The short version
- No analytics, telemetry, or tracking of any kind
- No accounts, cookies, or personal data collected
- End-to-end encrypted — relay never sees plaintext
- Fully open source and auditable
Legal
Privacy Policy
Built so we cannot access your data.
Last updated: March 2026
Architecture
Zero-Knowledge Architecture
The relay server is mathematically unable to access your data. All files are encrypted end-to-end in your browser before transmission using post-quantum cryptography. The relay only ever handles encrypted ciphertext.
This is not a policy decision — it is an architectural one. Even if the relay were fully compromised by an attacker, your files remain protected. The server cannot decrypt your files, read filenames, inspect file contents, or access encryption keys. The math guarantees it.
Data Collection
What we do not collect
- IP addresses or connection metadata
- Transfer history, filenames, or file sizes
- Usage analytics, telemetry, or crash reports
- Cookies, browser fingerprints, or tracking pixels
- Account information — there are no accounts
Browser
Web Application
The Tallow web app runs entirely in your browser via WebAssembly. Cryptographic keys are generated locally and never transmitted to any server. Session keys exist only in browser memory and are zeroed on disconnect.
No data is stored on remote servers. Local storage is session-scoped and cleared when you close the tab. The WASM crypto core runs locally with the same Rust implementations used in the native application.
Infrastructure
Relay Server
The relay server facilitates encrypted connections between peers. Room codes are ephemeral and destroyed after use. No transfer history is retained. No data is written to disk.
If you prefer complete infrastructure control, you can self-host your own relay server. The relay binary is open source and designed to be trivially deployable.
Transparency
Open Source Verification
Tallow is licensed under the GNU Affero General Public License v3.0 . Every line of code is publicly auditable. Our cryptographic implementation uses well-established libraries from the RustCrypto ecosystem.
Legal
Government Requests
We have received zero government requests for user data. Because Tallow uses end-to-end encryption with no data retention, we have no user data to provide. If we ever receive a valid legal request, we will publish details here.
Contact
Get in touch
For privacy-related questions, contact us at tallowteam@proton.me or open an issue on our GitHub repository .