Security

How NoChat protects your communications

Security First

NoChat is built from the ground up with security as a core principle, not an afterthought. Our zero-knowledge architecture ensures that your private communications remain private, even from us.

End-to-End Encryption

All messages and calls on NoChat are protected with end-to-end encryption (E2EE). This means:

  • Messages are encrypted on your device before being sent
  • Only you and your intended recipients can decrypt and read messages
  • NoChat servers only see encrypted data that looks like random noise
  • Even if our servers were compromised, attackers could not read your messages

Cryptographic Standards

We use industry-standard cryptographic algorithms:

Message Encryption

  • AES-256-GCM for symmetric encryption
  • P-256 ECDH for key exchange
  • HKDF-SHA256 for key derivation

Identity & Signatures

  • P-256 ECDSA for digital signatures

Video & Audio Calls

  • WebRTC with DTLS-SRTP encryption
  • Peer-to-peer connections when possible

Zero-Knowledge Architecture

NoChat operates on a zero-knowledge principle. This means we have designed our systems so that we cannot access your private data even if we wanted to:

  • Private keys never leave your device - encryption and decryption happen locally
  • No backdoors - there is no master key or special access
  • Subpoena-resistant - even with a court order, we cannot provide message content because we do not have access to it
  • Minimal metadata - we collect only what is necessary to deliver messages

Infrastructure Security

Our servers are protected with multiple layers of security:

  • All network traffic is encrypted with TLS 1.3
  • Regular security audits and penetration testing
  • Encrypted database storage
  • Strict access controls and monitoring
  • Automatic security updates

Open Source

NoChat is open source, which means anyone can verify our security claims:

  • Full source code available on GitHub
  • Security researchers can audit our cryptographic implementations
  • Community contributions help identify and fix vulnerabilities
  • Transparency builds trust

Transparency & Accountability

We believe in radical transparency about how we operate. Here you can find verifiable proof that NoChat has not been compromised, along with regular reports on how we handle data requests.

Warrant Canary

Cryptographically signed proof we have not received secret government orders.

Transparency Reports

Quarterly reports on data requests, legal compliance, and security incidents.

Report a Vulnerability

We take security seriously and appreciate responsible disclosure. If you discover a security vulnerability, please report it to us:

security@nochat.io

We commit to acknowledging reports within 48 hours and providing regular updates on our progress toward a fix.

Security Best Practices

While NoChat protects your communications, you can further enhance your security:

  • Keep your app and device software up to date
  • Use a strong, unique password if you create an account
  • Verify contact identities through a separate channel when possible
  • Be cautious of links and files from unknown sources
  • Use device-level security features like screen lock and biometrics