Privacy Policy
Last updated: January 2026
Our philosophy
The less data we have about you, the better.
We built clyr in Canada because we believe you should own your conversations, not us. We don't want to know what you're talking about. We don't want to store your messages. We just want to give you a place where you belong.
We comply with Canada’s privacy laws, including PIPEDA (the Personal Information Protection and Electronic Documents Act), and applicable provincial privacy laws.
Under these laws, you can request access to, correction of, or deletion of the personal information we have about you (which we keep intentionally minimal). See privacy@clyrzones.com.
What we collect
We collect the absolute minimum:
- Account information: Email address, username, password (hashed), and optional profile fields (display name, bio, avatar URL) if you choose to add them.
- 2FA secret: If you enable two-factor authentication, we store your encrypted authenticator secret. We can't see your codes.
- Session tokens: Temporary tokens so you stay logged in. They expire after 30 days.
- Zone memberships: Which zones you belong to (so we can show you the right channels).
What we don't collect
We don't collect:
- Messages: Messages are stored temporarily in the database so you can see recent chat history. We don't read them, and we can delete old messages to minimize what we keep. Messages are tied to channels, not stored indefinitely.
- Voice calls: We don't record your voice. We don't store audio. We just connect you.
- Zone activity: We don't track what zones you join, how long you stay, or who you talk to.
- Location data: We don't collect or store your location.
- Device information: We don't fingerprint your device or browser.
- Analytics: We don't use tracking pixels, cookies for advertising, or third-party analytics that follow you around the web.
How messages work
Your messages are delivered in real-time. They pass through our infrastructure to get to the recipient, but we don't store them. We don't log them. We don't read them. Once delivered, they're gone from our systems.
Think of it like a phone call: the signal goes through the network, but the phone company doesn't keep a recording. Same idea.
Zones
We use "zones" instead of servers. Zones are your communities. We store basic zone metadata (name, description) but we don't track who's in which zone or what happens there.
Data retention
We keep your account data as long as you have an account. If you delete your account, we delete everything:
- Email and password hash
- 2FA secret
- All session tokens
- Zone memberships
Since we don't store messages, there's nothing to delete there.
Third parties
We don't sell your data. We don't share it with advertisers. We don't give it to data brokers.
The only third parties we work with are:
- Cloudflare: Our infrastructure provider. They process network traffic so clyr can work globally. We configure our systems to minimize what’s collected, and we do not store message contents.
- Authenticator apps: If you use 2FA, your authenticator app (Google Authenticator, Authy, etc.) generates codes. We don't see those codes.
Cloudflare has its own privacy and data handling practices. You can read their policies here:
Legal requests
We’re based in Canada. If we receive a valid legal request, we’ll comply as required by applicable Canadian law. But since we don’t store messages or logs, there’s usually nothing to provide beyond basic account information (email address).
Security
We use industry-standard security:
- Passwords are hashed with PBKDF2-SHA256
- 2FA secrets are encrypted
- All connections are encrypted (HTTPS/TLS)
- Session tokens are cryptographically random
But the best security is not having data to steal in the first place.
Changes to this policy
If we change this policy, we'll update the date at the top. We won't make you agree to new terms retroactively.
Contact
Questions about privacy? Email us at privacy@clyrzones.com
If you want to make a privacy request (access, correction, deletion), email privacy@clyrzones.com and we’ll help.