A messenger designed to leave nothing behind. End-to-end encrypted by default. No SIM required. No cloud backup. The server can't leak what it doesn't hold.
No phone number. No email required to use. No real name. You generate a cryptographic ID on your device. That's your entire identity.
The server logs no IP addresses, no timestamps, no who-talks-to-whom graphs. We can't hand over data we never wrote down.
Messages live only on your devices. Lose your phone, lose your history. That's not a bug — it's the guarantee.
Messages are deleted from the relay the moment they're delivered. The server is a mailbox, never an archive.
No ads. No analytics. Not even anonymous telemetry. We don't want to know things about you.
The relay server code is open source. You can audit exactly what it does — and what it doesn't.
// Honesty matters more than marketing. Any messenger claiming total privacy is lying.
We can tell you exactly where our protection ends.
| Signal | Telegram | Offline | ||
|---|---|---|---|---|
| End-to-end encrypted by default | yes | yes | no | yes |
| No phone number required | no | no | no | yes |
| No cloud backup at all | no | opt-in | no | yes |
| No metadata logging | no | partial | no | yes |
| Open source server | no | yes | no | yes |
| Owned by ad-driven corporation | yes | no | no | no |
| Works anonymously | no | no | no | yes |
Go-based WebSocket relay. Runs on a single VPS. Handles E2E-encrypted ciphertext. Logs nothing. Deletes messages after delivery.
What you're reading now. Warrant canary published monthly. No tracking. No cookies.
Fully in-browser messenger. Keys generated locally via Web Crypto API. Works on iPhone & Android as a PWA. No install required.
Native Android app. Google Play + direct APK. Push notifications via Signal-style sealed sender.
Swift + CryptoKit. TestFlight first, App Store after review. Feature parity with Android.
Third-party cryptographic review of relay + clients, published publicly. We want adversarial eyes.
People who care more about privacy than convenience. Journalists protecting sources. Activists in countries where SIM cards are registered to the state. Anyone who thinks a chat app shouldn't require handing over their phone number, location, and social graph to a corporation in exchange for basic communication.
Signal is excellent — we use the same underlying encryption primitives (X25519 + ChaCha20-Poly1305). The difference: Signal requires a phone number tied to your real-world identity. Offline doesn't. You get a cryptographic ID generated on-device. No SIM. No phone bill. No metadata trail back to you.
The basic messenger is free forever. Later, premium features (larger file transfers, multi-device sync, custom human-readable handles) may cost a small subscription. We will never run ads. We will never sell data. We have nothing to sell.
Your messages are gone. That's the tradeoff for having no cloud backup. If we can't read your messages, we can't restore them either. Your contacts can re-verify you with a new ID via safety-number comparison.
QR code, shared link, or typing someone's ID directly. The web app can generate a QR you scan in person. Your contact list lives only on your device.
Not in the MVP. Multi-device is planned but requires careful key distribution to avoid becoming a security hole. We'd rather launch one device done right than three done poorly.
A small team with backgrounds in smart contract security and cryptography. We've written audit reports on DeFi protocols holding hundreds of millions in user funds. We take privacy seriously because we know exactly what it costs when it fails.
The relay server will be open source at launch. Clients (web / iOS / Android) will be open-sourced in phases as they stabilize. We believe you can't claim to protect privacy with closed-source code.
You shouldn't. Trust the math. Trust the open-source code. Trust the warrant canary. We designed Offline so that trusting us isn't required — the server architecture genuinely cannot leak what it doesn't store.