Security
Security isn't a feature — it's the foundation of everything we build.
End-to-End Encryption
All communications between you and your AI agent are encrypted end-to-end using the Matrix protocol. This means:
- Messages are encrypted on your device before transmission
- Only you and your AI agent can decrypt the content
- We cannot read your messages — even if we wanted to
- Server administrators cannot access message content
Encryption Keys
Your Keys, Your Control
- 256-bit encryption keys are generated in your device's secure hardware (Secure Enclave on iOS, Keystore on Android)
- Keys never leave your device
- We never have access to your keys
- Keys cannot be extracted, even with physical access to the device
Sensor Data Protection
When you share sensor data (location, camera, audio):
- Data is encrypted before leaving your device
- Transmitted directly to your AI agent
- Never stored on our servers in decrypted form
- You can revoke access at any time
Infrastructure Security
- All servers run in isolated environments
- Regular security audits and penetration testing
- Encrypted backups with separate key management
- DDoS protection and rate limiting
Open Source
Our client application is open source. You can:
- Audit the code yourself
- Verify our security claims
- Build from source if you prefer
- Report vulnerabilities through our bug bounty program
Report a Vulnerability
We take security seriously. If you discover a vulnerability, please report it responsibly:
We offer rewards for valid security reports through our bug bounty program.