Ieum
Security Philosophy & Policy
The server only relays and leaves no records.
(True P2P Architecture & E2EE)
It simply helps encrypted messages reach their destination and is immediately shredded from the queue."
1. Central Server Zero Data Storage & Direct Transfer (P2P) Oriented
Typical large messenger companies permanently store massive amounts of conversation logs in their main server databases to analyze users or comply with requests from external organizations.
Ieum is different. Ieum's server acts only as an encrypted connection path (Relay Queue) between terminals. Messages (both 1:1 and multi-party group chats), photos, and WebRTC call connections are completely disintegrated on the network server as soon as the delivery is successful and the other device confirms read/receipt.
2. Strong End-to-End Encryption (X25519 E2EE)
All messages and files transmitted are subject to the highest level of End-to-End Encryption (E2EE) through X25519-based elliptic-curve cryptography and AES-256-GCM. This means that even server administrators or Internet Service Providers (ISPs) cannot decrypt the contents. Flawless security is maintained through a secure symmetric key exchange method even in group chat rooms where hundreds of people gather.
3. Anonymous Signup and 12-Word Master Key
The moment you collect phone numbers, emails, or social security numbers, you are at risk of being tracked. Ieum does not require any such identifying information and issues a unique anonymous ID solely through a mathematical Proof of Work (PoW) within the smartphone.
All control and restoration authority over the account depends entirely on the 12 English words (mnemonic key) provided at signup. Without this key, even the developers cannot access or restore the account.
4. Smartphone Access Permissions & Purpose of Use
ieum requests only the minimum smartphone access permissions to provide users with a smooth and secure messenger environment. ieum never collects any original data (photos, voice, location, etc.) obtained through access permissions on its central server without authorization or provides it to third parties.
All data is used only once for P2P encrypted communication.
- 1. Camera
- Purpose: Profile photo shooting, QR code scanning to add friends, WebRTC-based P2P video calls, and AR (cosplay) sticker tracking.
- Security: Recorded video and photo data are end-to-end encrypted (E2EE) during video calls, transmitted only to the other party, and are not stored on the server. - 2. Microphone
- Purpose: WebRTC-based P2P voice and video calls.
- Security: Call voice data is encrypted and transmitted directly (P2P) only between the calling parties; no one, including ieum servers, can eavesdrop. - 3. Storage / Photos
- Purpose: Sending photos and files in chat rooms, backing up/restoring encrypted offline chat histories.
- Security: Files sent via chat are completely destroyed from the server queue as soon as the recipient receives them. - 4. Location
- Purpose: 'Find Nearby Friends' radar function, 'Real-time Location Sharing' in chat rooms.
- Security: Location information is used temporarily only when the user activates the feature. We do not secretly track the user's movements in the background or leave location records on the server. - 5. Notifications
- Purpose: Encrypted new message alerts, voice/video call (including CallingTalk) receiving alerts.
- Security: All processing to display message contents as notifications takes place inside the device; only a secure identifier is transmitted through the push notification server without exposing the content.
(※ For optional access rights such as location information, you can normally use the app's basic messenger functions excluding the relevant features even if you do not grant permission.)
5. Guaranteeing Strict User Control (App Lock and Complete Deletion)
Ieum provides users with all the means to defend themselves.
- Two-way Instant Destruction: Not only 'Bomb Messages', but even if you choose [Delete for Everyone] for a message already sent, the message is permanently destroyed not only from your device but also from the other party's smartphone memory. Data ownership fully belongs to the user.
- Cloud Storage Control: Through the 'Storage Management' menu, users can directly check their files or encrypted backups safely stored in the cloud and delete them remotely.
- Double Security (Passcode): In addition to unlocking the smartphone, you can set a numeric passcode within the app to physically block access to the Ieum messenger itself.
