): Generated together with the private key and shared with your partner via QR code during pairing. This key is used by your partner to encrypt messages intended for you. The public key can be safely shared because it only serves to encrypt, not to decrypt.

Important: We do not store any personal authentication information (email, user ID, password). The system is based exclusively on cryptographic keys generated locally on your device.

2.3 Messages and Content (Encrypted)

Encrypted Messages: Message text encrypted with AES-256
Encrypted Attachments: End-to-end encrypted photos, videos, and documents
TODOs and Reminders: Shared reminders and notes (encrypted)
Metadata: Sending timestamp, message ID, message type (text/attachment/TODO)

Important Note: All content (messages, attachments, TODOs) is end-to-end encrypted. We only store encrypted data that we cannot read without your private keys, which are stored ONLY on your device.

2.4 Technical Data

FCM Token: Token for Firebase Cloud Messaging push notifications, necessary to send notifications when you receive new messages

3. How We Use Data

3.1 Primary Purposes

Provide the Service: Synchronize messages between your devices and your partner's
Notifications: Send push notifications when you receive new messages or reminders
Security: Maintain the integrity and security of the pairing system
Improvements: Fix bugs and improve app features

3.2 What We DON'T Do with Your Data

❌ We don't read your messages (impossible due to E2E encryption)
❌ We don't sell your data to third parties
❌ We don't use your data for advertising or profiling
❌ We don't share your content with anyone (except legal cases, see sec. 5)

4. Encryption and Security

4.1 Encryption Architecture

Tuijo uses a two-tier encryption system:

RSA-2048: For secure exchange of public keys during pairing
AES-256: For encrypting messages and attachments
Unique Key per Message: Each message has a randomly generated unique AES key

🔑 Your Private Keys

Your RSA private keys are stored EXCLUSIVELY on your device using flutter_secure_storage, an encrypted storage system protected by the operating system (Keychain on iOS, Keystore on Android). Not even we can access them.

4.2 Security Measures

HTTPS/TLS: All communications between app and server use secure encrypted connections

5. Data Retention and Deletion

Data deletion can be performed directly from the app by either of the two partners. Both partners have complete control over shared data and can delete it at any time.

6. Contact

For questions or requests about privacy, you can contact us:

Email: info@tuyjo.com

💜 Our Commitment

Privacy is at the heart of Tuijo. We designed the app from scratch with end-to-end encryption to ensure your conversations remain private between you and your partner. We will continue to protect your privacy as a fundamental principle.