Privacy Policy
Last updated: March 11, 2026
Yap ("we", "our", "the app") is a voice calling application operated by Odd Tech, Inc. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.
The short version: Your chat messages and DMs are end-to-end encrypted — our servers cannot read them. Voice and screen shares are encrypted in transit using standard WebRTC encryption (DTLS-SRTP). We store as little data as possible, and what we do store does not include your email address in plaintext.
1. Encryption
Chat messages & DMs — end-to-end encrypted
- In-call chat messages — encrypted on your device before being sent. Our server only forwards ciphertext it cannot read.
- Direct messages — each user has a long-term ECDH key pair (stored in your browser's IndexedDB). When you message a friend, your browser derives a shared key from your private key and their published public key, then encrypts the message with AES-256-GCM before sending. The server relays only ciphertext — it cannot read your DMs.
How chat E2E works
- Each call participant generates an ephemeral ECDH key pair (Elliptic Curve Diffie-Hellman) when joining
- Participants exchange public keys via the signaling server to derive a shared group key
- Chat messages are encrypted using AES-256-GCM with the shared group key
- Keys are rotated when participants join or leave
- The signaling server forwards encrypted key material but cannot decrypt it
Voice & screen shares — transport encrypted
Voice audio and screen shares are encrypted in transit using standard WebRTC encryption (DTLS-SRTP). This means data is encrypted between your device and our server, and between our server and other participants. Our SFU server processes encrypted media streams — it does not record, store, or log any audio or video content. End-to-end media encryption is planned for a future release.
What this means
Our servers cannot read your chat messages or DMs — those are end-to-end encrypted. Voice and screen share data is encrypted in transit but is decrypted at our relay server during forwarding. No audio, video, or screen share content is ever stored, recorded, or logged. There is no "backdoor" or admin override for chat or DM content.
2. Data We Collect
We collect as little as possible. Yap is designed to be privacy-first.
Account data (if you sign up)
- Email address — used for magic-link login. We never ask for a password. Your email is hashed (one-way, irreversible) after account creation. We do not store your email address in plaintext. The hash is used only for deduplication — to prevent multiple accounts with the same email.
- Display name (handle) — the name shown to other participants. You choose this yourself.
- Theme color — your chosen accent color.
- Avatar URL — an optional profile image URL you provide.
Social features
- Friends list — mutual friend connections you explicitly create.
- Call frequency — a counter of how many times you've called each friend, used to sort your recents. No call content is stored.
- Groups — groups you explicitly create to call specific sets of friends. You can rename, customize, or delete groups at any time. Group names and avatar settings are per-user — other members don't see your customizations.
Direct messages
- DMs are ephemeral — direct messages between friends are delivered in real time over WebSocket connections and are not stored on the server. If the recipient is offline, the message is not queued or saved. Message history exists only in browser memory and is lost when you close or refresh the tab.
What we do NOT collect
- No analytics or usage tracking
- No advertising cookies or third-party trackers
- No call recordings — voice, video, and screen-share data is never stored
- No message history — chat is encrypted and ephemeral
- No plaintext emails — only a one-way hash is retained
3. How Calls Work
Yap uses an SFU (Selective Forwarding Unit) architecture. Your audio and screen shares are encrypted in transit via DTLS-SRTP, sent to our server, and forwarded to other participants in real time. Media is held only in memory during the call and is never recorded, stored, or logged.
To establish connections, the following transient data passes through our signaling server:
- Display name — shown to other participants.
- E2E public key — your ephemeral ECDH public key, exchanged so participants can derive a shared encryption key.
- Connection metadata — WebRTC signaling data (SDP, ICE candidates) needed to establish media streams.
- IP address — visible to our server in standard HTTP/WebSocket connections. When calls use our TURN relay, your IP is also handled by our self-hosted relay server.
4. Cookies & Local Storage
- host_session (cookie) — a signed session token for authentication. HttpOnly, Secure, expires after 30 days.
- Device ID (localStorage) — a random UUID generated in your browser, used to identify your device for room continuity.
- Display name (localStorage) — your last-used name, so you don't have to re-enter it.
