Privacy Notice
USER01 is designed to protect message content with client-side encryption while processing limited operational metadata needed to run the service.
Not Designed To Receive
- Plaintext message bodies.
- Plaintext attachment bodies.
- PINs, seed phrases, wallet private keys, or local vault private keys.
- Central account credentials for normal chat.
May Process
| Category | Examples | Purpose |
|---|---|---|
| Local identity and wallet data | Local USER01 address, connected wallet address, signatures, public keys, safety fingerprints. | Authentication, key exchange, subscription activation, fraud prevention, and integrity. |
| Relay metadata | Peer IDs, privacy labels, timestamps, message size, quota counters, rate limits, delivery errors. | Routing, quotas, reliability, security controls, and abuse prevention. |
| Network/security data | IP-level connection data, WebSocket events, blocked actions, admin or monitor audit events. | Security, incident response, legal compliance, service integrity, and diagnostics. |
| Subscription data | Arbitrum transaction hash, subscription status, expiry timestamp, contract reads, payment wallet. | Paid access, support, contract-state reconciliation, and dispute review. |
Local Device Risk
A compromised device, browser, extension, wallet, or unlocked session can expose data locally. USER01 cannot protect content after it is decrypted on a user device.
Security Measures
- Client-side encryption before relay submission.
- Signed PFS key bundles, P-384 ECDH, HKDF, AES-256-GCM, and authenticated message binding for new messages.
- Local encrypted vault protected by a user PIN.
- Content-blind relay posture for message and attachment bodies.
- Rate limits, quotas, proof-of-work controls, and privacy-preserving operator telemetry.