Enzypher
Back
Sign in

Privacy Policy

Enzypher is a privacy-first chat platform where your messages are stored as ciphertext only. Plaintext is visible solely in ephemeral client memory and never persisted on the server. We enforce a dual-key model to give users full control over message access.

By using Enzypher, you consent to the practices outlined here.

Data We Collect

  • Account info: email, display name, profile image.
  • Encrypted messages and metadata (timestamps, delivery status).
  • Usage statistics for platform performance (anonymized).

How We Use Your Data

  • Deliver encrypted messages securely to recipients.
  • Maintain account authentication and session management.
  • Enable features such as profile updates and dialog previews.
  • Analyze anonymized usage trends to improve the platform.

Encryption & Key Management

Enzypher uses a dual-key model:

  • USER_PUBLIC_KEY: Stored in your profile, used to encrypt session keys for your device.
  • USER_PRIVATE_CRED: Local secret to unwrap session keys; never sent in plaintext.
  • SERVER_PRIVATE_KEY: Environment-only key used to wrap session AES keys; never exposed.
  • Session AES Keys: Symmetric keys derived per conversation and held in client memory for ephemeral decryption.

Client-First vs Server-Assisted Flows

By default, Enzypher uses a client-first model: messages are encrypted/decrypted locally. Server-assisted decryption is optional and opt-in; plaintext may be visible briefly during processing but never persisted.

Row-Level Security (RLS)

All sensitive tables enforce RLS. Access is restricted by conversation membership and ownership. Admin operations are performed only via server-side Edge Functions with service-role keys.

Attachments & Ephemeral UI

  • Attachments are stored encrypted in Supabase Storage.
  • Previews display only placeholders until decrypted locally.
  • Decrypted content auto-hides based on configurable timers.

Cookies & Tracking

Minimal cookies are used to maintain sessions. No third-party tracking occurs on messages or keys.

Your Rights

  • Update or delete your account at any time.
  • Request data associated with your account.
  • Manage encryption and ephemeral settings.

Contact & Support

Questions about privacy can be directed to support@enzypher.com. For technical help, visit our Contact Page.