No metadata, because no middleman.
The most private message is the one that never crossed anyone's server. FLVSH has no operator to subpoena, no logs to leak, and no metadata graph to sell — structurally, not as a policy promise.
Modern messengers encrypt the payload and log everything else: who talks to whom, when, how often, from where. That social graph lives on infrastructure someone else owns, governed by policies that change and jurisdictions you didn't pick.
FLVSH's answer is architectural. There is no server, so there is no place where the graph accumulates. Identity is a keypair you generated, encryption is end-to-end by construction, relays carry ciphertext they can't open, and history exists only in the SQLite file on your own phone.
No account, no graph
Nothing links your keypair to a phone number, email, or name. The identity was born on your device and is meaningless off it.
Radio-range threat model
An adversary must be physically present to even see ciphertext. There is no remote endpoint to compromise from another continent.
Disappearing messages that disappear
Expiry deletes rows from the local database. There is no cloud copy, no backup snapshot, no 'deleted for you but kept for us.'
You can't leak what was never collected.