- E2E key pair (IndexedDB) — your long-term ECDH key pair for chat/DM encryption is stored in your browser's IndexedDB. Ephemeral session keys exist only in memory. Keys are never sent to our server in a form we can read.
- Session data (sessionStorage) — temporary room state so you can rejoin after a page refresh. Cleared when you close the tab.
We do not use cookies for tracking or advertising.
5. Push Notifications
If you opt in, we send push notifications for incoming calls using your browser's built-in push service (e.g. Google's for Chrome, Mozilla's for Firefox). We store your push subscription endpoint and keys. No third-party notification service is used — notifications are sent directly from our server using the VAPID standard.
6. Payments
Pro subscriptions are processed by Stripe. We share your email hash with Stripe to create a billing account. All payment details (card numbers, billing address) are handled entirely by Stripe and never touch our servers. We store only your Stripe customer ID and subscription status.
7. Desktop Application
The Yap desktop app is a thin wrapper around the web application. It does not collect any additional telemetry, crash reports, or usage data.
- Custom protocol — the app registers
yap:// as a URL handler so invite links can open directly in the app.
- Auto-update — the app checks our server for new versions. Only standard HTTP request data (IP, user agent) is involved.
- Screen sharing — screen and window capture is processed locally on your device. Captured content is encrypted on your device and sent only to call participants via the SFU.
8. Email
We send transactional emails (one-time login codes) via Postmark. Your email address is shared with Postmark solely for email delivery. Postmark does not log or retain email addresses or message content after delivery. After your account is created, your email is hashed and the plaintext is discarded from our database. We do not send marketing emails.
9. Third-Party Services
- Stripe — payment processing (privacy policy)
- Postmark — transactional email delivery. Postmark does not log email addresses or message content after delivery (privacy policy)
- Google Fonts — typeface loading. Google may collect standard request data (IP, browser info) when fonts are loaded (privacy policy)
- Slack — internal alerting. When you submit a bug report, diagnostic data (browser, OS, room ID, session ID, connection state, and any JS errors captured in your session) is forwarded to our private Slack workspace for debugging. Your IP address is not included in this data. No personally identifying information is shared.
We do not use any analytics, advertising, or tracking services.
10. TURN Relay Server
When a direct connection between you and our SFU cannot be established (due to firewalls or NAT), your media is relayed through our self-hosted TURN server. This server is operated by us on our own infrastructure — no third-party relay service is involved. Relay credentials are ephemeral and expire after 12 hours. All relayed media is encrypted in transit via DTLS-SRTP.
11. Data Retention
- Call data — not retained. Encrypted media exists only in memory during the call.
- Chat messages — not retained. Encrypted messages are forwarded in real time and never written to disk.
- Direct messages — not retained. Ephemeral, delivered only while both parties are online.
- Room metadata — purged within 24 hours of the last participant leaving.
- Account data — retained while your account is active. Your email is stored only as an irreversible hash. You can request full account deletion at any time.
- Guest data — display names and device identifiers for room continuity can be cleared on request.
12. Security Practices
- No plaintext email storage — emails are one-way hashed after account creation.
- No password storage — we use magic-link authentication. There is no password to leak.
- HttpOnly, Secure cookies — session tokens cannot be read by JavaScript and are only sent over HTTPS.
- Rate limiting — API endpoints are rate-limited to prevent abuse.
- Self-hosted infrastructure — our SFU, TURN relay, and signaling servers run on infrastructure we control. No third-party real-time communication services are involved.
- Open protocol — Yap uses standard WebRTC (DTLS-SRTP) for media transport. Chat and DM encryption uses AES-256-GCM with ECDH P-256 key exchange, provided by the Web Crypto API built into your browser.
13. Age Requirement
Yap is intended for users 18 and older. We do not knowingly collect information from anyone under 18. If we learn that a minor has provided personal data, we will delete it promptly.
14. Changes to This Policy
We may update this policy from time to time. Changes will be reflected by the "Last updated" date above.
15. Contact
Questions? Reach us at team@odd.tech.
← Back to Yap