Encrypted · Anonymous · Zero logs

Say anything. Leave nothing.

YAP is the anonymous encrypted group chat built for people who take privacy seriously. No sign-up, no email, no IP stored — messages vanish automatically after 24 hours.

Open a Chat Room Embed on Your Platform

24hAuto-Delete

0Logs Kept

0Accounts Required

0Data Sold

Messages encrypted at rest

IP never stored — hashed only

24h auto-delete, no exceptions

No account, no email, no phone

No fingerprinting, no WebRTC leaks

DOMPurify XSS protection

Strict CSP headers on every request

WebSocket origin validation

GDPR compliant — no tracking

Messages encrypted at rest

IP never stored — hashed only

24h auto-delete, no exceptions

No account, no email, no phone

No fingerprinting, no WebRTC leaks

DOMPurify XSS protection

Strict CSP headers on every request

WebSocket origin validation

GDPR compliant — no tracking

Why YAP

A chat that respects
your right to privacy.

From sharing crypto alpha to organising a private group — YAP gives you the freedom to communicate without leaving a digital footprint.

Zero Identity Required

Open YAP and start chatting instantly. A random anonymous identity is generated locally in your browser. No email, no phone number, no account — nothing that connects back to you.

Self-Destructing Messages

Every message, vote, and session is permanently erased after 24 hours. No archive, no backup, no recovery. What's said in YAP stays in YAP — then disappears entirely.

Share via Link

Create a private room and share the unique link with your group. Anyone with the link can join instantly — no invite codes, no account needed on their end either.

Real-Time, Always

Messages, reactions, replies, and deletions sync instantly across all participants via encrypted WebSocket. No polling, no refresh — everything live.

Full Chat Experience

Replies, emoji reactions, message deletion, report system. Everything you'd expect from a modern chat — without any of the surveillance that comes with it.

We Can't Track You

We have no advertising business. No trackers, no analytics scripts, no data to sell. Technically impossible to identify you — by design, not by policy.

Security Architecture

Built so that nobody —
including us — can read you.

Technically impossible to de-anonymise users

YAP isn't private because of a privacy policy — it's private because the architecture makes it technically impossible to do otherwise. Here's exactly what that means.

server response headers

Content-Security-Policy: strict

Referrer-Policy: no-referrer

Permissions-Policy: camera=(), mic=(), geo=()

X-Content-Type-Options: nosniff

// frame-ancestors per whitelisted domains

Encrypted at Rest

Every message is encrypted before storage. The plaintext never touches the database. Even a complete server breach reveals nothing readable.

AES-256-GCM

IP Address Never Stored

Your IP is hashed with SHA-256 + a secret salt immediately on arrival. Used only for rate limiting, never linked to messages, deleted after 24 hours.

SHA-256 + salt

Automatic Deletion

Messages, reactions, votes, and all session data are permanently purged every 24 hours. No archive, no backup, no way to retrieve them.

24h TTL enforced

Strict Content Security Policy

Every HTTP response includes a strict CSP. Only whitelisted domains can load resources. Injected scripts are rejected before execution.

CSP Level 3

DOMPurify XSS Protection

All user-generated content is sanitised with DOMPurify before rendering. Zero HTML tags allowed in messages. Scammers cannot inject links, scripts, or images.

DOMPurify 3.x

No WebRTC — No IP Leaks

YAP uses WebSocket only. No peer-to-peer connections, no STUN/TURN servers. Your real IP address cannot leak through the chat — not even to other participants.

WebSocket only

No Browser Fingerprinting

No canvas fingerprinting, no WebGL profiling, no font enumeration. Camera, microphone, and geolocation permissions are explicitly blocked via Permissions-Policy.

Permissions-Policy

Zero Referrer Leakage

Referrer-Policy: no-referrer on every response. No external service ever sees where you came from or where you're going.

no-referrer

How it works

Three steps.
Total anonymity.

Open YAP

No sign-up needed. A random identity is generated in your browser. It never leaves your device — we receive nothing that identifies you.

Create or join a room

Generate a unique room link and share it with anyone. Or paste a link to join an existing room. Messages are encrypted end-to-end in transit and at rest.

Chat freely — then vanish

Talk, react, reply, delete. After 24 hours everything is permanently gone. No screenshots possible by the server, no history to subpoena.

For Developers

One iframe.
Zero risk to your platform.

The YAP widget runs in a fully isolated sandbox. It cannot read your DOM, access your cookies, or touch your users' data. Embed it anywhere — the widget and your platform are completely separated.

Currently available for

Token Chat Widgets

The widget currently serves anonymous community chat for crypto token pages. Each contract address gets its own chat room with sentiment voting and a live leaderboard.

Whitelist required

To embed YAP on your platform, your domain must be whitelisted. This is free and ensures the widget can only be loaded from verified sources. Apply once — it takes under a minute.

Open Widget Builder Apply for Whitelist

embed.html

<iframe
  src="https://yaphub.xyz/widget/CONTRACT"
  sandbox="allow-scripts
    allow-same-origin allow-popups"
  referrerpolicy="no-referrer"
  width="380" height="600"
  frameborder="0"
></iframe>

Common questions

Transparency about
how we handle your privacy.

Can you read my messages?

Messages are encrypted before they are stored. We do not hold the decryption keys in a way that allows us to read messages in bulk. Even our database contains only encrypted ciphertext.

Do you log IP addresses?

No. Your IP address is hashed with SHA-256 and a unique secret salt the moment it arrives. The original IP is never written to any database. The hash — which cannot be reversed — is used only to enforce rate limits and is deleted after 24 hours.

What happens when messages are deleted?

After 24 hours, a scheduled job permanently deletes all messages, reactions, votes, and session data from the database. There is no archive, no backup, and no ability to recover deleted messages — not even for us.

Is it safe to embed in a trading terminal?

Yes. The widget runs inside a sandboxed iframe. With the recommended sandbox attribute, the widget cannot navigate your page, access your DOM, read cookies, or call your APIs. All traffic goes through our server — nothing touches your infrastructure.

Do you use cookies or trackers?

No cookies, no advertising trackers, no analytics scripts, no third-party data sharing. Your anonymous identity (UUID and random name) is stored only in your browser's localStorage and is never sent to our servers independently of a chat message.

Who can see my messages?

Only people in the same chat room who have the room link at the same time. Messages are not visible to YAP staff. There is no way to search or retrieve past conversations because they are deleted after 24 hours.

Start talking.
Leave nothing behind.

No sign-up. No email. No IP stored.
Messages gone in 24 hours. Forever.

Open a Chat Room Embed the Widget