Fundamental principle
Solo2's server is completely blind. No sabe con quién hablas, qué dices, ni qué archivos compartes. Ni siquiera las señales técnicas que establecen la conexión entre dispositivos son legibles para el servidor — viajan cifradas de extremo a extremo.
Your messages travel directly between devices, end-to-end encrypted. Your history lives encrypted in your browser, never on our server.
Encryption keys rotate automatically with every message. Each message is encrypted with a unique key that is discarded immediately after use. This is technically known as Double Ratchet, y significa que incluso si alguien obtuviese una clave, solo podría leer un único mensaje — no la conversación. Además, la seguridad se restaura automáticamente tras cada turno de comunicación: una clave comprometida se vuelve inútil en cuanto se intercambia el siguiente mensaje.
When a direct connection between devices is not possible (for example, due to network restrictions), a mirror server (technically called TURN) is used: data is reflected from one device to another, but the mirror is unaware of what it reflects — everything travels end-to-end encrypted and the server cannot read it. Additionally, all packets are padded to a uniform size to prevent an observer from deducing information by analyzing traffic size or frequency.
You can always see in the app what type of connection you are using — directa o a través del servidor espejo — y actuar en consecuencia.
Your master key is randomly generated with 256 bits of real entropy — the same level as Bitcoin. Al crear tu cuenta, Solo2 genera una clave única que se representa como 24 palabras. Tu contraseña protege el acceso al servicio. Tus 24 palabras son la llave de tus datos. Son dos llaves diferentes para dos puertas diferentes.
Even if our server disappears, your data survives. With your 24 words you can access your local vault without a server connection. Your data is yours — for real.
1. Data we DO have on the server
1.1 Your user account
These are all the fields that exist in your record. There are no others.
| Data | Why | Protection | Duration |
|---|---|---|---|
| Username | So you can log in | Plain text (public by design) | Until you delete your account |
| Password | Authentication | Protected with Argon2id (recommended by OWASP, resistant to attacks with specialized hardware). We never store your actual password, solo una huella matemática irreversible | Until you delete your account |
| Display name | So your contacts can recognize you | Plain text (you choose it) | Until you change it or delete your account |
| Pairing code | Your address within Solo2 — like a phone number. It's what you share with someone so they can find you and send you a connection request | Plain text, unique (~10 characters) | Until you delete your account |
| Public key | A cryptographic string that the app uses automatically to encrypt data sent to you. No one uses it directly — the app takes care of it. The pairing code is for people to find you; the public key is for people to encrypt for you | Public key (44 characters). It can be known without risk — only your private key, which lives in your browser, can decrypt | Until you delete your account |
| Account balance | Money you have added to your account | Number (in cents) | Until you delete your account |
| Bonus balance | Bonuses received (invitations, promotions, gifts). Consumed before the account balance | Number (in cents) | Until you delete your account |
| Account type | Your current plan (trial, standard, gold, platinum) | Text | Until it changes or you delete your account |
| Trial end date | When your free trial period ends | Date | Until you delete your account |
| Registration date and time | When you created your account | Full date and time (timestamp) | Permanent |
| Last activity | When you last used the app | Date and time | Updated with each use |
| Internal identifiers | Codes the system uses internally to refer to you | Opaque IDs, meaningless outside the system | Until you delete your account |
| Security version | Which version of the password protection algorithm was used | Internal number | Until you delete your account |
| Status flags | Technical flags (whether your balance has changed, whether you have maximum security mode active) | 1 byte — the equivalent of a single letter. Nothing more fits | Until you delete your account |
To give you an idea of the volume: your record occupies about 250 fixed characters (identifiers, dates, keys, balances) plus the length of the names you choose. The password doesn't affect this: it is always stored as a fixed-size fingerprint. For example, if your name is "John" and your display name is "John Smith", everything you occupy on our server is about 264 characters — less than this paragraph.
1.2 Active sessions
| Data | Why | Protection | Duration |
|---|---|---|---|
| Session token | Keep your login active | We only store an irreversible fingerprint (hash), not the original token | 24 hours máximo, luego se borra automáticamente |
| Last activity date | Expire inactive sessions | Date and time | Deleted with the session |
1.3 Pairing requests
| Data | Why | Protection | Duration |
|---|---|---|---|
| Requester ID | To know who sent the request | Internal ID | 3 days máximo. Si no se responde, se elimina automáticamente |
| Recipient ID | To know who it is addressed to | Internal ID | Same as the requester |
| Status | Pending / accepted / rejected | Text | Deleted when resolved or expired |
Important note: Una vez aceptada la vinculación, el servidor no guarda la relación. Tu lista de contactos existe solo en tu navegador, cifrada.
