How We Protect You

All message content is encrypted with AES-256-GCM using a Data Encryption Key (DEK) unique to you. The DEK is encrypted with a Key Encryption Key (KEK) derived from your passphrase via PBKDF2 (100,000 iterations, SHA-256). Your passphrase is never stored or transmitted — even we cannot decrypt your messages.

All connections are encrypted in transit via TLS. HTTP requests are automatically redirected to HTTPS at the Cloudflare CDN layer. HSTS headers ensure browsers always connect securely.

TOTP-based two-factor authentication (compatible with Google Authenticator, Authy, and other apps) adds an extra layer of protection to your account.

100 requests/minute per IP, 1,000 requests/minute per authenticated user. Account lockout after 5 failed login attempts (15-minute cooldown with email notification).

Media files (voice/video) are stored in Cloudflare R2 with server-side encryption (SSE-S3). All access is via presigned URLs with 1-hour expiry — no public bucket access.

PostgreSQL hosted on Neon with SSL-only connections. All sensitive fields encrypted at rest. Parameterized queries prevent SQL injection. Regular dependency audits via Dependabot.

Strict Content Security Policy (CSP) headers prevent XSS attacks. Tiptap HTML content is sanitized with DOMPurify. No inline scripts allowed.

One-click immediate account deletion. All data — drafts, recipients, encryption keys, executor data — is permanently purged. No backups retained. No guilt loops.