Meow Privacy Policy
Privacy Policy — Meow
Last Updated: May 8, 2026
This Privacy Policy describes how the Meow application (“the App”, “we”, “us”, “our”) collects, uses, stores, and protects user information. By using the App, you agree to the practices described in this document.
Overview
Meow is a privacy-focused Telegram client designed to protect your information through an additional layer of end-to-end application-level encryption. Unlike traditional Telegram clients, Meow operates on a single chat — you configure one Telegram group, and all communication happens exclusively within that channel. There is no multi-chat interface.
All messages, photos, videos, and documents are encrypted before being sent to Telegram using a shared encryption password defined by the users of the configured group. This means that even if Telegram’s servers were compromised, the content would remain unreadable to anyone who does not possess the shared password. Meow does not have access to your content.
Meow is built for users who require an extra layer of confidentiality beyond what standard messaging applications provide.
1. Information We Collect
1.1 Authentication Data
To sign in, the App requests and transmits the following data directly to Telegram’s servers:
- Phone number — used to identify your Telegram account.
- Verification code — received via SMS or phone call, sent to Telegram to complete the sign-in process.
- Two-step verification password (2FA) — if enabled on your Telegram account, it is sent directly to Telegram. The App never stores it locally.
1.2 Account and Profile Data
Once authenticated, the App may access and locally cache:
- Your Telegram user ID and username.
- Profile photos of other users participating in the configured group, cached locally for a maximum of 24 hours.
1.3 Messages and Media Content
The App processes content you send or receive in the configured Telegram group:
- Text messages — sent to the Telegram group; they may be additionally encrypted using the App’s own encryption (AES-256-GCM) before transmission, if this feature is enabled.
- Photos — EXIF metadata (including GPS coordinates, altitude, and other location data) is automatically stripped before sending. Images are encrypted with AES-256-GCM before upload.
- Videos and documents — encrypted with AES-256 before sending.
- Audio messages — recorded on your device and encrypted with AES-256-GCM before upload.
- Reactions and message metadata — stored locally in cache.
- Downloaded files — decrypted copies of files received in the group are saved locally to the device’s Downloads folder when explicitly requested by the user. Files remain on your device until manually deleted.
1.4 Settings and Preferences
The App stores the following user preferences locally:
- Identifier of the configured Telegram group.
- Active session state.
- App access PIN (stored only as a PBKDF2 hash with a random salt; never in plain text).
2. How We Use Your Information
- Authentication: your phone number, verification code, and 2FA password are used exclusively to authenticate your account on Telegram through the TDLib library. The App does not store this data once the process is complete.
- Messaging: messages and files are sent to the Telegram group you configure. The App applies an additional layer of proprietary end-to-end encryption (the “Meow” system, AES-256-GCM/CTR) to files and, optionally, to text messages.
- Local cache: messages, reactions, and avatars are stored locally to improve performance and user experience. This cache can be cleared from your device settings.
3. Sharing of Data with Third Parties
The App does not sell, rent, or share your data with third parties for commercial purposes.
The only external entity the App communicates with is Telegram Messenger (through the official TDLib library), using the encrypted MTProto protocol. All content you send is also subject to Telegram’s Privacy Policy.
The App does not incorporate any analytics, advertising, social media, or crash reporting SDKs from third parties.
4. Third-Party Libraries & SDKs
Meow uses the following third-party open-source libraries. None of them collect, transmit, or share any personal data with their authors or any external party.
| Library | Publisher | Purpose | Data Collected |
|---|---|---|---|
TDLib (libtdjni.so) | Telegram | Official Telegram client library (MTProto protocol) | Communicates with Telegram’s servers only. No data sent to library authors. |
| Jetpack Compose | Google / AOSP | Declarative UI framework | None |
| AndroidX Core / AppCompat / Material | Google / AOSP | Android UI components and compatibility | None |
| Room | Google / AOSP | Local SQLite database (messages, reactions, avatars cache) | Stored locally only |
| DataStore | Google / AOSP | Key-value preferences storage | Stored locally only |
| EncryptedSharedPreferences / Security Crypto | Google / AOSP | Encrypted local storage backed by Android Keystore | Stored locally only; no external transmission |
| ExifInterface | Google / AOSP | Reading and stripping EXIF metadata from images | Used locally; GPS/location data is removed before sending |
| Media3 / ExoPlayer | Google / AOSP | Encrypted video playback via custom DataSource | No data collected or transmitted |
| Kotlin Coroutines | JetBrains | Asynchronous programming | None |
No advertising, analytics, crash reporting, social media, or tracking SDKs are included in this application.
5. Data Storage and Security
We do not operate any servers. Meow does not have its own backend, cloud infrastructure, or any server of any kind. We do not store, transmit, or have access to any user data — messages, files, credentials, encryption keys, or any other information — on external or proprietary servers. All data remains exclusively on your device and on Telegram’s servers (governed by Telegram’s own Privacy Policy).
4.1 Local Storage
| Mechanism | Content |
|---|---|
Room database (meow.db) | Cache of messages, reactions, and avatars (TTL: 24 h for avatars) |
Encrypted DataStore (meow_settings) | General App preferences |
| EncryptedSharedPreferences | PIN (PBKDF2+salt hash), encryption key — protected by Android Keystore (AES-256-GCM) |
| TDLib internal directory | Telegram session, TDLib internal database |
| File cache | Downloaded files, thumbnails, and documents (encrypted) |
| Downloads folder | Decrypted files saved when explicitly requested by the user to download files from the group. Files are stored in clear on the device until manually deleted by the user. |
| Temporary audio cache | Audio recordings captured by the user during message composition (deleted after send or cancel) |
4.2 Security Measures
- Application-layer encryption:
- Photos, documents, and thumbnails: AES-256-GCM.
- Videos (streaming): AES-256-CTR.
- Key derivation: PBKDF2WithHmacSHA256.
- Access PIN: stored as a PBKDF2WithHmacSHA256 via
EncryptedSharedPreferencesand Android Keystore. Never in plain text. - Encryption key: stored in
EncryptedSharedPreferencesbacked by Android Keystore. - Metadata stripping: EXIF data from images (GPS, altitude, etc.) is automatically removed before sending.
- Temporary files: decryption temporary files are automatically deleted when the App starts.
- Internal access control: the App blocks any operation targeting groups or chats other than the one configured.
6. Shared Encryption Key — User Responsibility and Limitation of Liability
5.1 How we store the shared key
The shared encryption password you configure in Meow is stored exclusively on your device using Android’s EncryptedSharedPreferences, which is backed by the Android Keystore system with AES-256-GCM encryption. The key is never transmitted to our servers, never logged, and never stored in plain text. It remains on your device and under your control at all times.
5.2 Your responsibility for the shared key
THE SECURITY OF YOUR SHARED ENCRYPTION KEY IS SOLELY YOUR RESPONSIBILITY.
By using Meow and configuring a shared encryption password, you acknowledge and agree that:
- You are solely and exclusively responsible for the safekeeping, confidentiality, and proper distribution of your shared encryption key.
- You must share the encryption key only through secure, trusted channels and only with individuals you explicitly authorize to access the encrypted content.
- Meow provides the technical means to protect your data, but cannot enforce or guarantee the security of how you choose to distribute or manage the shared key outside of the App.
5.3 Disclaimer of liability for key mismanagement
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE EXPRESSLY DISCLAIM ALL LIABILITY FOR ANY LOSS, DAMAGE, UNAUTHORIZED ACCESS, DATA BREACH, OR ANY OTHER HARM ARISING FROM:
- Your failure to maintain the confidentiality of the shared encryption key.
- Disclosure of the shared key to unauthorized parties, whether intentional, negligent, or accidental.
- Use of a weak, guessable, or reused password as the shared key.
- Any compromise of the shared key resulting from actions taken outside the App (e.g., transmitted via insecure channels, written down, stored insecurely).
- Any security incident attributable to the shared key being obtained, intercepted, or misused by any third party due to the user’s conduct.
In any such event, the user assumes full and sole liability for any resulting consequences, including but not limited to unauthorized access to encrypted content, disclosure of private communications, and any associated damages.
5.4 Disclaimer of liability for misuse of the application
THE APP IS PROVIDED “AS IS” AND “AS AVAILABLE”, WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. To the fullest extent permitted by law:
- We are not responsible for any illegal, unauthorized, or improper use of the App by any user.
- We disclaim all liability for any direct, indirect, incidental, special, consequential, or exemplary damages arising from the use or misuse of the App, including but not limited to loss of data, privacy breaches, or any harm caused to third parties.
- Users are solely responsible for ensuring their use of the App complies with all applicable local, national, and international laws and regulations.
- We reserve the right to terminate access to the App for any user found to be engaging in unlawful, abusive, or harmful activity.
7. Application Permissions
The App requests the following system permissions:
| Permission | Minimum API | Reason |
|---|---|---|
INTERNET | All | Communication with Telegram’s servers through TDLib |
ACCESS_NETWORK_STATE | All | Verify network connectivity before performing operations |
RECORD_AUDIO | All | Record and encrypt audio messages sent within the group |
WRITE_EXTERNAL_STORAGE | API 28 (Android 9) and below | Save decrypted files to the device’s Downloads folder (on Android 10+, uses MediaStore without this permission) |
8. Data Retention
- Local cache data (messages, avatars) is retained while the session is active and can be deleted by clearing the App’s data from device settings.
- Data on Telegram’s servers is subject to Telegram’s retention policy.
- Upon signing out or uninstalling the App, local data stored by the App is deleted from the device.
9. Minors
The App is not directed at minors under 18 years of age. By using the App, you confirm that you are of legal age. Since all data is stored locally on the device and we have no access to it, we are unable to identify or remove any information that may have been entered by a minor.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be communicated by updating the “Last Updated” date at the top of this document. We recommend reviewing this page periodically.
11. Contact
If you have questions or concerns about this Privacy Policy, you can contact us at:
Meow Email: [email protected]
This Privacy Policy applies solely to the Meow application and does not cover Telegram Messenger’s services. For information on how Telegram handles your data, please refer to Telegram’s Privacy Policy.