Privacy and P2P architecture

Zero-log social rooms, by design.

Xerah is built so private room messages, presence, voice, camera, screen share, chess moves, and shared pinboard events move between browsers over peer-to-peer WebRTC. Xerah does not operate a message database for those room sessions and does not store room transcripts, media recordings, rosters, or room histories.

What "zero-log" means here

Zero-log means zero social-room logs by Xerah. The app is designed so private room chat and shared-room activity are not persisted to a Xerah server. If you close the tab, leave the room, or switch out of social mode, the live room session ends from your browser.

Xerah does not create server-side records of your private room text, voice, camera, screen share, chess moves, pinboard sync events, or room roster. There is no admin console where Xerah can read your room content, replay a call, or recover a transcript.

How the P2P room works

Browser to browser

Private rooms use WebRTC data channels and media streams. Once peers connect, room messages and media are exchanged between participant browsers. WebRTC encrypts those browser-to-browser connections in transit.

Discovery only

Xerah uses the open-source Trystero P2P library for peer discovery. Discovery/signaling services help browsers find each other, but they are not a Xerah message store and they do not receive private room content as a Xerah room transcript.

What still touches infrastructure

Zero-log P2P is not the same as "no network metadata exists anywhere." The private room content is not stored by Xerah, but normal web delivery and connection setup still involve infrastructure.

App delivery: Loading Xerah requests static files through Cloudflare/CDN infrastructure. Those services may process normal request metadata for delivery, abuse prevention, and security.
Peer discovery: P2P setup may involve signaling and network traversal metadata, such as room topics or connection attempts. Depending on browser and network conditions, connected peers may be able to infer network information from the WebRTC connection.
Third-party modules: Some open-source browser modules are loaded from third-party CDNs. Loading those files creates normal web requests to those CDNs.
AI image: The built-in image tool sends your prompt to Xerah's /api/image Cloudflare Pages Function and Workers AI so an image can be generated. Xerah does not use that endpoint to store private room chat logs or room history.
AI chat: If you add an AI chat provider key, your prompts and responses are sent to the provider you chose. Your key is stored in your browser storage and provider use is governed by that provider's policies.

What stays on your device

Xerah uses browser storage for personal setup, such as your selected view, music settings, home state, onboarding status, optional provider keys, solo notes, solo pinboard items, bookmarks you import, and similar local preferences.

That local browser data is not a private room server log. It remains on the device/browser profile where you created it unless you share it with peers, send it to an AI provider, submit it through a future feedback form, or clear it yourself.

Your practical controls

Use Solo mode when you do not want any peer connection.
Use Social mode only when you want a P2P room.
Close the tab or leave social mode to end the live room session from your browser.
Clear Xerah site data in your browser to remove local settings, saved keys, notes, imported bookmarks, and other local-only data.
Avoid putting sensitive material into AI prompts unless you are comfortable sending it to the selected AI provider or Xerah image generation endpoint.

Plain-language commitment

Xerah's private social surfaces are designed to be ephemeral, peer-to-peer, and zero-log by Xerah. We do not build a central room archive, we do not sell private room content, and we do not provide a server-side transcript recovery feature because the product is intentionally not structured that way.

This page describes the current prototype architecture and privacy posture. It is not a substitute for jurisdiction-specific legal advice, and it should be reviewed before any production launch, enterprise deployment, or regulated use case.