1ook.uk is a one-way messaging service. Users receive a 5-digit pager number on first app launch. Anyone who knows that number can send them a short message via the public website at 1ook.uk. There are no replies, no accounts, and no social graph.

This Privacy Policy covers both the 1ook.uk sender website and the Online Pager mobile app (iOS and Android). By using either, you agree to the practices described here.

• >Push token (FCM on Android, APNs on iOS) — required for message delivery
• >Session token (UUID) — used for authentication; no email or password
• >Recovery PIN — stored as a bcrypt hash only; plaintext is never retained
• >Assigned 5-digit pager number
• >Block list — fingerprint aliases of senders you have blocked

• >IP address — immediately hashed via SHA-256 into a stable "Adjective Noun" alias (e.g. "Blue Falcon") for internal abuse-prevention only; the original IP address is not retained
• >Message content (text, pixel data, or icon ID)
• >Cloudflare Turnstile CAPTCHA verification token — used to confirm human origin; not used to identify you

Data is used only to operate the service:

• >Delivering messages to the correct device via push notifications
• >Authenticating app users without requiring personal identifiers
• >Allowing number recovery after reinstalling the app
• >Preventing abuse (rate limiting, spam filtering, sender blocking)

Your data is never used for advertising, analytics, profiling, or any purpose beyond operating the service described above.

• >Messages — deleted from our server immediately after your device downloads them; undelivered messages are auto-deleted after 30 days regardless
• >FCM / APNs push token — retained while your account is active; replaced each time you launch the app
• >Sender fingerprint alias — retained only within block records; deleted when you remove a block
• >Messages on your device — entirely under your control via swipe-to-delete, clear all, or the auto-expiry setting (1 day / 7 days / 30 days / forever)

We use the following third-party services to operate:

• >Google Firebase (FCM) — push notification delivery on Android and iOS
• >Cloudflare Turnstile — CAPTCHA verification on the sender website

We do not work with advertising networks, analytics providers, or data brokers.

We explicitly do not collect:

• >Email addresses
• >Phone numbers
• >Names or usernames
• >Location data of any kind
• >Device identifiers beyond the FCM push token
• >Browsing history or cross-app tracking data
• >Per-user analytics, behavioral tracking, or usage profiling
• >Crash reports sent to third-party services
• >Advertising identifiers (IDFA, GAID)

As a receiver (app user) you can:

• >Delete individual messages by swiping them away
• >Clear all messages at once from Settings
• >Block any sender — they receive a fake success and cannot reach you
• >Configure message auto-expiry (1d / 7d / 30d / forever)
• >Uninstall the app to remove all locally stored data immediately

To request deletion of all server-side data associated with your pager number, contact us at [email protected]. We will process deletion requests promptly.

Questions or requests regarding this policy: