Security & privacy

Security and privacy in plain language

See how account protection, message privacy, QR login, linked sessions, and active-device control are handled across Alolo Chat and Alolo Chat Web.

The web experience starts from the phone. Instead of a separate web password flow, the mobile app approves browser sessions with QR linking.

Read receipts, typing indicators, last seen visibility, and notification controls remain user-facing settings rather than hidden assumptions.

Sessions stay persistent for convenience, but they are still treated as separate linked surfaces that can be ended when needed.

The web app keeps the session alive so users can continue where they left off, while preserving a clear logout path.

Security & privacy

How QR login works

The web flow is intentionally close to WhatsApp Web in principle, but fully aligned with Alolo Chat’s own product identity and session model.

1. Generate a secure pairing
The browser asks for a short-lived pairing request and displays it as a QR code.
2. Scan from the app
Inside the profile screen, the mobile app opens a dedicated computer-login scanner and reads the pairing data.
3. Approve the browser session
The app confirms the QR request against the real Alolo Chat account and the browser session becomes active.

Security & privacy

A web session remains available between visits, but it is still meant to be explicitly revocable through logout and future linked-device controls.

The phone remains the origin of trust for browser linking, which keeps identity management close to the authenticated mobile app.

The current bridge is structured so deeper linked-session management can be added later without changing the sign-in concept.