Built by a person, not a corporation.
I wanted a private space to share photos with my partner. Nothing like it existed. So I built one.
Alfredo V. Clemente
Founder
Software developer and AI researcher. Based in Norway.
The alternatives were some combination of expiring messages (low quality, no library), a hidden folder (still in my camera roll, one swipe away from accidental exposure), and hoping for the best. It was duct tape over a missing product category.
Then I realized something: if you encrypt content on the device and hold the decryption key on the server, you can destroy that key later. Not a “delete request” that asks the other person’s device to cooperate. Actual key destruction. If the key is gone, the content is locked. That changes the entire equation.
So I built a dedicated space: isolated from the camera roll, encrypted on the device, with revocation built into the architecture. Not a messenger with privacy bolted on. A product designed from the start around the idea that both people should feel comfortable sharing.
I also know that relationships are not always simple. Some people come to Tucked because they have already been hurt. If you have ever asked someone to delete your photos and had to just trust that they did, Tucked was built so you never have to ask. That awareness shaped every decision: revocation is free and always will be, the limitations are disclosed honestly, and consent is enforceable rather than assumed.
What we believe
Consent should be enforceable
If someone has the right to view private content, that right should be able to be withdrawn. Consent should not depend on the other person cooperating, behaving well, or agreeing to delete something later. Tucked is built so the platform itself can enforce that boundary.
Revocation is part of that promise, and it will always be free.
Privacy means knowing less
To us, you are mostly an anonymous ID plus the minimum needed to run the service. Using Tucked requires no email, no phone number, and no social profile.
Honesty over slogans
We are not interested in making absolute claims we cannot defend. Trust is earned by being clear about what a product does, what it does not do, and where its limits are.
Narrow on purpose
Tucked does one thing and tries to do it well.
We are not trying to be a general social network, a broad messenger, or a cloud storage product with privacy language layered on top. High-stakes products get worse when they try to do everything.
Tucked is built for one specific job: private sharing for couples, with real control built into the architecture. That focus is what lets us make clear product decisions, design around real risks, and avoid the compromises that make other tools feel careless.
Our limitations
No app can guarantee perfect protection, and we will never pretend otherwise.
Tucked is built to make unauthorized retention and later access as difficult as possible. We do not write decrypted content to disk, we minimize how long sensitive material exists in memory, and we make revocation central to the system. But no software can eliminate every attack path.
A determined recipient may still try to capture what they see, or attempt to extract usable data while content is being viewed. Tucked is designed to narrow that window as much as possible, not to deny that it exists.
What matters is what happens after that window closes. If usable data has not been extracted by the time access is revoked and in-memory state is gone, the content cannot be recovered afterward. That is the protection Tucked is built around: not a promise of perfect safety in every moment, but strong protection against future access once consent has been withdrawn.
Trust and transparency
Tucked is built and operated by one person. There are no investors, no advertising partners, no board of directors. The subscription model means Tucked’s only customer is you. There is no second business built on your data.
- Your data is yours. Account deletion removes everything we hold. You are never locked in.
- If Tucked ever shuts down, you will get advance notice and the ability to delete your content before anything changes. Your content is encrypted client-side, so server-side data is useless without your device keys.
- Norwegian jurisdiction. Tucked is operated by ACR Holding AS, registered in Norway, subject to Norwegian and EU data protection law.