Security

We assume a fully compromised server. Even with database and backups, an attacker should not be able to read your messages or impersonate members of your Circle.

• Identity: X25519 keypair, generated client-side.
• Private key at rest: Argon2id-derived passphrase + XSalsa20-Poly1305.
• Circle key: 32-byte symmetric, wrapped per-member via sealed boxes.
• Invites: ephemeral keypair, ciphertext on server, private fragment in URL anchor.

The recovery passphrase is the only way to unlock a new device. We do not store it, hash it, or transmit it. Write it down.

Found a vulnerability? security@maib.tech — coordinated disclosure appreciated.