🇳🇱
Bixby

Privacy Policy

GDPR compliant

Bixby is designed with privacy as its foundation. This privacy policy explains what data is processed, how it is stored, and what rights you have. Bixby collects as little data as possible and has no access to the content of your messages.

Zero-Knowledge Architecture

Bixby uses a zero-knowledge architecture. This means the server can never read the content of your messages. All encryption happens locally in your browser using AES-256-GCM via the Web Crypto API. The decryption key is never sent to the server. Instead, it is stored in the URL fragment (after the #). According to RFC 3986, URL fragments are not included in HTTP requests. The server therefore only receives and stores encrypted blobs.

What data is processed

Bixby processes as little data as possible. Here is what is stored:

  • Encrypted message blobs: unreadable by the server, stored as files (no database).
  • Functional cookies: language preference (bixby_lang) and theme setting (bixby_theme). No tracking cookies.
  • No accounts, no passwords, no email addresses, no personal identification.

What we do NOT collect

  • No IP addresses in application logs.
  • No message content (only encrypted blobs, unreadable by the server).
  • No analytics, no tracking scripts, no Google Fonts (fonts are self-hosted).
  • No third-party scripts or external services.
  • No user accounts or registration.

Cookies

Bixby only uses functional cookies. No tracking cookies, advertising cookies, or analytics cookies are placed.

  • bixby_lang Stores your language preference (Dutch or English). Valid for 30 days. Functional.
  • bixby_theme Stores your theme setting (light or dark). Functional.

Both cookies are strictly functional and fall under the cookie law exemption. No consent is required for functional cookies.

Storage and retention

Messages are stored as encrypted files on the server (file-based, no database). The retention policy is as follows:

  • Burn-after-read: messages are deleted immediately after reading. The link works only once.
  • Configurable expiry: the sender can set an expiry time. The message is automatically deleted after expiration.
  • Maximum retention: unread messages without an expiry are automatically cleaned up after a maximum of 30 days by a scheduled task.

Server location

The Bixby server is located in the Netherlands, within the European Union. All data stays within the EU and falls under the GDPR (General Data Protection Regulation) and Dutch privacy laws.

Third parties

Bixby does not share data with third parties. No third-party scripts are loaded, no external analytics are used, and no advertising networks are enabled. Fonts are self-hosted (no Google Fonts). SSL/TLS certificates are provided by Let's Encrypt.

Your rights

Since Bixby does not collect personal data and has no accounts, there is no personal data to view, modify, or delete. Messages are automatically deleted after reading or after the retention period. If you have questions about your rights under the GDPR, please get in touch.

Contact

For questions about this privacy policy or about data processing, you can reach us at: privacy@bixby.nl

Changes

This privacy policy may be updated. The last change was on March 24, 2026. Significant changes will be announced on the website.

← Back to How It Works