Short answers to the questions that come up most. If yours is not here, write to info@hongi.io and you will get a reply within two working days.
Hongi runs on your device. Pairing, codeword generation, and verification all happen locally with cryptographic primitives that need no internet. The server side is thin and exists for three features that cannot work without it. Everything below is the full list of what we hold, why, and what we never see.
When you pair with someone who is not in the room, the app generates a one-time token. The other phone fetches it, decrypts it locally, and we delete the token once it has been picked up. The payload is end-to-end encrypted between the two devices. We forward a cipher we cannot read.
To deliver a silent ping, the app routes a notification through Apple Push Notification service or Firebase Cloud Messaging, depending on the OS. We store one opaque push token per device. No name attached to it. When you tap Silent ping we ask Apple or Google to deliver an encrypted notification. We never see who you are or what you sent.
If you leave a tip, Stripe handles the card. Hongi sees that a tip was paid and the amount. Nothing is linked to your contacts, your codewords, or anything else in the app. There is no subscription. One-time payment, that is it.
Why this little? Because the threat model is fraudsters who already pretend to be your bank or your family. The less we hold, the less anyone can credibly claim to "have your Hongi data". The codeword between you and your mother lives on your two devices, derived in real time from a key only the two of you share. That is the whole product.
Four short diagrams showing how pairing, codewords, and silent pings actually work. The same drawings you would see on a security whiteboard, with the cryptographic primitive each step uses.
Both phones generate an ephemeral X25519 keypair. The QR carries the public half. Each side combines the other party's public key with its own private key (ECDH) and derives the same shared secret locally. No server ever sees it.
Hongi's relay forwards an end-to-end encrypted invite from one phone to the other. The relay cannot decrypt the payload. After delivery, the two phones derive the same shared secret via X25519 on-device, exactly as in the in-person case.
Every 30 seconds, both phones run HMAC-SHA512 over the shared secret and the current time slot to derive two different codewords. One is what you say, the other is what you hear. An impostor without the shared secret cannot produce either.
To send a silent verification, your phone asks Apple Push Notification service or Firebase Cloud Messaging to deliver an encrypted notification to your contact's device. We forward an opaque push token. We never see who you are or what you asked.
In person: open Hongi, tap Pair, scan the QR code on the other phone. Remote: tap Pair, then Invite link, and send it through any channel. The two devices derive a shared key locally with X25519. No server sees the key.
Codewords cannot be recovered without the device. By design. To restore protection with a contact, both of you re-pair on your new phones. The old pairing on the lost phone is useless to anyone who cannot unlock it, since codewords are derived per session from the device-bound key.
Once you have paired, yes. Pairing happens directly between the two devices via QR or an encrypted invite link. After that, codewords are computed locally from the shared key and the current time. Verification does not need internet.
When a caller feels wrong and you cannot risk asking for a codeword aloud, tap Silent ping. Your real contact gets a push notification: "X is checking, is this really you on the line?" They tap Confirm or Deny. The caller hears nothing.
Tap Pair to start a new pairing. Scan the QR, or send an invite link. Once paired, the contact appears on the Home screen with their current codeword.
In the app, Settings, Delete all contacts removes every pairing and key from the device. You can also visit hongi.io/delete from any browser if you no longer have access to the phone.
Dutch, English, French, German, Turkish, Spanish, Italian, Portuguese, Polish, Arabic, Hindi, Indonesian, Japanese, Korean, and Chinese. The website matches.
Pairing uses X25519 elliptic-curve key exchange (RFC 7748). Codewords are derived with HMAC-SHA512 (RFC 4231) over the shared key and the current 30-second time slot. Keys live in iOS Keychain or Android Keystore, hardware-backed where the device supports it. No server holds the key.
Hongi is the Māori greeting where two people press noses and foreheads together and share one breath, the ha. It marks the moment two people are no longer strangers. The app does the same job in a different shape: two people, paired once, trust each other from then on.
Email info@hongi.io. Tell us the OS (iOS or Android), the app version (Settings, About), and what you were trying to do. The faster we can reproduce, the faster we can fix.
Hongi is free. No accounts, no ads, no tracking. If it helped you dodge a scam or just gave you peace of mind, a tip keeps the lights on.
Leave a tip →