New feature
Secure Locker
Your files live in an encrypted vault where even the filenames are hidden.
Hover to preview
Private by default. Yours by design.
Blink is a secure messenger built on end-to-end encryption. Your servers only ever store ciphertext — your keys never leave your device.
Security you can actually see at work.
Blink's protections aren't buried in settings — they're built into every message, every file, and every device. Here's what's working for you the moment you sign in.
What's new in Blink
Feature enhancement
Transaction messages
Receipts and records never expire, and they are sealed with the same end-to-end encryption as your messages.
Hover to preview
New feature
Reverse-PIN duress wipe
A second PIN quietly erases everything if you are ever coerced into unlocking.
Hover to preview
Roadmap
Disguise apps
Soon you will be able to open Blink behind a weather, game, or stocks icon.
Hover to preview
Roadmap
Fully E2EE voice & video
Calls run over secure media servers today; end-to-end-encrypted calls are coming.
Hover to preview
Roadmap
Switzerland + GDPR residency
Swiss and GDPR data residency is planned; today Blink runs in the US and India.
Private by default
Private by default — not a setting.
Every message and file is end-to-end encrypted before it leaves your device. Servers store only ciphertext, and your keys stay with you.
Every message and file is sealed with AES-256-GCM before it leaves your device. Servers only ever see ciphertext.
How encryption worksPrivacy reaches every corner of the conversation — not just the message body.
Explore secure messagingAES-256-GCM
Authenticated encryption on every message and file, with ECDH P-256 key agreement.
AES-256-GCM
Authenticated encryption on every message and file, with ECDH P-256 key agreement.
Total control of your devices
Total control of every device that holds your data.
See every device, lock down the screen, and revoke a lost one for good — with a keyboard built so nothing can watch you type.
A push-triggered, four-step factory-clean wipe revokes a lost device's keys for good.
Learn about device controlBlink's custom keyboard fully disables the system keyboard on iOS and Android.
Learn about the keyboardScreen protection also includes an app-switcher guard and a proximity blackout for sensitive moments.
Learn about screen protection‘Sources stay protected — end-to-end encryption and a duress wipe mean a seized device gives nothing away.’
Built for when it matters
Built for the moments when it really matters.
Duress defense, the Secure Locker, and immortal transaction records are designed for high-stakes work — when ordinary privacy isn't enough.
The reverse-PIN duress wipe is built for the moments you're under pressure.
Learn about duress defenseTransaction messages stay immortal — encrypted, verifiable, retained.
Learn about transaction messagesRemote wipe
A push-triggered, four-step factory-clean wipe revokes a lost device's keys for good.
Remote wipe
A push-triggered, four-step factory-clean wipe revokes a lost device's keys for good.
Secure Spaces
Secure Spaces, with real roles and real isolation.
Multi-tenant Spaces with proper RBAC, space lock and guarding, and the same encryption guarantees on web, iOS, and Android.
Superadmin, admin, owner, and member roles enforce isolation and policy for every team.
Learn about SpacesDisguise apps, fully end-to-end encrypted calls, and Swiss and GDPR data residency are on the way.
See what's coming
‘Privileged files live in the Secure Locker — encrypted, off the device, with the keys in our hands alone.’
Built for the people who can't afford a leak.
Illustrative personas showing how Blink's architecture holds up under pressure.
How a newsroom protects its sources with Blink.
A legal team keeps privileged files off the device.
Field operations rely on instant remote wipe.
A founder under NDA keeps verifiable, encrypted records.
Privacy that's engineered, not promised.
AES-256-GCM
Authenticated encryption on every message and file, with ECDH P-256 key agreement.
One protocol
Blink runs on web, iOS, and Android with the same encryption guarantees everywhere you sign in.
Forward secrecy
Encryption keys rotate every seven days, so no single key can ever unlock more than a sliver of your history.
The cryptography behind every Blink message.
Your message is sealed before it's sent.
Every message and file is encrypted on your own device with AES-256-GCM authenticated encryption — the “authenticated” part means even a single altered bit is detected and rejected. By the time anything leaves your phone or laptop, it's already sealed.
Your keys never leave your device.
Your devices arrive at a shared secret through an ECDH P-256 handshake — agreeing on the same key without ever sending it — then turn it into working encryption keys with HKDF-SHA256, all on the device itself. We never hold a key, so we could never hand one over.
Even we can't read your messages.
Our ScyllaDB database stores only ciphertext — the scrambled output of encryption, unreadable without your keys. There's nothing readable on our side to leak, steal, or hand over.
A lost device doesn't become a leak.
If a device goes missing, you trigger a remote wipe with a single push, and a four-step cleanup clears it the moment the signal lands — on web, iOS, and Android alike. The device is wiped whether or not it's in your hands.
You don't have to take our word for any of this — that's the engineering, not the promise.
Your messages are sealed before they ever reach our servers.