Privacy and security

About Talky

Talky is a truly simple video chat service provided by &yet, a small, independent software and design team based in Richland, WA. We love to help people communicate and we love to learn about new technologies, which is why we offer Talky for free. We’re not here to sell ads based on your conversations, resell information about you, or keep track of what you do online. We respect your privacy and the security of your communications. This page describes how we put those values into practice.

How Talky works

Talky is based on a fairly new technology called WebRTC. In essence, WebRTC gives your web browser or mobile device access to the microphone and camera on your computer along with the ability to exchange audio, video, and other data with someone else’s computer. This innovation makes it much easier for web developers like us to create realtime communication applications like Talky. It's a beautiful thing!

To make Talky go, we use a whole alphabet’s soup of advanced technologies for realtime communication (STUN, TURN, SRTP, DTLS, UDP, XMPP, and so on). The basic idea is this:

  • When you visit the Talky website or launch the Talky iOS app, your computer runs the software code that we provide and talks to our server to set up the video chat.
  • When your friend visits the link you send, your friend's computer also runs our software code.
  • Once both computers are connected to our server, your computer exchanges various kinds of information with your friend's computer either directly (“peer to peer”), through our server, or through a special “media relay” that we run to help audio and video data travel through firewalls.
  • You and your friend have a pleasant conversation, click the “Leave” button, and your computers tear down the various connections they set up to each other, our server, and the media relay.

Security and encryption

The short story is that your audio and video data are encrypted between your computer and your friend’s computer, so that your conversations can’t be unscrambled by eavesdroppers. We also encrypt all the set up, call control, and tear down information that your computer sends to our servers (which can reveal private information such as the IP address of your computer).

Privacy policy

Our default privacy policy is never to gather or store or sell information about you, to log your conversations, or to engage in any other behavior that would compromise your privacy and security in any way.

However, we do need to gather one piece of personally identifying information in order for you to use Talky in the first place: your computer needs to tell us its “IP address” so that we can connect you with your friend’s computer (which needs to tell us its “IP address” too). Room names are also logged. Although we do not track this information or keep a long-term record of it, we do log it for brief periods of time so that we can perform diagnostics that help us improve the service (these logs are erased after 30 days).

Anonymous metrics

We collect anonymous usage data (with no personally identifying information attached) to improve the Talky service and WebRTC technologies in general. Examples of usage data may include information about your browser, operating system, platform, the percentage of sessions that include screen sharing, how often certain features are used (e.g., muting and unmuting audio), and the occurrences of connectivity failures. At times we provide some of this data to the Google Chrome and Mozilla Firefox teams so that they can prioritize and fix bugs in their code.

Reporting a bug

All security bugs in Talky.io are taken seriously. Bugs or vulnerabilities should be reported by email to security@talky.io . Your email will be acknowledged within 24 hours.

You will receive a more detailed response within 48 hours, which will also indicate the next steps we will take in handling your report. After our initial reply, the security team will keep you informed of the progress being made toward a fix. As we move toward a formal announcement of the report and resolution, we may contact you for additional information surrounding the reported issue.