← Back to home

Security at VaultChat

VaultChat is engineered so your conversations stay yours — open cryptography, careful key management, and a small data footprint.

1. Encryption Standard

VaultChat uses well-studied open cryptographic primitives — Double Ratchet, X25519, and XSalsa20-Poly1305 — implemented via the NaCl/tweetnacl library and standard WebRTC.
  • Double Ratchet Algorithm: Forward secrecy for 1:1 chats.
  • X25519 / Curve25519: Elliptic-curve Diffie-Hellman key agreement.
  • XSalsa20-Poly1305: Authenticated symmetric encryption (NaCl secretbox) for messages and attachments.
  • DTLS-SRTP: Forward-secret transport for voice and video calls (via WebRTC).

2. End-to-End by Design

Encryption and decryption happen entirely on your device. Your private keys never leave it.
  • Private keys are generated and stored on your device only.
  • Messages are encrypted before they touch our servers.
  • Our servers see ciphertext for messages, attachments, voice notes, and group chats.
  • Backups are encrypted on-device with a key derived from your Vault PIN before upload.

3. Infrastructure

We use a small set of providers, each scoped to the minimum role needed.
  • Supabase: Managed PostgreSQL backend for account metadata, encrypted message ciphertext routing, and encrypted server backups. Protected by row-level security.
  • Twilio: SMS verification codes and security alerts only. Twilio never sees message content or keys.
  • Railway: Hosts our signaling server for real-time message delivery and call setup. Sees ciphertext only.
  • Apple & Google push services: Used solely to wake your device. Notification payloads never include message content.

4. Data Retention

We keep only what's needed to operate the service.
  • Message content: End-to-end encrypted. Our servers see only ciphertext.
  • Message metadata: Sender, recipient, room id, and timestamp are retained while your account is active so messages can be routed and re-fetched across reinstalls.
  • Server logs: Retained for up to 30 days for security and abuse prevention, then deleted.
  • Account data: Retained while your account is active. Deleting your account purges associated metadata within 30 days.
  • View-once messages: Ciphertext is deleted from our storage as soon as the recipient has consumed the configured number of views.

5. Responsible Disclosure

If you find a security issue, please email security@vaultchat.co. We acknowledge responsible disclosures within 48 hours.