1.4 Invitations
| Data | Why | Protection | Duration |
|---|---|---|---|
| Invitation code | Unique link to invite someone | Random token | Until used or expired (30 days) |
| Sender ID | To know who invited | Internal ID | Permanent (accounting) |
| Gift amount | Balance gifted with the invitation | Number | Permanent (accounting) |
1.5 Push subscriptions (notifications)
| Data | Why | Protection | Duration |
|---|---|---|---|
| Notification address | Send notifications to your browser | URL from the browser provider (Google, Mozilla, or Apple) | Until you disable notifications or delete your account |
| Push encryption keys | Encrypt the notification so only your browser can read it | Web Push standard | Same as the address |
1.6 Feedback (support)
| Data | Why | Protection | Duration |
|---|---|---|---|
| Your message | So we can help you | Plain text | Until we process it |
| Your user ID | To know who needs help | Internal ID | Same as the message |
1.7 Connection signaling (ephemeral)
For two devices to connect directly, they need to exchange technical connection establishment signals (WebRTC protocol). These signals pass through our server briefly, but end-to-end encrypted — el servidor solo transporta un bloque opaco que no puede descifrar.
| Data | Why | Protection | Duration |
|---|---|---|---|
| Connection signals | Establish the direct connection between devices | End-to-end encrypted with the recipient's public key. The server cannot read or modify them | 60 seconds máximo, luego se borran. En memoria, nunca en disco |
1.8 Mirror server (TURN relay)
If a direct connection is not possible, a mirror server is used: data passes through it like light through a mirror — it is reflected from one side to the other, but the mirror is unaware of what it reflects. All packets are padded to a uniform size so that an observer cannot distinguish a message from a simple connection heartbeat.
| Data | Why | Protection | Duration |
|---|---|---|---|
| Access credential | Authenticate you on the mirror server | Your identity is transformed into an irreversible fingerprint — the mirror server does not know who you are | 24 hours, luego se regenera |
1.9 Processed payments
Payments are the only point where there is real friction with anonymity. Let's be honest about it.
When you register on Solo2, you choose a username (it can be made up), a password, and a display name (also made up if you wish). No data links you to a real person. But if you make a payment by card, your financial institution does know who you are.
What we receive from the payment gateway is only a confirmation and an amount. We do not receive or store the cardholder's name, card number, national ID, or any personal data of the payer. These are small amounts — legally equivalent to a cash receipt, like buying a lollipop at a newsstand: the shopkeeper doesn't record the buyer's ID.
Furthermore, the payment record is deliberately unlinked de tu cuenta de usuario. No existe ningún campo en nuestra base de datos que cruce un ticket de cobro con una cuenta concreta.
| Data | Why | Protection | Duration |
|---|---|---|---|
| Payment record | Accounting and tax obligations | Confirmation + amount. No personal data of the payer. No link to any user account | Permanent (legal obligation) |
About the worst-case scenario: Incluso con una orden judicial, la cadena de rastreo sería: tu tarjeta → tu banco → la pasarela de pago → nuestro ticket de cobro. Pero nuestro ticket no contiene ningún identificador de usuario. No es un descuido: es una decisión de diseño. No existe ningún campo ni índice en nuestra base de datos que relacione un pago con una cuenta. La única vía teórica sería una correlación temporal — si fueses el único pago en un periodo dado — pero incluso en ese caso extremo, la cuenta no contiene información que identifique a la persona real: el nombre de usuario y el nombre público pueden ser totalmente inventados.
All our revenue is legal and accounted for through the payment gateway. We pay the corresponding taxes. But client anonymity is total from our side.
2. Data we do NOT have on the server
This is what defines us. Solo2's server does not store or have access to:
- Your messages — Viajan directamente entre dispositivos, cifrados de extremo a extremo. El servidor nunca los ve.
- Your files — Igual que los mensajes: directos y cifrados.
- Your contact list — Existe solo en tu navegador, cifrada en La Bóveda.
- Your chat history — Solo en tu navegador, cifrado.
