The relay stores and forwards your messages as raw ciphertext. It cannot read them, has no user accounts, and never sees your name, password, or contacts. Your "address" is the SHA-256 hash of your public key — a number, not an identity. The relay enforces a 24-hour server-side TTL and rate-limits writes per IP to resist flooding.

Messages are encrypted using ECDH P-256 + HKDF + AES-256-GCM before they leave your browser — using only the native Web Crypto API, no libraries. All payloads are padded to 256-byte blocks before encryption so ciphertext length reveals nothing about message length. Only the intended recipient's private key can decrypt them.

A cryptographic keypair generated in your browser. Your private key is encrypted with your App Password via PBKDF2 (600,000 rounds) and stored locally — it never leaves your device. Your identicon (the pixel pattern next to your key) is a visual fingerprint derived from your public key, making out-of-band verification faster than comparing raw hex strings. Export only when moving to a new device, then delete the file immediately.

If you created your identity from a seed phrase (12 BIP39 words + optional passphrase), you can view and back up those words any time via Key → Show Seed Phrase. Identities generated without a seed phrase cannot show one — the option only appears when derivation was seed-based.

1. Create an identity with a strong App Password — or restore one from a 12-word seed phrase
2. Tap Key → Copy Key — your key is two P-256 public keys joined by a colon (ecdhKey:signingKey). Share this string out-of-band with your contact (Signal, in person, etc.)
3. Have them share their key string with you → tap + Add → By Key, paste it, and give them a name
4. Alternatively: tap + Add → By Code, generate a 6-character discovery code, and share it verbally. Your contact enters it on their side — keys exchange instantly, no long strings needed. The code expires after 10 minutes.
5. Tap Set → enter the Worker URL → Save

Tap + Group to create a group from your existing contacts. Groups use a shared AES-256-GCM key distributed to each member over the existing encrypted 1:1 channel — the relay sees the group only as an anonymous hash address and is unaware it is serving a group. When you add or remove a member, a new key is generated and distributed to current members only; the removed member cannot read future messages.

In any conversation, tap Timer to set a local expiry (1h – 7d). Messages older than that threshold are deleted from your device on every app load. The relay independently prunes all envelopes after 24 hours server-side. Tell your contact your local setting — their copy is independent.