Private by design — proven, not promised.

Every message and file is sealed with AES-256-GCM authenticated encryption, with keys agreed via ECDH on the P-256 curve and derived with HKDF-SHA256. Our deterministic dm_v3 and group_v3 protocols rotate to a fresh epoch every seven days for forward secrecy, so a compromised key never unlocks the past. Our servers store only ciphertext in ScyllaDB, the database behind Blink — they never hold a key that can read your content.

Get started Watch demo

Key benefits

✓

AES-256-GCM authenticated encryption seals every message and media file.

✓

Keys are agreed with ECDH P-256 and derived with HKDF-SHA256.

✓

Direct and group chats run on the deterministic dm_v3 and group_v3 protocols.

✓

Epoch keys rotate every seven days for forward secrecy — old keys can't reopen old messages.

✓

Servers store only ciphertext; media is client-side encrypted before it reaches S3 storage.

Related features

Secure Messaging Cloud Vault Secure Calls

See End-to-End Encryption in action

Get started free and explore all features with your team.

Get started Request a demo