Your conversations. Your control.

Minyma is designed so message and attachment contents are encrypted on sender devices and decrypted on recipient devices. The relay handles delivery, queueing, push, and attachment transfer while Minyma keeps the privacy boundary clear and practical. Voice and translation features are user-started, and private message content is only used for those features when the user explicitly asks or allows it. Weather requests use Apple WeatherKit only when requested.

Voice boundary

Helpful only when you ask

Minyma Voice can help with drafts, translation, and local navigation, including weather questions, but message content is not read for voice or translation unless you ask or approve it.

  • Sensitive actions are staged for review
  • Current location is requested only for local weather
  • Voice notes are encrypted as attachments
  • Turning voice off hides product voice controls
  • Local pickers do not send media until you choose it
Protected

What Minyma is built to protect

  • Message text
  • Attachment contents
  • Encrypted voice-note audio sent as an attachment
  • Attachment keys shared inside encrypted messages
  • Receipts, edits, and deletes carried in encrypted flows
  • Voice and video call setup, protected end to end like messages
  • Group conversations, with the same per-message protection as 1:1 chats
  • Your encryption keys, which never leave your device's secure storage
Metadata

What supports delivery

  • Which user or device is sending
  • Which user or device is receiving
  • Timing and frequency of messages
  • Encrypted attachment size and limited transfer metadata, such as upload/download timing and delivery state
  • The relay routes encrypted messages and call setup data, not plaintext message bodies
  • The database stores account, device, queue, and delivery state needed to operate the service
  • Encrypted-media storage holds ciphertext attachments for delivery, not long-term content archives
Translation

Translation only when requested

Draft translation is based on text the user is actively composing. Translating an existing message requires explicit permission before that message content is read for the translation request. Translation happens for the one draft or message you asked about - never in the background, and never across your history.

  • Translated drafts are staged before replacing or appending
  • Latest-message translation uses a clear consent step
  • One approved message means one approved message, not the whole chat history
  • Assistant voice language does not automatically translate private content
  • Sender names can be read without reading message text
  • Translated text is reviewed before it changes a draft
  • Opening a picker or tool does not share media or files until the user selects something
  • Voice notes are not automatically transcribed
  • Declining a translation prompt shares nothing at all
Voice

How voice stays bounded

Minyma Voice is optional and user-started. It can help compose, navigate, translate drafts, open New Message or New Group flows, read public Help, Terms, and Privacy pages aloud, answer WeatherKit weather and forecast questions, and open local tools, but sensitive actions like sending, calling, or reading private message content are gated by explicit intent or confirmation.

  • Turning voice off stops active voice sessions and hides Minyma Voice controls
  • Voice Language defaults to English, supports a broad user-selected language set, and does not auto-switch by default
  • Assistant language does not silently translate private messages or public legal/help text unless the user explicitly asks
  • WeatherKit, voice, and translation requests are separate user-started flows with their own boundaries
  • Local weather asks for current location only for that request; explicit city weather uses the requested place
  • Opening camera, files, photos, or contacts stays local until the user chooses what to send
  • Reading unread sender names can avoid reading private message contents
Where it lives

EU-based infrastructure

Minyma's production relay, database, and encrypted-media storage run on infrastructure based in the European Union, operated under the EU's data-protection framework (GDPR). Attachments are held only as ciphertext, kept just long enough to be delivered, and removed under the normal retention window and on account deletion. Media downloads are accelerated at the network edge, but what travels there is ciphertext only - the keys stay inside your encrypted conversation.

Deletion

What Delete Account does

Uploaded ciphertext attachments are deleted from the server under Minyma's normal retention and account-deletion flows. Delete Account is intended to remove relay-held devices, queued delivery data, profile information, push tokens, and uploaded ciphertext attachments.

  • It wipes the current device back to onboarding
  • It does not erase content already downloaded to other devices
Local

Reset and duress behavior

Local reset wipes the current device back to a fresh install. Duress mode does the same instantly - and when account deletion is enabled, the deletion request is signed and sent at the same moment, completing on any working connection.

  • The wipe is immediate and never waits on the network
  • A wiped device looks like a fresh install
  • These tools are strongest on the current device
  • They do not remove content from other users' devices
Device copies

What remains after delivery

End-to-end encryption protects content while it is delivered, but a message that has already reached another device is under that device's control. Minyma is careful to separate server deletion from content already downloaded elsewhere.

  • Deleting your account removes relay-held account data and queued server state
  • Messages already downloaded to another user's device are not pulled back from that device
  • Local app lock, reset, and duress tools protect the device where they are used
Capture safety

Useful signals, even after the moment passes

On iPhone and iPad, Minyma can detect screenshots after iOS reports them and can hide sensitive content during active screen recording or mirroring.

  • Screenshot detection helps user awareness when sensitive content may have just been copied
  • Local breadcrumbs can support audit visibility and follow-up safety flows
  • Active recording or mirroring can trigger a privacy veil while capture is in progress
Boundary

What capture safety cannot promise

iOS reports screenshots after they happen, so no app can guarantee that a screenshot was blocked. Minyma uses the signal for awareness and keeps stronger protection for active recording or mirroring, where sensitive content can be veiled while capture is in progress.

  • Screenshot detection is a notification signal, not a full screenshot blocker
  • Screen-recording and mirroring protection can hide content during active capture
  • Users should still treat sensitive screens as visible to anyone holding the device