This policy describes how Seylo handles your information. We try to be straightforward — read this in a few minutes and you should know what we do with your data.
At a glance
- Encrypted direct messages are unreadable to us. Group messages are not.
- We don’t sell your data, show ads, track you across the web, or train AI on your messages.
- If someone reports your message, its text is shared with our moderators — even in an encrypted chat.
- When the app crashes, technical diagnostics (including your account ID and IP) go to our error-monitoring provider.
- Chats can be set to delete their own messages. What that can and can’t guarantee is spelled out below.
- You can export your data or delete your account yourself, from Settings.
What we collect
Account information. When you register, we store your username, a one-way hash of your password (bcrypt — we never see your actual password), and your email address. We send a verification link to that email.
Profile information. Anything you choose to add: display name, bio, profile photo, status, birthday. All optional.
Messages and attachments. The messages you send, files you upload, and metadata about who sent what to whom and when. Direct messages between two people are end-to-end encrypted on your devices when you enable encryption; we cannot read those messages even on our servers. Group messages and unencrypted direct messages are stored in plain text on our database so they can be delivered to all members.
Files you upload (images, videos, voice messages) are stored on Cloudinary, a third-party CDN. The URLs are not guessable but they are not authenticated either — anyone with the URL can view the file.
Activity and presence. When you are connected, and when you were last active. You can hide this from others in Settings, but we still record it to operate the service.
Read receipts. Whether and when you have read a message. If you turn read receipts off, we stop showing yours to others and stop showing you theirs — but the underlying position in the conversation is still stored so unread counts work.
Conversation settings. Nicknames you give people, conversations you pin or mute, users you block, and private notes you write about a contact. Private notes are visible only to you.
Sessions and devices. For each active sign-in we store an approximate device description, IP address, and last-used time, so you can review and revoke sessions.
Reports. If you report a user or message, we store the report, your identity as the reporter, and a copy of the reported content. See Reports and moderation.
Notifications. If you enable browser notifications, we store a push subscription token tied to your account so we can notify you of new messages.
Usage and diagnostic data. We log basic information about how the service is used — when you connect, and what errors occurred — so we can keep it running and fix bugs. See Error monitoring.
GIF picker. When you search for GIFs, your search query is sent to Klipy (a third-party GIF provider) through our servers. We do not send Klipy your identity.
What we don’t do
- We don’t track you across other websites.
- We don’t sell your data to advertisers.
- We don’t use your messages to train AI models.
- We don’t show you ads.
- We don’t proactively read your messages. We act on reports.
End-to-end encryption
For direct messages with encryption enabled, messages are encrypted on your device before being sent and only the recipient’s device can decrypt them. Our server stores and relays the encrypted text but cannot read it. You can verify this is working by using the “Verify safety number” feature in any direct conversation.
If you lose access to the device holding your encryption keys, we cannot recover that encrypted history. Nobody can.
Disappearing messages
Any conversation can be given a message lifespan — 1 hour, 24 hours, 7 days, or 30 days. It is off unless someone turns it on. Messages sent while it is on carry their own deadline. When that deadline passes, the message is hidden immediately on every device and deleted from our database within minutes. Attached images and files are destroyed at the same time.
Turning the setting off stops new messages expiring, but does not rescue messages already sent under it. Turning it on never deletes messages sent before it.
Reports and moderation
When you report a message, your app attaches a copy of that message’s text to the report so our moderators can review it.
Reports include who reported whom, the reason given, any details written, and the reported content. We use them only to enforce our Community Guidelines and Terms.
Because a report is one person’s copy of a message, we cannot cryptographically verify that it is unaltered. We take that into account when reviewing.
Error monitoring
To find and fix crashes, we use Sentry, a third-party error-monitoring service. When an error occurs, Sentry receives technical diagnostic data:
- Your account ID and username, so we can tell how many people a bug affects.
- Your IP address, browser or device type, and the request that failed.
- A stack trace: the internal code path that produced the error.
- For a small sample of sessions, and for sessions where an error occurs, a recording of your interaction with the interface. All text, form inputs, and media are masked before the recording leaves your device.
Sentry processes this data on our behalf in the United States. We do not use it for advertising, profiling, or analytics about you.
Where data is processed
Seylo is operated from Bangladesh. Our servers and database run in Singapore. Our error-monitoring provider processes data in the United States. Content delivery and push notifications may be routed through providers in other countries.
If you use Seylo from the EU or UK, this means your data is transferred outside your region. We rely on our providers’ standard contractual clauses and equivalent safeguards for those transfers.
How long we keep data
- Your account and messages: as long as you have an account.
- When you request account deletion, we schedule a permanent purge 7 days later. Signing back in during those 7 days cancels it. After the purge, your account and messages are gone.
- When you delete your account, or a message expires, we destroy the associated images and files. Cached copies at the CDN edge may persist for a short period afterwards.
- A report keeps its copy of the reported message while the report is open, and for 30 days after we resolve it. The copy is then deleted; the record that a report happened is kept, so we can act on repeat behaviour. It may outlive the reported account.
- Messages in a conversation with a lifespan are deleted, along with their images and files, within minutes of expiring.
- Error diagnostics are retained by Sentry on a rolling window, typically 30–90 days, then discarded.
- Server logs: typically rotated within 30 days.
Your rights
You can, from Settings, at any time:
- Change your password, email, and profile.
- Control who can message you, whether your activity is visible, and whether read receipts are shared.
- Review and revoke sessions on other devices.
- Mute or block other users, and decline conversation requests.
- Export a copy of your data.
- Delete your account, with a 7-day grace period to change your mind.
If you’re in the EU or UK, you have additional rights under GDPR and UK GDPR, including access, correction, erasure, portability, objection, and the right to lodge a complaint with your local data protection authority. Contact us to exercise any right the app doesn’t already give you directly.
Children
This service is not intended for users under 13, and you must be at least 13 to create an account. Some countries set a higher minimum age for consent to data processing; where that applies, you must meet that age instead.
If we discover we’ve collected data from a child below the applicable age, we’ll delete it. Sexualised content involving minors is reported to the authorities without exception.
Changes to this policy
We may update this policy. We’ll change the “Last updated” date at the top. For material changes, we’ll notify you in-app.
Contact
Questions about your data? Email us at mdsabbirhowlader420@gmail.com, or see the contact page.
See also our Terms of Service and Community Guidelines.