Security Architecture

Security you can verify.

Rules, approvals, and cryptographic receipts. Your devices hold the keys. The system stays useful even when you don’t trust the network.

Trust Architecture

Six layers of verifiable security. Click any node to learn how it protects your data.

Device Keys

Each device generates its own key pair on first launch. Private keys never leave the device. All Trust Ring communication is signed and encrypted at the device level.

Data Sovereignty by Default

Your data never touches our servers in readable form. The relay routes encrypted blobs it cannot decrypt. Keys are generated and stored on your devices. There is no “master key” and no backdoor — by design, not by policy.

On-Device Keys

Generated locally. Never exported.

Zero-Knowledge Relay

Routes encrypted data it cannot read.

Verifiable Receipts

Append-only chain anyone can audit.

Verify, Don’t Just Trust

Read the full security model. Inspect the architecture. Ask hard questions.