← Only Humans
Privacy Policy
Effective February 28, 2026
Only Humans is built to know as little about you as possible. We don't collect your name, email, phone number, or any personal information to create an account.
1. Who We Are
Only Humans is developed by Jack Aksay. For questions about this policy, contact jack@aksay.co.
2. Information We Do Not Collect
- No personal identifiers — no name, email, phone number, or date of birth required
- No message content — all messages are end-to-end encrypted; the server cannot read them
- No biometric data — face detection runs entirely on your device via ARKit and is never transmitted, stored, or processed server-side
- No analytics or tracking — we do not use any third-party analytics, advertising SDKs, or tracking pixels
- No location data — the app does not request or access your location
3. Information We Store
The following data is stored on our server solely to operate the messaging service:
- Anonymous device credential — a cryptographic identifier generated by Apple Passkeys, not linked to your Apple ID or personal identity
- Display name — a name you choose, which can be changed at any time and does not need to be real
- Device attestation data — Apple App Attest tokens that verify your device is genuine; this contains no personal device information
- Push notification token — an Apple APNs token used only to deliver notifications; revoked when you uninstall the app
- Encrypted messages — stored as opaque encrypted blobs that the server cannot decrypt; automatically purged after 30 days
- Encrypted media — images you send are encrypted and stored temporarily; automatically purged after 30 days, subject to a 50 MB per-user quota
- Avatar images — profile and room images stored on the server filesystem; deleted when you change them or if your account is removed
- Public encryption keys — used for end-to-end key exchange between room members
4. Face Detection
Only Humans uses Apple's ARKit TrueDepth camera to verify a live human face is present when sending and reading messages. This is a core privacy feature, not surveillance:
- Face detection runs entirely on-device
- No facial geometry, images, or biometric data is ever transmitted to our server or any third party
- No facial data is stored anywhere — not on device, not on the server
- The camera feed is processed in real-time and immediately discarded
5. End-to-End Encryption
All messages and media are encrypted on your device before being sent, using AES-256-GCM with keys exchanged via HPKE. The server operates as a relay — it stores and forwards encrypted data it cannot read. Room keys are rotated when members leave.
6. Content Moderation
To prevent abuse, outgoing messages are checked against a blocklist on the server at send time only — after the plaintext leaves your device but before delivery. The server does not retain, log, or analyze message content beyond this instant check. No messages are stored in plaintext.
7. Data Retention
- Messages: automatically deleted after 30 days
- Media: automatically deleted after 30 days
- Avatars: persist until replaced or account deletion
- Device credentials: persist until account deletion
- Invite codes: stored ephemerally and deleted after use
8. Third Parties
We use the following Apple platform services, subject to Apple's Privacy Policy:
- Apple Push Notification service (APNs) — to deliver message notifications
- Apple App Attest & DeviceCheck — to verify device authenticity
- Apple Passkeys (WebAuthn) — for anonymous authentication
We do not share data with any other third parties. We do not sell data. We do not serve ads.
9. Your Rights
Because we collect minimal data:
- There is no personal data profile to export — your identity is an anonymous cryptographic key
- You can change your display name at any time
- You can leave any room, which removes your membership and triggers key rotation
- You can request account deletion by contacting jack@aksay.co — this will remove your credential, all stored keys, avatar, and any association with rooms
10. Children
Only Humans is not directed at children under 13. We do not knowingly collect information from children. Because no personal information is collected during registration, there is no age verification mechanism beyond Apple's device-level parental controls.
11. Changes to This Policy
We may update this policy from time to time. Changes will be posted at this URL. Continued use of the app after changes constitutes acceptance.
12. Contact
Jack Aksay — jack@aksay.co