Privacy

Privacy Policy

Effective June 27, 2026

Ohiyo is built around a simple promise: the hosted server should not be able to read your private messages. This policy explains what the official hosted service at ohiyo.gg, app.ohiyo.gg, and ohiyo.fly.dev handles. If you self-host Ohiyo, your host controls its own data practices.

For a more technical, honest boundary of what Ohiyo protects and what metadata remains, read the public privacy threat model.

What we collect

• Account data: username, display name, password hash, avatar/profile details, linked-device records, sessions, roles, server membership, invites, preferences, and similar app state.
• Encrypted content: message ciphertext, encrypted group/key-backup blobs, file metadata, uploaded files/attachments, emoji, server icons, and other content needed to deliver the service.
• Operational data: IP-derived rate-limit keys, request metadata, logs, crash/error details, abuse-prevention signals, and infrastructure metrics needed to run and secure the service.
• Push notification data: if you enable push, the relay stores device endpoints/tokens, recipient ids, platform type, and delivery timestamps. Push payloads are content-free: they should say only that activity exists, not message text, filenames, channel names, invite codes, or E2E keys.
• Discord import data: if you use Discord import, uploaded/staged import archives and mapped metadata are processed to perform the import. Bot tokens and import internals are treated as private operational data.

What we cannot read by design

Ohiyo uses end-to-end encryption for private message content. The hosted server stores and relays ciphertext; it does not receive the plaintext for encrypted DMs/groups/calls. Some metadata remains necessary to operate the product, such as usernames, server/channel membership, timestamps, routing information, file records, and moderation/admin state.

How we use data

• Provide accounts, servers, messaging, calls, uploads, search/indexing when enabled, Discord import, Instant Servers, and content-free notifications for sleeping servers.
• Secure the service, prevent abuse, debug failures, enforce limits, and maintain backups.
• Communicate service-critical updates or respond to support/security reports.

We do not run advertising, sell personal data, or add third-party analytics trackers to the landing page.

Backups and retention

The hosted production database and uploads are stored on Fly.io infrastructure with volume snapshots enabled. Some data may remain in backups for a limited period even after it is changed or removed from the live service. Ephemeral logs and staged import files may be retained only as needed for operations, safety, debugging, or legal requirements.

Your choices

• You can use the web app, desktop app, or self-host your own Ohiyo server.
• You can use built-in security features such as linked-device management, logout everywhere, local key vault controls, recovery-key backup deletion, disappearing messages, and the dead-man switch where available.
• For hosted-service data questions or deletion requests that are not exposed in the app, open a private security/contact thread through the GitHub repository.

Third-party providers

Ohiyo currently relies on infrastructure providers such as GitHub, Cloudflare, Fly.io, and Apple/GitHub release tooling. Their processing is governed by their own terms and policies.

Changes

We may update this policy as the service moves from launch to broader availability. Material changes will be reflected on this page.