- Your location — Los GeoSellos se calculan en tu dispositivo y se envían directamente al destinatario. El servidor nunca los procesa.
- Usage analytics — La aplicación Solo2 no tiene ningún sistema de analíticas, ni cookies de seguimiento, ni scripts de terceros.
- Device data — No recogemos modelo, resolución, sistema operativo, ni ninguna característica de tu dispositivo.
- Communication metadata — No sabemos con quién hablas, cuándo, con qué frecuencia, ni durante cuánto tiempo.
About your IP address
We do not log your IP address. Neither the app nor the web server store IP addresses in their logs. Connection signals, which could contain your IP, are end-to-end encrypted — the server cannot read them.
3. Data in your browser (The Vault)
Everything below lives exclusively in your browser, cifrado con AES-256-GCM (un estándar de cifrado de grado militar utilizado por gobiernos y entidades financieras). La clave se genera a partir de tu contraseña mediante Argon2id (el algoritmo más resistente disponible contra ataques con hardware especializado), y este proceso ocurre enteramente dentro de tu navegador. Tu contraseña nunca se envía al servidor.
Your data is encrypted at rest — even if someone accessed your browser's storage, they would only find unreadable encrypted blocks without your password.
When you export a backup, it is encrypted with the same protection (Argon2id + AES-256-GCM). Only someone who knows your password can decrypt it.
| Data | Encryption | Control |
|---|---|---|
| Messages | AES-256-GCM | You decide when to delete them |
| Files | AES-256-GCM | You decide when to delete them |
| Contacts (pairs) | AES-256-GCM | You decide who to pair with |
| Verification status | AES-256-GCM | You verify each contact's identity |
| Search index | Encrypted with irreversible tokens (HMAC) | Rebuilt from your messages |
| Delivery status | AES-256-GCM | Which messages were delivered |
| Pending messages | AES-256-GCM | Send queue when there is no connection |
Temporary browser storage
| Data | Type | Duration | Why |
|---|---|---|---|
| User session | Browser local memory (localStorage) | Until you log out | Keep your login |
| App version | Browser local memory (localStorage) | Permanent | Detect updates |
| Theme preference | Browser local memory (localStorage) | Permanent | Remember your visual theme |
| Language preference | Browser local memory (localStorage) | Permanent | Remember your language |
| Password (maximum security mode) | Tab memory (sessionStorage) | Disappears when you close the tab | Reinitialize encryption if you reload the page |
Note on browser security
Solo2 runs inside your web browser. Your encrypted data is protected at rest, but when the app is open and showing you your decrypted messages on screen, security also depends on your environment:
- Browser extensions: Una extensión maliciosa con acceso a las páginas que visitas podría, en teoría, leer lo que se muestra en pantalla. Recomendamos utilizar el menor número posible de extensiones y solo de fuentes de confianza.
- Clean browser: Un navegador actualizado y sin extensiones innecesarias es tu mejor aliado.
- Native application: En el futuro, ofreceremos una aplicación de escritorio (Windows, Mac, Linux) que proporcionará un nivel adicional de aislamiento al no depender del entorno del navegador.
4. Network connections
The Solo2 app
| Domain | Reason | Data sent |
|---|---|---|
| solo2.net | Application API | Authentication, signaling, presence |
| pay.menzuri.com | Payment gateway | Only if you make a payment |
No other domain. Ningún script externo. Ningún CDN de seguimiento. La política de seguridad de contenido (CSP) del servidor lo impone técnicamente: cualquier intento de cargar recursos de otros dominios es bloqueado por el navegador.
Even to discover the public IP address of your device (necessary to establish direct connections between users), we use our own server (technically called STUN). We do not delegate to external services. We manage it ourselves.
The landing page
The landing page (solo2.net/info) — which is independent from the app — uses an anonymous measurement system hosted on our own servers in Germany:
| Domain | Reason | Data sent |
|---|---|---|
| stats.menzuri.com | Anonymous visit measurement | Page visited (no cookies, no IP, no identification) |
This system does not install cookies, does not log your IP address, does not identify you, does not track you between visits, and does not share data with third parties. The Solo2 app does not have this system or any other type of analytics.
5. Deleting your data
There are two different actions, and it is important that you know the difference:
Delete local data
From the app settings you have two local deletion options:
- Delete my data — Elimina solo tus datos (identidad, bóveda, sesión) sin afectar a otros usuarios que usen el mismo navegador.
