Guff No phone search
Knowing someone’s phone number should not automatically make them searchable inside a private app.
Privacy Posture
You are not the product.
Guff is built around a simple belief: private conversations should not become commodities. Your messages should not become advertising data. Your emotions should not become engagement metrics. Your private one-to-one moments should not become behavioral inventory.
Not searchable No phone, email, or name discovery.
Not scraped Your contact book is not the price of entry.
Not for sale Private chats are not advertising fuel.
The core content promise
Guff cannot read your private content because Guff does not hold the private content keys.
Private messages, photos, videos, voice notes, and other private content are built to remain end-to-end encrypted and unreadable to Guff’s servers. The server may help deliver encrypted packets, apply expiry rules, and protect the service, but it does not hold the keys required to read your private content.
That is the heart of Guff’s privacy posture: the server delivers the sealed envelope; it cannot open the letter inside, even if it wants to.
Privacy is the boundary
Privacy is not a mode, toggle, or paid upgrade.
Guff does not treat privacy as a luxury setting. Core privacy belongs to the product itself. Every eligible user gets the same core privacy boundary: private one-to-one communication, invite-only connection, content unreadability, no contact scraping, and no behavioral ads from private chats.
Supporters may help keep Guff independent, sustainable, and free from the surveillance business model. They do not buy stronger core privacy. Private dignity is not a premium feature.
Same core privacy Privacy is the product boundary, not a paid tier.
Clean business model Subscription support helps avoid behavioral ads and scraping.
Private by default Guff starts with restraint instead of adding privacy later.
One-to-one only Private trust is narrowed to one trusted Gufaadi.
Not searchable. Not scraped.
Private connection should begin intentionally.
Guff is invite-only. It does not need phone-book upload, email discovery, phone number search, name search, public profiles, or contact scraping to create private value.
No email search
Your email address should not become a discovery handle for private one-to-one communication.
No name search
Guff is not built around public identity lookup, searchable profiles, or random social reach.
No contact scraping
Your address book is not a growth tool. Guff does not need to harvest your contacts to help you talk privately.
No behavioral ads
Your private life is not the business model.
Guff is not built to read private conversations, infer emotional patterns, score intimacy, rank relationships, or convert private one-to-one behavior into advertising data.
Delivery assurance is allowed. Recipient surveillance is not. Abuse resistance is allowed. Private-content profiling is not. Reliable operation is allowed. Engagement farming is not.
No private-content profiling Private chats should remain conversations, not analytics material.
No engagement farming Guff is not built to maximize compulsive time spent.
No social graph extraction Private relationships should not become behavioral inventory.
No surveillance discount Guff will not trade cheaper access for private conversation profiling.
Vanishing data
Temporary private content should not become a permanent product archive.
Vanishing data means Guff-controlled private content, decrypted message bodies, private media, thumbnails, temporary files, expired encrypted packets, and related lifecycle artifacts are engineered to expire, purge, or become unusable within documented limits.
This is what GhostLock exists to govern. Vanishing is not a decorative countdown. It is a lifecycle discipline that connects reveal, expiry, key handling, purge behavior, and residue reduction.
01 Created temporary
Private content is treated as temporary from the beginning.
02 Viewed deliberately
Touch-to-view and protected viewing keep private moments intentional.
03 Expired by rule
The private lifetime is governed by engineering discipline.
04 Made unusable
Expiry, purge, erasure, and residue reduction work together.
Honest limits
Guff protects private content without pretending technology is magic.
Guff’s privacy promise is content unreadability and vanish-first product discipline within honest technical limits. It is not a claim of perfect anonymity, zero metadata, impossible screenshots, forensic impossibility, or immunity from lawful process.
The deeper safety details belong on the Safety page. The privacy page keeps the promise clear: Guff is built to keep private content unreadable to the server, avoid surveillance business models, reject public discovery, and prevent temporary moments from becoming permanent product archives.
Not an anonymity service
Not metadata-zero
Not screenshot magic
Not law-evasion tooling
Not a high-risk opsec replacement
Not a promise to delete human memory
Plain-language commitments
No legal fog. No dark patterns. No fake consent.
Guff’s privacy posture is designed to be understood by ordinary people, not hidden behind legal theatre.
We do not read private messages
We do not store decrypted private content
We do not scrape contacts
We do not build public discovery
We do not use private chats for behavioral ads
We do not make privacy a paid upgrade
We do not build feeds or follower pressure
We explain important limits plainly
Private by design. Vanish-first by engineering.
Guff is built for private one-to-one moments that deserve restraint.
The privacy model is simple: one trusted Gufaadi, no public discovery, no contact scraping, no behavioral ads, content-blind delivery, and private content that Guff servers cannot read.