Security Architecture

Self-Custodial Log In

No email, phone number, or biometric data is required. Login credentials are uniquely generated at creation and held exclusively by the user. If the login ID is lost, access cannot be recovered, ever, not even by PYRAM. This model is designed to maximise user security while preserving full, rightful ownership and control at all times. By removing identity-based access entirely, risks such as phishing, data exposure, and personal information leaks are significantly reduced. If a user wishes to try PYRAM without long-term commitment, they may create a self-destruct account on signup with an optional, user-defined deletion timer ranging from hours, days, weeks, or years, fully controlled by the user.

End-to-End Encrypted Messaging

All private messages are protected using true end-to-end encryption, meaning only the sender and recipient can read the content. Encryption keys are created and held solely by the communicating users. PYRAM has no access to messages or any ability to decrypt users' personal communications. To strengthen this further, PYRAM uses the Double Ratchet algorithm, which continuously updates encryption keys as messages are exchanged, preventing past or future messages from being exposed if one were ever compromised. In simple terms, it works like changing the lock after every message, each generated key would open only that single message. Message forwarding is disabled to reduce the risk of unintended sharing or redistribution. Messages can be set to self-destruct and are not retained beyond their intended delivery lifecycle. Users can also delete messages they have sent for both themselves and the recipient, permanently removing the message from the conversation. This is designed to protect users and creators in cases where content is sent by mistake, shared unintentionally, or needs to be withdrawn to prevent accidental leaks or misuse.

Double Maze Lock Messaging

Double Maze Lock adds an extra layer of protection to encrypted messages through a proprietary, user-controlled security model unique to PYRAM. When enabled, a message is locked the moment it is sent and stays hidden until both the sender and the recipient unlock it together, and is never accessible without the other. Each user has their own private 4-digit code, and both users' codes combined are required when the message is opened. These codes are never shared or stored by PYRAM. With two 4-digit codes combined, there is roughly a 1 in 100 million chance of cracking a Double Maze locked message, making it extremely robust. Access is temporary and must be re-authorised each time, so messages cannot be opened later without both users present.

Metadata Control

Metadata control gives users and creators clear control over how their content is distributed and understood within the platform. By default, no metadata is attached to content unless the user chooses to enable it, ensuring data use is intentional rather than assumed. When enabled, metadata allows standard engagement signals that support visibility, performance insights, and content discovery. When disabled, content is shared without additional signals, offering a more contained and deliberate publishing experience. This allows creators to choose how each post is presented, whether prioritising reach, insight, or controlled sharing, while keeping data use transparent and fully managed by the user.

Channels & Content Protection

PYRAM Channels are built to give content creators full ownership and control over how their content is shared and accessed. Every post inside a channel is end-to-end encrypted and only viewable by approved members, with no public links and without exposing unnecessary traceability, such as location or source data, back to the original poster. This keeps content confined to its intended audience while protecting creators from unwanted exposure. Channel owners can enable screenshot blocking, screen recording prevention, and audio recording blockers to protect paid, private, or exclusive content from unauthorised capture or redistribution. Admins can manage channels and content without ever accessing creator data or message content. Whether a channel is public or private, creators decide the rules, the access, and the level of protection, ensuring their content stays encrypted, controlled, and owned by them at all times.

PYRAM Stories

Story posts on PYRAM are private by default as part of the platform's core setup to reduce unnecessary data exposure and support responsible data handling. From initial setup, all story media is treated as secure content and is not publicly exposed unless the user explicitly chooses otherwise. Private and Friends Stories are protected using AES encryption, meaning media is encrypted before transmission and only viewable by the intended audience. Stories shared through Private or Friends Stories remain visible only to selected users, keeping content restricted to trusted personal connections rather than the wider platform. This default design is especially important for content creators, allowing clear separation between personal connections and public audiences, and ensuring private, sensitive, or paid content remains controlled and protected unless deliberately made public. PYRAM offers seven locations to post a media story. If a user chooses to post on Discovery Stories, Public Stories, Subscriber Stories, Spotlight, or a Live Feed, that content becomes viewable across the wider platform by design. Creators can include a viewer discretion notice on story posts to help protect viewers from potentially sensitive visual effects. Screenshot and audio blockers apply to all media posts, giving users full control over their own content.

