Your security, in plain words.
No jargon. We explain what happens to your messages, your data, and what we can (and can't) do with them.
Your messages travel under lock.
When someone writes to you, the message is sealed inside their browser BEFORE it leaves. It travels encrypted, lands encrypted on our servers, and only opens in YOUR browser when you read it. Neither we nor anyone in the middle can read the content. Replies you send back are sealed the same way as soon as the contact's reply key has been generated. That happens automatically the first time they reply: from that point on the whole conversation is end-to-end encrypted in both directions. The very first message on a brand-new thread can travel in standard form, before the key exists. If you set a recovery passphrase, you can read your messages even on a new device.
Only you can see your things.
The system that stores your data knows everyone should see only their own. If someone (even on our team) asked the system 'show me Lia's messages,' the system would say no to anyone who isn't Lia herself, signed in with her account. We who work at SafeAlias cannot open your messages without your login. We're not asking you to trust us, we're asking you to trust how the system is built.
We only ask what we need.
To sign up we only need an email and a name you choose (your handle). No real name, no date of birth, no photo, no ID, no phone number. The less we ask of you, the less we have to manage and protect. It stays simpler, for you and for us.
Your data is yours, even when you leave.
You can delete a message or an alias whenever you want. If you close your account, we delete everything from our servers within 30 days. When you say delete, it's actually deleted: no fake deletion that stays around for years.
If you find a hole, tell us.
If you're good with technology (or know someone who is) and you find a security issue, write to us at security@safe-alias.app. We reply within 3 business days, fix it, and if you want we thank you publicly (with your name or anonymously, your call). We work with you in good faith.
When you block, the block sticks.
When you block someone, the block sticks: we stop them from coming back even if they change email or alias. It isn't impossible to bypass with technical effort, but we raise the bar enough to deter most attempts.
The safety packet is one exception, and we say so plainly.
Almost everything in SafeAlias is encrypted in a way we can't open, even if we wanted to. There's one exception, and it matters that you know it: the safety packet you leave for your trusted contacts is encrypted on our servers, not end-to-end like messages. We do this on purpose: the system has to be able to open the packet and send it to your trusted contact precisely when you can no longer act yourself. The key sits in a server-side environment variable, not in the database, so a database dump alone isn't enough to read a packet. It stays sealed until an alert you ticked to accompany with the packet fires. If this trade-off doesn't sit right, just don't fill in the packet: the check-in still works, it just sends a simpler alert.
Want to know how we handle your data legally? See the privacy notice at /privacy and the terms at /terms.