A concise overview of encryption, identity, and transport used by the platform.
Zero-knowledge architecture: servers cannot read content. Clients perform all encryption/decryption. Identities are emails; no phone numbers required.
Client-side symmetric encryption using AES-256/GCM with random IVs. Keys are exchanged out-of-band, or via a mutually authenticated channel.
Media encrypted end-to-end using SRTP with client-negotiated keys. Email address acts as identity; no SIM. Signaling metadata is minimized.
Keys are generated client-side and never stored in plaintext on servers. For persistence, encrypted key material can be protected with passphrase-based KDFs.