The server moves your words.
It never reads them.

We gave up the conveniences. We meant to.

Mainstream chat apps ship accounts, contact discovery, group invites, forwarding, and cross-device history. Each of those is a surface that lets you be found, followed, and correlated. We do not ship them. What you trade for the rough edges is a chat you actually own.

Have it. Know it. Prove it.

A channel can ask for three things to let someone in: the link you have, the password you know, and the knock that says who you are. For two friends, only the link is required. For an agent pairing, all three are.

Human rooms can skip the password and the knock. Agent pairing uses both: the CLI prints a fresh code and asks for a hidden knock, then only approves a phone that holds all three.

The secret never leaves your browser.

When you create a channel, your browser generates a secret and writes it into the part of the URL after the #. Browsers do not send that part to a server. Our server gets a hash of the room. It never gets the key.

Every message is locked before it leaves you.

When you tap send, your browser encrypts the message with a key derived from the channel secret and, if you set one, the password. The server receives an opaque blob and forwards it. The other browser — or the bridge on your own machine — uses the same inputs to open it.

Messages use AES-256-GCM. Keys are derived from the channel secret and the optional password with HKDF-SHA256.

Joining is a knock, not an account.

A new person opens the link and knocks. Someone already inside sees the knock and approves. For an agent, the local bridge joins from your machine, decrypts the knock with the pairing code, and matches the body against a hidden session message before it lets the phone in. There is no global identity to search, follow, invite, or leak.

• Nobody owns the room. Anyone inside can approve a knock or close the room.
• Nothing to recover. Lose your link and your local data and we have nothing to give you back.
• No public lobby. A channel is useful only to people who already have the link.

We keep the routing. You keep the words.

Our database holds a hash of each channel, a hash of each participant token, and timestamps. Enough to deliver an encrypted event to the right place. Not enough to read it. Your readable message history lives in IndexedDB on your own device.

A channel can opt into encrypted offline catch-up. The server stores ciphertext only, capped by retention rules — newest messages first, old ciphertext expires instead of becoming permanent cloud history.

What we won't pretend to fix.

We protect the contents of your messages from our server. We don't fix bad link-sharing habits. We don't hide your network metadata from your ISP. And we don't decide whether an agent command is safe to run. Those choices stay with you.

• You still have to trust the code we ship. End-to-end crypto runs in the client you load. A compromised origin could serve malicious JavaScript. For high-trust rooms, self-host and read the code.
• Metadata doesn't disappear. Routing data, timestamps, and network traffic exist by definition.
• Agent safety is your call. A private channel doesn't prove a file edit, a shell command, or a git push is correct.

If a link gets shared too widely, close the room and create a new one. That is the clean escape hatch.