Privacy Policy

Last updated: June 2026

Our philosophy

The less data we have about you, the better.

We built clyr in Canada because we believe you should own your conversations, not us. We don't want to know what you're talking about. We don't want to store your messages. We just want to give you a place where you belong.

We comply with Canada's privacy laws, including PIPEDA, and applicable provincial privacy laws. You can request access to, correction of, or deletion of the personal information we have about you. See privacy@clyrzones.com.

What we collect

We collect the absolute minimum:

  • Account information: Email, username, password (hashed), and optional profile fields if you add them.
  • 2FA secret: Encrypted if you enable two-factor authentication.
  • Session tokens: Temporary, expire after 30 days.
  • Zone memberships: So we can show you the right channels.

What we don't collect

  • Messages: Stored temporarily; we don't read or log them.
  • Voice calls: We don't record or store audio.
  • Location, device fingerprints, or tracking: None.

How messages work

Messages are delivered in real-time. They pass through our infrastructure but we don't store, log, or read them. Once delivered, they're gone from our systems.

Data retention & deletion

Account data stays while you have an account. Delete your account and we delete everything - email, password hash, 2FA secret, session tokens, zone memberships.

Third parties

We don't sell your data. Cloudflare is our infrastructure provider. See Cloudflare Privacy Policy. We comply with valid legal requests as required by Canadian law.

Security

Passwords hashed with PBKDF2-SHA256. 2FA secrets encrypted. All connections use HTTPS/TLS. The best security is not having data to steal.

GDPR & international users

If you are in the European Union, European Economic Area, or United Kingdom, the following also applies in addition to our Canadian privacy practices:

  • Legal bases: We process account data to perform our contract with you (providing clyr). Essential cookies and security logs rely on legitimate interests. Analytics, if enabled, requires your consent.
  • Your rights: You may request access, rectification, erasure, restriction, portability, or object to processing. You may withdraw consent at any time and lodge a complaint with your local supervisory authority.
  • Data location: clyr runs on Cloudflare's global network. We do not guarantee EU-only storage today; if you need EU residency, contact us before using the service.
  • Retention: Account data is kept while your account is active. Messages are ephemeral by design. Deletion requests are fulfilled after verification.
  • Automated decisions: Moderation tools may restrict accounts automatically; you may appeal via Data & account requests.

To exercise your rights, email privacy@clyrzones.com or use our deletion request form (no sign-in required).

Cookies & analytics

Essential cookies keep you signed in and remember preferences. Non-essential analytics cookies are off by default until you choose “Accept all” in our cookie banner. You can change your choice by clearing site data or contacting us.

Contact

Questions? Contact us about privacy or email privacy@clyrzones.com