Privacy policy
Last updated: June 4, 2026
What we cannot see
- Your private keys — generated and stored in your browser (IndexedDB).
- Message plaintext — encryption and decryption happen only in your browser.
- Your optional display name — stored in browser localStorage only.
What we may store
- Messages: ciphertext is only in the URL fragment (
#m=…), which is never sent to our server. We do not store message bodies. - Public keys: included in share URLs (
/k/…) you send — not stored in a server database by default.
What we never store
- Private keys, passphrases, or decrypted message content.
Chat apps and browsers may still log URLs you paste. Use links understanding that metadata leaks to those platforms.
Advertising
Optional humble footer sponsors may appear (static image/text only, no video). Configured in our open-source ads.json. We do not sell or share your encrypted message content.
Abuse reports: GitHub issues on the source repository.