Voice Notes & Voice Changer

Voice notes allow users and content creators to communicate quickly and naturally when typing isn't practical, just like standard voice messaging. Once a voice note is sent, it cannot be edited and can only be deleted by the sender, helping prevent misuse. Users can optionally enable a voice changer, which slightly alters how a voice sounds before the message is sent. This is intended for comfort, consistency, or creative use, and can be particularly useful in business, creator, or sensitive conversations where spoken information should not be easily identifiable or exposed beyond the intended recipient. The voice changer is optional, fully controlled by the user, and works seamlessly. Together, these features provide a practical and discreet way to communicate by voice while reducing the risk of confidential details, internal discussions, or sensitive business information being unintentionally leaked or misused.

Encrypted Calls

Voice and video calls on PYRAM are delivered using Agora's real-time communication infrastructure. Calls are protected through a layered security model in which PYRAM encrypts the call initiation and session key, and Agora applies its own secure transport encryption, ensuring privacy at multiple stages. For each call, a unique session key is dynamically generated between the participating users and exchanged through an encrypted channel, with the key never transmitted in plaintext. Even if an encrypted key were intercepted, it could not be used to join or access the call without successful decryption. This encrypted key exchange protects against interception and man-in-the-middle attacks during call setup. PYRAM does not access call content or usable encryption keys, and Agora provides the underlying transport infrastructure only, ensuring that voice and video data remains accessible exclusively to the users involved while maintaining secure and reliable real-time communication.

Geographic Maps

Maps on PYRAM use Ghost Mode as a default location-privacy setting designed to limit the visibility of user location within the app. When enabled, location information is not displayed on maps or shared with other users, and no live location status is shown. This ensures location data is not exposed unless a user explicitly chooses to make their location visible. All core app functions remain available regardless of map visibility. If a user intentionally disables Ghost Mode, their profile becomes visible on the map and may participate in optional location-based features such as Matches and swipe discovery, where enabled. This approach ensures location sharing is user-controlled, intentional, and aligned with standard privacy and data-protection expectations.

Create Your Own PIN

Users can choose to create their own PIN instead of relying on Apple or Google credentials. This option exists to ensure account access is created, managed, and controlled solely by the user. While biometric sign-in can be convenient, biometric identifiers such as fingerprints or facial data are fixed and cannot be changed if compromised. A user-defined PIN, by contrast, can be updated or replaced at any time by the user, without involvement from PYRAM. This approach provides flexibility, long-term account control, and a user-managed access method aligned with standard security best practices and personal preference.

Encrypted Notes & Folders

Encrypted Notes & Folders allow users to securely store personal notes, files, and private information within the app. Content is protected using encryption and is accessible only by the user who created it. Users can organise and manage their content freely while retaining full control, making this feature suitable for personal use, business planning, and sensitive information storage.

Username Integrity

This is the foundation of identity control. Usernames and display names are controlled exclusively by the account owner. Other users cannot modify, edit, or alter another user's profile name. Whatever name a user sets for their profile remains unchanged unless updated directly by that user.

Add Friends Visibility Control

This governs inbound exposure and logically follows identity control. Users can choose whether their profile appears in Add Friends suggestions. When disabled, the account is not surfaced through friend discovery tools, allowing users to limit unsolicited connection requests and control how their profile is discovered.

Mutual Friends Visibility Control

Users can choose whether mutual friends are displayed on their profile. When disabled, shared connections are not shown to other users, reducing unnecessary exposure of social relationships while maintaining normal platform functionality.

Data & Privacy Overview

1. Messages are stored locally on the user's device and are automatically removed if the app is uninstalled. Messages are temporarily stored on the server only until delivery and are deleted once read. All message data is encrypted and not readable at any stage.
2. This approach minimises data retention, reduces exposure to unauthorised access, and ensures message handling is limited strictly to what is necessary for communication delivery, in line with data minimisation and security principles.
3. Media and other content are encrypted during transit and are not linked to real-world user identities, as all profiles operate anonymously.
4. This protects user privacy, prevents identity correlation, and ensures content transmission remains secure while allowing core platform functionality to operate without collecting personal identifiers.
5. IP addresses and location data are not stored.
6. This limits the collection of sensitive technical identifiers, reduces the risk of user tracking or profiling, and supports user safety by preventing unnecessary location or network data retention.
7. Advertising identifiers are only accessed if a user explicitly opts in via settings and are used solely for optional personalised features.
8. This ensures user choice and consent, complies with applicable advertising and privacy regulations, and prevents the use of device identifiers without clear, informed user approval.