Security

Built to be a ghost.

On-device processing. No data collection. No third-party sharing. Every architectural decision starts from the assumption that we should never be able to access your data — because we can't.

No backdoors. Period.
We have no mechanism to access your data, location, or communications — not for us, not for anyone. The architecture makes this technically impossible, not just policy.
We collect almost nothing.
Processing happens on your device. The minimal metadata our infrastructure touches is rotated and deleted on the shortest possible schedule. Your location never hits our servers.
Adversarial by design.
We build assuming our servers will be compromised, our developers will be coerced, and our supply chain will be attacked. Defense in depth is not a slogan — it is the architecture.
Open about what we do.
Our privacy policy is written in plain language. Our data practices are documented. We publish what we collect, what we retain, and what we delete — and we keep that list short.