We built TavKey with privacy at its core. The sections below explain exactly what data the app uses, where it goes, and why.
What we collect
No personal information. TavKey does not collect, store, or transmit any personal information about you. There is no account to create, no sign-up, no profile.
We do not use advertising SDKs or usage tracking. The one thing we do collect is anonymous crash diagnostics, to fix bugs - this is on by default and you can turn it off at any time. See Crash reports below.
How the signal works
The TavKey signal is generated entirely on your device. It combines a private family secret with the current time to produce a color, an animal image, and a number - all without contacting any server.
Because all trusted family phones share the same secret and use the same clock, they all show the same signal at the same time. No server is involved in computing or displaying the signal.
Pairing new phones
When you add a new family phone, both devices need to securely share the family secret. This happens in person, using Bluetooth when available, or a short code as a fallback.
During pairing, a blind relay server helps coordinate the initial handshake. It forwards encrypted bytes between the two phones and cannot read any of the contents - it only sees ciphertext. All data on the relay is discarded immediately after pairing completes.
Data stored on your device
- Family name - stored in plain text (non-sensitive label you chose).
- Family secret - encrypted with AES-256-GCM and protected by your device's hardware security module (Android Keystore). It never leaves your device in a readable form.
- Time offset - a small adjustment cached from a standard time-sync check, to keep your clock accurate.
Automatic cloud backup (Google Backup) is explicitly disabled for the family secret. It exists only on your device.
Network connections
TavKey connects to the internet for three purposes:
- Pairing relay - a Cloudflare-hosted relay used only during the few seconds of in-person pairing. Connection closes when pairing finishes.
- Time sync - a standard NTP request to
time.google.comto keep device clocks aligned. This is a 48-byte packet with no identifying information, identical to millions of other NTP requests sent every day. - Crash reports - if crash reporting is enabled (the default, and you can turn it off), a diagnostic report is sent to our error-monitoring provider (Sentry, EU servers) when the app crashes. See below.
Aside from these, the app makes no other network requests - no advertising, no usage tracking, no background connections.
Crash reports
To find and fix bugs, TavKey sends an anonymous diagnostic report when the app crashes. This is on by default so we can catch problems that happen during setup, but you can turn it off any time in the app under About → Send crash reports.
A crash report contains only technical details: what went wrong (the error and the code path that led to it), the app version, and your device's Android version and model. It deliberately does not include any personal information, your IP address, screenshots of your screen, or any part of your family secret or pairing data - those are stripped before anything is sent.
Reports are processed by Sentry on servers in the EU. If you prefer to send nothing at all, switch the setting off.
Permissions
TavKey requests two permissions:
- Internet - for the pairing relay, time sync, and crash reports described above.
- Bluetooth - to detect and communicate with a nearby phone during in-person pairing.
TavKey does not request access to your camera, microphone, contacts, SMS messages, or location.
Third-party code
TavKey uses only a small number of well-established Android libraries: Jetpack components, OkHttp for networking, Google's Tink library for cryptography, and Sentry for the opt-out crash reporting described above. No advertising or usage-tracking SDKs are included.
Children's privacy
TavKey does not collect any information from anyone, including children.
Contact
Questions about this policy? We're happy to answer.
Email: [email protected]