Every message is encrypted directly in your browser using AES-256-GCM before a single byte leaves your device. Your password never travels over the network — it exists only in your browser for the instant it takes to derive an encryption key, then it’s gone. What reaches our servers is pure ciphertext: mathematically indistinguishable from random noise without your password.
This isn’t a policy promise — it’s a technical guarantee. We have no back door, no recovery mechanism, and no way to assist anyone who asks us to hand over your message content, because we genuinely do not have it.
The encrypted blob stored on our servers is never sold, traded, rented, or shared with third parties — advertisers, data brokers, or anyone else. We do not run analytics on message content (again: we can’t), and we do not log which messages are accessed or by whom.
If we ever receive a lawful order compelling us to produce message content, the only thing we could hand over is the same opaque ciphertext that’s already publicly accessible via the share link. Your password is the only key.
Encrypted messages are deleted from our servers after 30 days. We keep no backups of individual messages beyond that window.
Standard server infrastructure logs (IP addresses, request timestamps) may be retained briefly for abuse prevention and are not linked to message content. We do not use cookies, tracking pixels, or third-party scripts of any kind.
If you have questions about this policy, the underlying cryptography, or how encrypticate works, you’re welcome to reach out. We believe transparency is the foundation of trust.