TilliT Icon

Privacy Policy

How TilliT handles data, security, and app permissions.

Last updated: January 2026

For questions: privacy@tillit.cc

Data collected

Data stored locally on the device

  • Messages: All messages are stored in encrypted form in your device's local database
  • Cryptographic keys: Signal Protocol keys are generated and stored exclusively on your device
  • Profiles: Usernames chosen for various rooms are saved locally
  • Images: Shared images are stored in encrypted form

Data transmitted to servers

  • Encrypted messages: Messages are transmitted in end-to-end encrypted form. The server acts only as a relay and cannot decrypt the content
  • Public keys: Only public keys necessary to establish secure sessions are shared
  • Minimal metadata: Sending timestamps, room and user identifiers

Data we DO NOT collect

  • Plain text message content
  • Phone address book or contacts
  • GPS location (unless you choose to share it)
  • Usage data for advertising purposes
  • Unnecessary personally identifiable information

Multi-server architecture

TilliT supports a multi-server architecture. This means:

  • You can connect to independent servers managed by people you trust (friends, family, organizations)
  • Each server owner has complete control over their own data
  • Data is not centralized in a single infrastructure
  • You can switch from one server to another while keeping the same app

Responsibility for managing data on the server lies with the server owner themselves. We recommend connecting only to servers you trust.

End-to-end encryption

TilliT uses Signal Protocol, the same encryption standard used by apps like Signal and WhatsApp. This guarantees:

  • Perfect Forward Secrecy: Even if a key were compromised, past messages remain protected
  • Asymmetric encryption: Each session uses unique keys
  • Identity verification: Public keys can be verified to prevent man-in-the-middle attacks
  • Local encryption: Messages are encrypted on your device before transmission

App permissions

TilliT requires the following permissions, used exclusively for the indicated functionalities:

  • Camera: To take and share photos in chats
  • Gallery/Photos: To select existing images to share
  • Internet: For communication with servers and message exchange
  • Notifications: To alert you of new messages (optional)

Data deletion

You have full control over your data:

  • Room deletion: You can delete any room at any time. This removes all associated messages from your device
  • Uninstallation: Uninstalling the app completely removes all local data, including cryptographic keys
  • Server data: Encrypted messages on the server can be deleted by contacting the server administrator

Minors

TilliT is not intended for children under 13 years of age. We do not knowingly collect personal information from children under this age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to the privacy policy

We may update this Privacy Policy periodically. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We recommend checking this page periodically for any changes. Changes to this Privacy Policy are effective when posted on this page.

Contact

For any questions about this Privacy Policy or the processing of your data, you can contact us:

Legal basis (GDPR)

For users in the European Union, the legal basis for data processing is:

  • Contract performance: Processing is necessary to provide you with the messaging service
  • Consent: For optional features such as push notifications
  • Legitimate interest: To improve security and prevent abuse

You have the right to access, rectify, delete, and port your data, as well as to object to processing. To exercise these rights, contact us at the address above.