End-to-end encrypted — AES-256, sealed on your device. Your IP and device ID never reach the model. No analytics, no ads, no trackers, no training on your chats.
The same cryptography journalists and dissidents trust their lives to — wrapped around every message you send.
Messages are encrypted client-side before they ever leave your device. The server only ever sees sealed ciphertext.
Your passphrase is stretched 600,000 rounds, so even your key material is brutal to brute-force.
Prompts run on ZDR providers that process and immediately discard them — never logged, never stored, never trained on.
When you enable encryption, our servers hold only sealed ciphertext they cannot read. Lose your passphrase and even we can't recover it — that's the point.
We run frontier models through zero-data-retention providers rather than train our own — so there's no pipeline, and no incentive, to ever harvest your data.
Invite-only. No Google, no Meta, no email.