Zero-Knowledge Architecture

At ModVoice, we operate on a fundamental principle: We cannot sell, lose, or leak data that we do not have.Unlike traditional platforms that act as central intermediaries, ModVoice is engineered as a trustless, cryptographic transport layer.

Peer-to-Peer Routing

Voice and video data are transmitted directly between participants using Mesh WebRTC architecture. Our servers facilitate the initial handshake, but the actual media streams never traverse our backend infrastructure.

DTLS-SRTP & AES-GCM

All real-time media streams are mandatory-encrypted using DTLS-SRTP. Direct messages and file attachments utilize AES-GCM 256-bit encryption with ECDH key derivation, securely locked on your local device.

01. Information Collection & Volatility

ModVoice strictly abides by the principle of data minimization. We only collect the absolute minimum data required to facilitate your connection:

A. Persistent Data (Account Level)

If you choose to authenticate via third-party providers (Google, GitHub, Microsoft), we securely store your email address, display name, and a reference URL to your avatar. You may delete this record at any time.

B. Volatile Data (Signaling Data)

To establish a P2P connection, your device generates ICE candidates and Session Description Protocol (SDP) offers. This metadata is transmitted through our signaling server, held in memory solely for the duration of the handshake, and instantly purged once a connection is established.

C. Uploaded Assets

Static assets that you explicitly choose to make public, such as custom server banners or guild icons, are hosted on secure Cloudflare R2 object storage. These assets are public by nature and do not contain cryptographic material.

D. Anti-Abuse & Security Logging

While we prioritize privacy, we aggressively defend our infrastructure. We automatically collect and indefinitely retain non-cryptographic network metadata (such as IP addresses, device fingerprints, and raw API transaction logs) for accounts that engage in fraudulent marketplace activity, API abuse, or malicious server boosting. This data is exclusively used for issuing permanent bans, mitigating DDoS attacks, and cooperating with law enforcement when legally required.

02. Data Processing for Trust & Safety

Crucial Distinction: Our automated reporting and AI moderation pipeline applies exclusively to Public Server Channels. Personal 1-on-1 Direct Messages (DMs) are strictly End-to-End Encrypted (E2EE). We do not—and mathematically cannot—scan, process, read, or moderate your private DMs.

To maintain a safe community in public spaces, we utilize an automated reporting and moderation pipeline. This pipeline involves strict privacy constraints regarding how your data is handled when flagged:

✓ AI Text Analysis: When a text message is reported by at least three unique users, its content and the report reason are transmitted to Mistral AI for semantic evaluation. This data is strictly used for real-time safety evaluation and is never used to train our AI models or third-party models.
✓ Media and Server Reports: AI models do not evaluate your media (images, videos, zips) or full server reports. These are encrypted at rest and escalated to a secure human moderation panel where authorized administrators manually review the reported content.
✓ False Report Logging: If an AI determines a report is malicious or false, the reporter's ID is logged internally to apply a "false report strike." This metadata is retained solely to prevent targeted harassment and spam.
✓ Censored Data: Once a reported message is confirmed as a violation, its contents are permanently overwritten with a tombstone string (`[This message is hidden pending manual review]`) in our databases. The original text is irrecoverably wiped from our active clusters.

03. End-to-End Encryption (E2EE) for Text & Media

We deploy a zero-knowledge architecture for all Direct Messages (DMs) and direct file transfers. ModVoice employees, administrators, and automated systems are mathematically incapable of reading your messages or viewing your private media.

✓ Cryptographic Key Generation: Your browser utilizes the Web Crypto API to generate a secure ECDH key pair. The private key never leaves your device and is optionally stored in IndexedDB, encrypted by a passcode only you know.
✓ Media Encryption: Before an image, video, or file is uploaded to our servers, your browser generates a single-use AES-GCM key to encrypt the raw binary data.
✓ Opaque Blob Storage: Our servers only receive and store the resulting mathematically scrambled blob. We do not possess the decryption key.
✓ Secure Key Exchange: The single-use decryption key is sent to your recipient over an established E2EE WebRTC tunnel. If our database is compromised, attackers retrieve nothing but useless cryptographic noise.

04. Zero-Retention Audio & Video Policy

ModVoice operates strictly as a real-time communications layer. We do not record, intercept, transcribe, or store your voice calls or video feeds.Because our primary infrastructure relies on Peer-to-Peer (P2P) connections, the actual audio/video streams flow directly between the network interfaces of the participants. Our servers serve solely as a "switchboard" to introduce users to one another. Once the cryptographic introduction is complete, the conversation executes entirely off of our primary infrastructure.

05. Zero-Liability Monetization (BYOG)

ModVoice operates a "Bring Your Own Gateway" (BYOG) financial model. We do not process funds, hold balances, or take platform fees. All transactions are securely routed directly to the server creator's connected Stripe account.

Direct to Creator: When you purchase a digital good or boost a server, the payment is processed directly by the creator's Stripe account. ModVoice never touches the funds.
Edge Encryption Architecture: For creators configuring their API keys, we employ a strict Zero-Trust Frontend model. Keys are never encrypted or stored on the client side. Instead, they are transmitted via HTTPS to isolated Edge Functions, encrypted in memory using a strictly server-side AES-256 key, and stored securely in our database.
No Stored Financial Data: We do not collect, process, or store credit card information or banking details. The only information our backend processes is the cryptographic webhook signature from Stripe to verify payment completion and unlock digital goods.

06. Third-Party Subprocessors

To deliver a global, low-latency service, we utilize highly vetted third-party subprocessors. All subprocessors are legally bound by strict data processing agreements:

Google Firebase

Authentication & Real-time Database (Signaling). ISO 27001 & SOC 3 Compliant.

Cloudflare

Edge Routing, DDoS Protection, and R2 Object Storage for public static assets.

STUN/TURN Relays

Global relays for NAT traversal. Relays transmit opaque encrypted packets and cannot decrypt media.

07. Global Data Rights (GDPR & CCPA)

Regardless of where you reside, we grant all our users the rights afforded by the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):

Right to Access: You may request an export of the account data we hold about you.
Right to Erasure (Right to be Forgotten): You can initiate the deletion of your account at any time via your user settings. To prevent unauthorized deletions, this requires verification via a one-time password (OTP) sent to your email. Once verified, your account enters a 14-day grace period. During this grace period, your account is securely locked—you will be unable to send messages, join servers, create developer applications, or make purchases—but you can cancel the deletion at any time by logging in and navigating to your settings. After 14 days, your profile data (email, name, IPs), server memberships, and developer bots are permanently purged, and your past messages are anonymized to "Deleted User" to maintain conversation flow for others.
Right to Rectification: You can update your display name, email, or avatar at any time.
Right against Profiling: We do not run algorithmic profiling, nor do we sell your data to advertising brokers.

08. Cookies and Local Storage

ModVoice is free of third-party advertising trackers, analytical pixels, and invasive marketing cookies. We use browser localStorage, cookies, and IndexedDB for functional purposes (login sessions, custom themes, volume, and cryptographic key caching) and basic performance metrics via Google Analytics to track stability.

You can manage, disable, or clear any of these cookies and storage items at any time through our storage preferences panel. Declining or turning off a preference will instantly delete the corresponding data from your browser storage.

Privacy Policy