Security Architecture

Age Restrictions

Content shown to users is based on the age category they select, with creators required to label their content as Above 18, Kids Content, or Everyone, ensuring users are only shown content that aligns with their chosen category and supporting age-appropriate visibility across the platform. As accounts naturally progress and reach the age of 18, they are automatically transitioned into an adult account, allowing full access to 18+ content. Visibility between adult and under-18 accounts is strictly restricted, and the only way the two separate age groups are visible to one another is if both users explicitly add and accept each other as friends, at which point their accounts become visible to one another, with no recommendations, discovery, or exposure outside of this direct connection.

Self-Custodial Log In

All users are able to access the platform using secure, user-controlled credentials, with two available sign-in approaches designed around user preference: a familiar sign-in method such as Apple or Google for convenience and streamlined access, alongside credentials generated at account creation that are designed to remain under the user’s control for those who prioritise increased privacy and ownership over their accounts. PYRAM prioritises security and personal control, with limited recovery options in place to help reduce the risk of unauthorised access while maintaining usability. This approach focuses on protecting users from common risks such as phishing, identity theft, and data exposure by reducing reliance on traditional identity-based systems and minimising risks. For added flexibility, users may also create a self-destruct account at signup, with a user-defined deletion timer ranging from hours to years, allowing them to control how long their presence remains active on the platform.

End-to-End Encrypted Messaging

All private messages are protected using true end-to-end encryption, meaning only the sender and recipient can read the content. Encryption keys are created and held solely by the communicating users. PYRAM does not access user message content and applies encryption technologies designed to protect communications. To strengthen this further, PYRAM uses the Double Ratchet algorithm, which continuously updates encryption keys as messages are exchanged, preventing past or future messages from being exposed if one were ever compromised. In simple terms, it works like changing the lock after every message, each generated key would open only that single message. Message forwarding is disabled to reduce the risk of unintended sharing or redistribution. Messages can be set to disappear and are not retained beyond their intended delivery lifecycle. Users can also delete messages they have sent for both themselves and the recipient, permanently removing the message from the conversation. This is designed to protect users and creators in cases where content is sent by mistake, shared unintentionally, or needs to be withdrawn to prevent accidental leaks or misuse.

Double Maze Lock Messaging

Double Maze Lock adds an extra layer of protection to encrypted messages through a proprietary, user-controlled security model unique to PYRAM. When enabled, a message is locked the moment it is sent and stays hidden until both the sender and the recipient unlock it together, and is designed to require both participants for access. Each user has their own private 4-digit code, and both users' codes combined are required when the message is opened. These codes are not accessible to PYRAM and are controlled by the users. Messages can only be opened when both users unlock them using their 4 digit individual codes. Access is temporary and must be re-authorised each time, meaning messages cannot be reopened later without both users present. Access is temporary and must be re-authorised each time, so messages cannot be opened later without both users present.

Metadata Control

Metadata Control gives users clear visibility over how content is distributed and optimized within the platform. Standard accounts maintain limited metadata usage by default unless manually enabled by the user, allowing for a more controlled experience for users. When a user switches to a Creator Account, metadata optimization is automatically enabled to support audience growth, content discovery, performance analytics, monetization features, and platform visibility. These signals help improve recommendations, engagement insights, and overall creator performance while ensuring data usage remains transparent and designed to enhance the creator experience and reach.

Channels & Content Protection

PYRAM Channels are built to give content creators full ownership and control over how their content is shared and accessed. Every post inside a channel is end-to-end encrypted and only viewable by approved members, with no public links and while limiting unnecessary exposure of location or source data to other users. This keeps content confined to its intended audience while protecting creators from unwanted exposure. Channel owners can enable screenshot blocking, screen recording prevention, and audio recording blockers to protect paid, private, or exclusive content by supporting controlled access and responsible content handling. Admins can manage channels and content without ever accessing creator data or message content. Whether a channel is public or private, creators decide the rules, the access, and the level of protection, ensuring their content stays encrypted, controlled, and owned by them at all times.

PYRAM Stories

Story posts on PYRAM are private by default as part of the platform's core setup to reduce unnecessary data exposure and support responsible data handling. From initial setup, all story media is treated as secure content and is only shared based on user-defined visibility settings. Private and Friends Stories are protected using AES 257 encryption, meaning media is encrypted before transmission and only viewable by the intended audience. Stories shared through Private or Friends Stories remain visible only to selected users, keeping content restricted to trusted personal connections rather than the wider platform. This default design is especially important for content creators, allowing clear separation between personal connections and public audiences, and ensuring private, sensitive, or paid content remains controlled and protected unless deliberately made public. PYRAM offers seven locations to post a media story. If a user chooses to post on Discovery Stories, Public Stories, Subscriber Stories, Spotlight, or a Live Feed, that content becomes viewable across the wider platform by design. Creators can include a viewer discretion notice on story posts to help protect viewers from potentially sensitive visual effects. Screenshot and audio blockers apply to all media posts, giving users full control over their own content.

Voice Notes & Voice Changer

Voice notes allow users and content creators to communicate quickly and naturally when typing isn't practical, just like standard voice messaging. Once a voice note is sent, it cannot be edited and can only be deleted by the sender, helping prevent misuse. Users can optionally enable a voice changer, which slightly alters how a voice sounds before the message is sent. This is intended for comfort, consistency, or creative use, and can be particularly useful in business, creator, or sensitive conversations where additional privacy or consistency in communication may be preferred. The voice changer is optional, fully controlled by the user, and works seamlessly. Together, these features provide a practical and discreet way to communicate by voice while reducing the risk of confidential details, internal discussions, or sensitive business information being unintentionally leaked or misused.

Encrypted Calls

Voice and video calls on PYRAM are delivered using Agora's real-time communication infrastructure. Calls are protected through a layered security model in which PYRAM encrypts the call initiation and session key, and Agora applies its own secure transport encryption, ensuring privacy at multiple stages. For each call, a unique session key is dynamically generated between the participating users and exchanged through an encrypted channel, with the key never transmitted in plaintext. Even if an encrypted key were intercepted, it could not be used to join or access the call without successful decryption. This encrypted key exchange protects against interception and man-in-the-middle attacks during call setup. PYRAM does not access call content or usable encryption keys, and Agora provides the underlying communication infrastructure, including secure transport encryption, while PYRAM applies additional encrypted session handling. Call content is protected during transmission and is not accessible., ensuring that voice and video data is protected during communication between users while maintaining secure and reliable real-time communication.

SSL Pinning

SSL pinning adds an extra layer of connection security by ensuring the app only trusts approved server certificates associated with PYRAM. This helps prevent man-in-the-middle attacks, where a third party may try to intercept traffic by presenting a fraudulent certificate between the user and the platform. By validating the trusted certificate directly within the app, PYRAM decreases the risk of users connecting to unauthorised or impersonated endpoints and extremely strengthens the integrity of encrypted communications. Most importantly, this protection applies across all user interactions, not just payments, securing private messages, voice and video calls, media transfers, and payment processing, ensuring that communication between two users cannot be intercepted, altered, or monitored by external parties, protecting all users.

Geographic Maps

Maps on PYRAM use Ghost Mode as a default location-privacy setting designed to limit the visibility of user location within the app. When enabled, location information is not displayed on maps or shared with other users, and no live location status is shown. This ensures location data is not exposed unless a user explicitly chooses to make their location visible. All core app functions remain available regardless of map visibility. If a user intentionally disables Ghost Mode, their profile becomes visible on the map and may participate in optional location-based features such as Matches and swipe discovery, where enabled. This approach ensures location sharing is user-controlled, intentional, and aligned with standard privacy and data-protection expectations.

Create Your Own PIN

Users can choose to create their own PIN instead of relying on Apple or Google credentials. This option exists to ensure account access is created, managed, and controlled solely by the user. While biometric sign-in can be convenient, biometric identifiers such as fingerprints or facial data are fixed and cannot be changed if compromised. A user-defined PIN, by contrast, can be updated or replaced at any time by the user, without involvement from PYRAM. This approach provides flexibility, long-term account control, and a user-managed access method aligned with standard security best practices and personal preference.

Encrypted Notes & Folders

Encrypted Notes & Folders allow users to securely store personal notes, files, and private information within the app. Content is protected using encryption and is designed to be accessible only by the user who created it. Users can organise and manage their content freely while retaining full control, making this feature suitable for personal use, business planning, and sensitive information storage.

Username Integrity

This is the foundation of identity control. Usernames and display names are controlled exclusively by the account owner. Other users cannot modify, edit, or alter another user's profile name. Whatever name a user sets for their profile remains unchanged unless updated directly by that user.

Add Friends Visibility Control

This governs inbound exposure and logically follows identity control. Users can choose whether their profile appears in Add Friends suggestions. When disabled, the account is not surfaced through friend discovery tools, allowing users to limit unsolicited connection requests and control how their profile is discovered.

Mutual Friends Visibility Control

Users can choose whether mutual friends are displayed on their profile. When disabled, shared connections are not shown to other users, reducing unnecessary exposure of social relationships while maintaining normal platform functionality.

Data & Privacy Overview

1. Messages are primarily stored on the user's device and handled in accordance with security and data minimisation practices. Messages may be temporarily processed on servers for delivery and are handled in accordance with platform security and data retention policies. All message data is encrypted and not readable at any stage.
2. This approach minimises data retention, reduces exposure to unauthorised access, and ensures message handling is limited strictly to what is necessary for communication delivery, in line with data minimisation and security principles.
3. Media and other content are encrypted during transit and are handled using privacy-focused design principles, allowing users to control how their information is shared.
4. This protects user privacy, prevents identity correlation, and ensures content transmission remains secure while allowing core platform functionality to operate without collecting personal identifiers.
5. IP addresses and location data are handled in accordance with privacy and security requirements, with user-controlled settings determining visibility within the platform.
6. This limits the collection of sensitive technical identifiers, reduces the risk of user tracking or profiling, and supports user safety by preventing unnecessary location or network data retention.
7. Advertising identifiers are only accessed if a user explicitly opts in via settings and are used solely for optional personalised features.
8. This ensures user choice and consent, complies with applicable advertising and privacy regulations, and prevents the use of device identifiers without clear, informed user approval.

Silenced Accounts

At PYRAM, accounts are not deleted, they are silenced. When platform rules are broken, an account may be restricted from posting or interacting while remaining accessible, preserving user access rather than erasing it. Silencing may be temporary or extended depending on the situation, and during this time users retain access to their account and existing photos and videos, while engagement features are locked until the issue is resolved. Reports are reviewed by the PYRAM moderation team, and proportionate actions are taken to maintain platform integrity. This approach is built around accountability over erasure, ensuring users are treated fairly while protecting their right to access and withdraw their own photos and videos from their account and saved Moments.

Own Your Content. Own Your Audience. Own Your Income.