Privacy Policy

Last updated: November 21, 2025

Our Commitment to Privacy

PushTalk is built with privacy as a core principle. We believe in minimal data collection and maximum user privacy. This policy explains what data we collect (spoiler: very little) and how we handle it.

1. Information We DO NOT Collect

We want to be clear about what we DON'T do:

  • ❌ We do NOT record your voice conversations
  • ❌ We do NOT store your audio data
  • ❌ We do NOT track your location
  • ❌ We do NOT collect personal information (email, phone, etc.)
  • ❌ We do NOT sell your data to third parties
  • ❌ We do NOT use analytics or tracking cookies

2. Information We Collect

We collect minimal information necessary for the service to function:

Display Name (Temporary)

Your chosen display name is stored temporarily in your browser and in server memory while you're in a room. It's deleted when you leave.

Room Codes (Temporary)

Room codes exist only while the room is active. They're deleted when all users leave.

Browser Preferences

We store your preferences (dark mode, recent rooms) in your browser's local storage. This data never leaves your device.

Connection Metadata

Basic connection data (Socket.IO session IDs) to maintain real-time communication. This is deleted when you disconnect.

3. End-to-End Encryption (E2EE)

All voice communications on PushTalk are protected with End-to-End Encryption:

  • 🔐 Your voice is encrypted on your device before transmission
  • 🔐 Encryption keys are generated locally and never sent to our servers
  • 🔐 Only participants in your room can decrypt the audio
  • 🔐 We use AES-256-GCM encryption (military-grade security)
  • 🔐 Even our servers cannot access your conversations
  • 🔐 Zero-knowledge architecture - we have no access to your encryption keys

What this means for you: Your conversations are completely private. Not even PushTalk administrators can listen to your calls. Only the people in your room have the keys to decrypt and hear the audio.

4. How Audio Works (Peer-to-Peer)

Your voice data is transmitted using WebRTC technology:

  • ✅ Audio goes directly from your device to other users' devices (peer-to-peer)
  • ✅ Audio does NOT pass through our servers (except for signaling)
  • ✅ Audio is NOT recorded or stored anywhere
  • ✅ Conversations are ephemeral (exist only in real-time)
  • ✅ All audio streams are encrypted end-to-end

5. Microphone Access

PushTalk requires microphone access to function. Your browser will ask for permission before granting access. You can revoke this permission at any time through your browser settings. We only access your microphone when you explicitly enable audio in a room.

6. Data Storage

All data storage is temporary and minimal:

  • Server memory: Room data exists only while users are connected
  • Browser storage: Preferences stored locally on your device only
  • No databases: We don't use any permanent data storage

7. Third-Party Services

PushTalk uses the following third-party services:

  • Vercel (hosting) - for serving the application
  • Railway (hosting) - for WebSocket server
  • WebRTC (browser API) - for peer-to-peer audio

These services may have their own privacy policies. We recommend reviewing them.

8. Children's Privacy

PushTalk is intended for users aged 13 and older. We do not knowingly collect information from children under 13. If you believe a child under 13 has used our service, please contact us.

9. Security

We use industry-standard security measures including HTTPS encryption for all connections. However, no method of transmission over the internet is 100% secure. Use PushTalk at your own risk.

10. Your Rights

You have the right to:

  • Clear your browser's local storage at any time
  • Revoke microphone permissions through browser settings
  • Stop using the service at any time
  • Request information about data we may have (though we have very little)

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page.

12. International Users & GDPR Compliance

For users in the European Union (GDPR) and California (CCPA):

  • Right to Access: You can request what data we have (minimal as described above)
  • Right to Deletion: You can clear browser storage and leave rooms at any time
  • Right to Portability: Browser preferences can be exported from local storage
  • Right to Object: You can stop using the service at any time
  • Data Minimization: We only collect what's necessary for the service
  • No Automated Decision Making: We don't use AI or algorithms on your data

Since we don't store personal data permanently, most GDPR/CCPA requests are automatically satisfied by our privacy-first architecture.

13. California Privacy Rights (CCPA)

California residents have additional rights under CCPA. However, since we don't sell personal information and collect minimal data, most CCPA provisions don't apply. We do not sell or share your personal information for monetary or other valuable consideration.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us through our GitHub repository at: github.com/lahcen001/pushtalk.online

🔒 Privacy Summary

TL;DR: We don't record your conversations, we don't store your data, and we don't track you. PushTalk is designed to be as private as possible while still functioning as a communication tool.