Privacy at KYTE

Clear about what KYTE can see.

This notice describes the current technical behavior of the KYTE web application in plain language. It distinguishes encrypted message content from the account and connection data needed to operate the service.

The short version.

The website does not require an account. Message and image contents are encrypted in the browser. The relay still processes technical information needed to connect people and deliver encrypted packets.

No account required

Guest rooms need only a display name. You do not need to provide an email address or phone number.

Content encrypted first

Readable messages and processed images are encrypted on the sender's device before reaching the relay.

No advertising trackers

The current application does not include advertising pixels, behavioral analytics, or third-party social widgets.

What is handled where.

End-to-end encryption protects content, not every piece of operational data. These distinctions matter when deciding whether KYTE is appropriate for a conversation.

Message content

Text and image contents are encrypted before transmission. The relay receives encrypted packets, initialization values, sender and recipient connection identifiers, delivery timing, expiration timing, and packet size. Active-room packets are held temporarily in server memory so connected members can receive them; they are not written to KYTE's account database.

Room information

The relay processes the room identifier, temporary member identifiers, public session and identity keys, approval state, connection tokens, and whether the room creator has ended the session. The invitation secret stays in the URL fragment and is used by the browser rather than sent as a normal server request.

Images

The browser accepts JPEG, PNG, and WebP images up to 5 MB, resizes them, and encrypts the processed result. The relay can observe the encrypted packet's size and timing, but not the readable image.

Data on your device

KYTE stores settings, a guest name, trusted-identity decisions, and optional encrypted message history in browser storage. Persistent account identity keys use the browser's local database. Account real names and email addresses are not copied into browser storage. Clearing site data removes local information and may make trusted contacts see a new identity.

Optional KYTE accounts

If you create an account, the server persistently stores your private real name, encrypted email address, public username, avatar, short status, a generated user identifier, public identity key, passkey public-key material, credential identifiers, signature counters, creation times, and key-transparency records. Room members receive only your username, avatar, status, and verification state. Private passkey material and biometric unlock data remain with your device or passkey provider.

Network and hosting data

KYTE and its hosting infrastructure necessarily receive network requests, which can reveal IP addresses, request timing, browser details, and error information. Hosting providers may process operational logs under their own terms even though KYTE does not currently add a behavioral analytics service.

Retention and control

Rooms are temporary. Accounts are different.

Active-room relay data expires according to message settings, is removed when the room creator ends the session, and is also lost when the in-memory service restarts. A person receiving a message may still copy it, save an image, or take a screenshot before deletion.

Optional account, passkey, and transparency records are persistent. The current early-stage service does not yet provide a self-service account-deletion workflow. Do not create an account unless you are comfortable with those records remaining stored while that workflow is being developed.

Your choices

Ways to reduce what is retained.

  • Use guest mode instead of creating an optional KYTE ID.
  • Leave encrypted message history off in Security settings.
  • Choose a shorter disappearing-message lifetime.
  • End the room when the conversation is finished.
  • Clear KYTE site data from the browser to remove locally stored settings and identity material.
  • Share invitation links only through channels and with people you trust.