BLOQ Talk · Legal
Data Security
Last updated: July 2, 2026
Security is the foundation of BLOQ Talk. This page explains the technical and organizational measures we use to protect your data across the BLOQ Talk mobile apps, the web application at bloqtalk.app, and related services (the "Service"). It supplements our Privacy Policy and Terms of Service.
1. End-to-End Encryption
Direct conversations on BLOQ Talk are end-to-end encrypted (E2EE). Message content is encrypted on your device and can only be read by you and your intended recipient. Our servers relay and store only ciphertext for E2EE conversations — we cannot decrypt or read the contents, and we never sell your messages or content.
2. Post-Quantum Cryptography
BLOQ Talk is engineered to resist "harvest-now, decrypt-later" attacks. We layer post-quantum key exchange with established elliptic-curve cryptography so that keys and messages remain protected even against future quantum adversaries. Every message is cryptographically signed to guarantee authenticity and integrity.
3. Encryption in Transit and at Rest
All connections between your device and our infrastructure are protected with strong TLS (HTTPS). Data stored on our systems is encrypted at rest. Sensitive fields and message payloads are protected with additional application-layer encryption.
4. Credential Protection
- Passwords are stored only as salted, one-way hashes — never in plain text.
- Administrator access requires multi-factor authentication (MFA/TOTP), and sensitive actions require step-up re-authentication.
- We monitor for credential stuffing and brute-force attempts and apply automatic lockouts to protect accounts.
5. Wallet Safety
BLOQ Talk is a messenger, not a wallet. Optional wallet verification uses a read-only signature to confirm ownership. We never request, access, or store your private keys or seed phrase, and no BLOQ Talk employee or support agent will ever ask for them.
6. Access Controls & Least Privilege
Access to production systems and personal data is restricted on a need-to-know basis using role-based access controls and the principle of least privilege. Privileged and destructive actions are recorded in a tamper-evident audit log for accountability.
7. BLOQ Shield Threat Screening
BLOQ Shield screens links and messages for scams, phishing, malware, and fake support, and quarantines risky connection requests. Combined with the BLOQ Score and Circle Trust Gates, Shield reduces your exposure to malicious actors before they can reach you.
8. Infrastructure & Monitoring
Our infrastructure runs in secured, access-controlled environments with network isolation, continuous monitoring, and automated alerting. We maintain regular backups and apply timely security patches to our systems and dependencies.
9. Vulnerability Management & Testing
We continuously test the Service — including automated security self-checks and internal red-team exercises — to find and fix weaknesses before they can be exploited. We track and remediate vulnerabilities based on severity.
10. Incident Response
We maintain an incident-response process to detect, contain, investigate, and remediate security events. If a breach affecting your personal data occurs, we will notify affected users and the appropriate authorities as required by applicable law.
11. Data Retention & Deletion
We retain data only as long as needed to operate the Service or meet legal obligations. You can delete your account at any time; when you do, we delete or de-identify your personal data within a reasonable period. See our Privacy Policy for details on retention and your rights.
12. Responsible Disclosure
No system is ever perfectly secure, and we welcome help from the security community. If you believe you've found a vulnerability, please report it responsibly to security@bloqtalk.app. We ask that you give us a reasonable opportunity to remediate before public disclosure.
13. Contact Us
Questions about data security? Reach our security team at security@bloqtalk.app.