- Emergency reset — Borra absolutamente todo: datos de todos los usuarios, Service Worker, caché y claves criptográficas. Requiere doble confirmación.
In both cases, your account on the server still exists. Puedes volver a iniciar sesión, pero tus datos locales se habrán perdido irreversiblemente. Al hacerlo, se genera una identidad criptográfica completamente nueva: quien tuviese tu clave pública anterior ya no puede cifrar nada para ti. Si un contacto anterior quiere reconectarse, deberá solicitarte vinculación de nuevo, y tú decides si la aceptas o no.
Automatic recovery between devices
If you lose your data on one device and have another one connected, Solo2 detects the situation and offers to restore your identity and vault automatically. The restoration travels encrypted (Argon2id) over a direct connection between your devices — without going through the server.
Delete your account from the server
- All las filas en la base de datos asociadas a tu ID: cuenta, sesiones, solicitudes, invitaciones, suscripciones push, feedback.
- The deletion is atomic (todo o nada): o se borra todo o no se borra nada.
- Payment records remain deliberately unlinked de tu identidad — existen por obligación legal, pero no se puede trazar un pago a tu persona.
- The identifiers in server logs are irreversible fingerprints: a log cannot be linked to your account once deleted.
- The Vault in your browser is not automatically deleted with this action (we do not have access to your browser). To delete it, first run the nuclear wipe or clear the site data in your browser.
5b. Your master key and your 24 words
When creating your Solo2 account, a master key is generated with 256 bits of real entropy (the same used by Bitcoin). This key is represented as 24 words that only you know. Your password wraps this key to store it encrypted on the server — the server cannot read it.
This means you have two independent keys: tu contraseña (para conectar al servidor y recuperar tu clave envuelta) y tus 24 palabras (para acceder directamente a tus datos sin servidor). Si pierdes una, la otra te protege. Si pierdes ambas, tus datos son irrecuperables — como en Bitcoin.
Exact algorithms (verifiable)
Generation: CSPRNG del sistema operativo (crypto.getRandomValues, 256 bits). Cifrado de la clave maestra: Argon2id (OWASP) para derivar la clave de envoltorio + AES-256-GCM (cifrado autenticado) para protegerla. Identidad: Ed25519 (firma) + X25519 (intercambio). Mensajes: Double Ratchet con ChaCha20-Poly1305. Al cerrar la pestaña del navegador, todos los datos sensibles desaparecen de la memoria.
How your master key is protected
| Layer | What it is | Where it lives |
|---|---|---|
| Password | Server access. Wraps your master key | In your memory + hash on server |
| Device secret | Invisible second factor, generated automatically on install | On your device (non-extractable) |
| Master key (24 words) | 256 bits of real entropy, randomly generated. Bitcoin level (BIP39) | On a paper you keep + wrapped on the server |
| Key rotation | Each message uses a unique key that is destroyed after (Double Ratchet) | Automatic, transparent |
If you change your password
Changing your password is instant. Your master key is simply re-wrapped with the new password — your identity doesn't change, your vault isn't re-encrypted, your contacts aren't affected, and your 24 words remain the same. It's a millisecond operation.
Recovery
If you lose your password, you can access your vault with your 24 words — without needing a server. If you lose your 24 words, you can log in with your password and the server returns your wrapped key. If you lose both, your data is unrecoverable. Like in Bitcoin, that's security by design.
6. What happens if someone accesses the server without authorization
If an attacker gained full access to Solo2's server, they would obtain:
- Usernames and display names
- Pairing codes
- Public keys (useless without the private key, which is in your browser)
- Password fingerprints (useless without an extremely costly brute-force attack thanks to Argon2id)
- Session token fingerprints (useless without the original token)
- Pending pairing requests (internal IDs, expire in 3 days)
- Account type, balances, and registration dates
- Payment records (with no way to link them to a specific user)
What they would NOT obtain:
- No messages (they were never on the server)
- No files (they were never on the server)
- No contact list (it was never on the server)
- No chat history (it was never on the server)
- No private encryption keys (they live in your browser)
- No IP addresses (they are not logged)
7. Our commitment
This manifesto will be updated with every relevant change in data management. If we add a new field to the database, it will appear here. If we remove something, it will too.
The current version is always this page.