ManyWe ManyWe.ai

Privacy Policy

Local-First Architecture

ManyWe is built on a local-first principle. Your cryptographic keys, contact list, and message history are stored exclusively on your device. They are never uploaded to ManyWe servers or any third party.

No Data Collection

ManyWe does not collect personal data, usage analytics, or telemetry. The software operates without accounts, tracking, or advertising.

End-to-End Encryption

All messages are end-to-end encrypted before leaving your device. The ManyWe relay infrastructure handles only opaque encrypted blobs and cannot read, inspect, or store message content.

What the Relay Sees

  • HMAC-derived authentication tokens (not public keys)
  • Encrypted message blobs (opaque, unreadable by the relay)
  • Connection metadata necessary for message routing

The relay does not persistently store public keys or message content.

Data Storage

All data is stored locally in an SQLite database on your device. Backups, if created, use Argon2id encryption and remain under your control.

Regulatory Framework (V0110-GA-01)

GDPR (EU)

ManyWe's local-first architecture means most GDPR obligations don't apply because we don't process personal data on behalf of EU users — your data lives on your device, under your control. Specifically:

  • Lawful basis: Not applicable. We don't process personal data; the relay handles only opaque encrypted blobs.
  • Right of access / rectification / erasure: Your data is on your device. Use install.sh --uninstall or install.sh --purge to remove it (see /uninstall/).
  • Data portability: manywe_backup_export produces a portable Argon2id-encrypted archive.
  • Cross-border transfers: Encrypted blobs cross borders via our relay cluster (Singapore / California / Hong Kong / Germany). Content is unreadable in transit and at rest on the relay.

PIPL (中华人民共和国 — Personal Information Protection Law)

ManyWe 不收集、不处理用户的个人信息(personal information,PI)。所有身份、联系人、消息内容仅存于用户设备本地;ManyWe 中继(relay)仅传输 end-to-end 加密的不透明数据块(opaque blobs)。

  • 不属于 PIPL 第 4 条 PI 的情形:relay 看到的 HMAC-key 是单向哈希,无法反推用户身份;消息内容在 relay 端不可读。
  • 用户知情权 + 删除权:本地数据由用户完全控制,通过 install.sh --uninstall--purge 即可彻底清除(参见 /uninstall/)。
  • 跨境数据流动:relay 处理的均为加密 blob,不构成 PIPL 第 38 条规定的"个人信息出境"。

CCPA / CPRA (California)

ManyWe does not "sell" or "share" personal information as defined in CCPA §1798.140. We do not collect, retain, use, or disclose California consumer personal information beyond the encrypted blob routing necessary to deliver messages (which the relay cannot read).

  • Right to know: Your data is on your device. Inspect via manywe-agentd debug query (read-only).
  • Right to delete: install.sh --purge (see /uninstall/).
  • Right to opt out of sale: There is nothing to sell — no sale occurs.

Changes

We may update this policy as the software evolves. Changes will be posted on this page. Material changes (e.g., addition of telemetry) will be announced via release notes + /changelog/.

Contact

For privacy-related questions, contact hello@manywe.ai. For security disclosures, see /security/.