Privacy isn't optional — it's built into every layer of Tinq. Here's how we protect your conversations, identity, and data.
Security Highlights
End-to-end encryption (E2EE): All messages are encrypted client-side using our own bespoke encryption methods meaning youre messages are encrypted before ever leaving your device.
Master key system: An optional encryption layer adds personal key-based access control to your messages and devices.
Secure session management: Authenticated via secure, rotating tokens stored in HttpOnly cookies to prevent XSS attacks.
CSRF protection & headers: Built-in CSRF token validation and hardened HTTP security headers ensure resistance to web-based attacks.
Zero-knowledge message storage: We don't have access to your data. Our servers function purely as relay servers, ensuring that we never receive or have visibility into your encrypted or decrypted messages.
Self-destructing messages: All messages auto-delete after 24 hours, with no recoverable logs.