Privacy5 min read

Privacy isn't a feature. It's our entire architecture.

WhatsApp has a privacy setting. Telegram has a "secret chat" mode. Signal has disappearing messages. These are all features — things you toggle on, things you can forget to enable, things that can break or be bypassed. BurnChat doesn't have a privacy feature. The whole thing is the privacy.

There's a huge difference between a chat app that chooses not to read your messages and a chat app that can't read your messages. The first one is making you a promise. The second one is telling you a fact about how it's built.

We're the second one.

The "privacy toggle" problem

Open WhatsApp right now. Go to a conversation. How many of your chats have disappearing messages turned on? Probably not many, if any. It's buried in settings, it's per-conversation, and it defaults to off. Which means by default, WhatsApp keeps everything forever.

Same deal with Telegram. You have to specifically start a "Secret Chat" to get end-to-end encryption. Regular chats? Stored on Telegram's servers, readable by Telegram, tied to your phone number. Most people don't know the difference, so most people are using the non-private version without realizing it.

Even Signal, which is genuinely good at encryption, still requires a phone number to sign up. Your identity is baked in from the start. And disappearing messages need to be turned on manually for each conversation. Forget once, and that conversation lives on every device it touched.

All of these apps can be made more private if you know what buttons to press. But the default is not private. You have to opt into privacy, and most people never do.

What "architecture-level privacy" looks like

BurnChat works differently. There is no privacy toggle because there's nothing to toggle. The way the thing is built means your conversations are private whether you think about it or not.

Here's the short version of what's going on under the hood:

No accounts. You don't create a login. You don't give us an email or phone number. You pick a nickname when you enter a room and that nickname exists only in the server's memory until the room is gone. There's no user profile, no account database, no identity linking one session to another.

No message storage. Messages are held in the server's RAM — the same temporary memory that gets wiped when a process ends. There's no database behind this. No MySQL, no MongoDB, no Redis, no file on disk. When the room closes, the memory is freed and the messages are gone in the same way a spoken word is gone once the sound fades.

No request logging. The web server doesn't keep access logs. The application doesn't log requests. The system journal is pointed at /dev/null. There's no file anywhere on our server that records who visited, when, or what they did.

No analytics. We don't run Google Analytics. We don't run Mixpanel, Amplitude, Hotjar, or any tracking tool. We don't set cookies. We don't fingerprint browsers. We have no idea how many people used BurnChat today and we have no mechanism to find out.

Why this matters more than encryption

Encryption gets all the attention in privacy conversations, and it matters — don't get us wrong. But encryption only protects messages in transit. Once a message arrives and gets stored, encryption just means the data sitting on someone's server is scrambled. The company that owns the server usually has the keys to unscramble it. And even if they don't, the data is still there — waiting to be accessed if the keys are ever compromised, compelled by a court order, or leaked by an employee.

Our approach is simpler: there's nothing to encrypt because there's nothing stored. You can't decrypt data that doesn't exist. You can't subpoena a conversation that's been freed from RAM. You can't leak a database that was never created.

Is BurnChat encrypted in transit? Yeah, it runs over HTTPS. But the real protection isn't the encryption. It's the absence. The messages aren't somewhere safe — they're nowhere.

Trust us? You don't have to.

The best privacy systems are the ones that don't ask you to trust anyone. We could tell you all day that we don't peek at messages, that we don't sell data, that we care deeply about your privacy. And maybe that's true. But it doesn't matter, because the system is designed so that even if we wanted to do those things, we couldn't.

There's no admin panel that lets us read room contents. There's no way for us to recover a burned room. The architecture makes betrayal technically impossible, which is a much stronger guarantee than a privacy policy that makes betrayal merely against the rules.

Rules change. Code doesn't lie.

Privacy by default

No settings to configure. No options to enable. It just works.

Create a room
← Previous: How it works Next: What happens when you burn →