End-to-end
Sealed on your device
Every file gets its own random key (XSalsa20-Poly1305), wrapped to your recipient’s public key and signed by yours. Only they can open it — and they can prove it came from you.
Zero-knowledge relay
A mailbox that can’t read
The relay is a dumb, encrypted mailbox. It sees ciphertext and a username to route to — never your files, never your keys. Curious or compromised, it has nothing to give up.
Metadata-minimised
Even the size is hidden
Blobs are size-padded so the relay can’t tell a memo from a movie, filenames ride inside the sealed payload, and the relay keeps no per-request logs — no IPs, no history.
Tamper-evident
MITM-proof by number
Any altered byte is rejected on decryption. Compare a 40-digit safety number with your contact and you’ve proven, mathematically, that nobody swapped a key in between.
Yours at rest
Face ID & passphrase
Lock your identity with a passphrase (PBKDF2, 250k rounds) or unlock with Face ID on iPhone. Your private keys are generated on-device and never leave it.
Open primitives
No home-made crypto
Built on TweetNaCl — audited X25519 key exchange and XSalsa20-Poly1305. No bespoke curves, no clever shortcuts. There’s nothing to trust but the maths.