Back to Relay

Security

How Relay protects your messages and privacy

Encryption

Relay uses end-to-end encryption (E2EE) based on NaCl/X25519. When both sender and recipient have encryption enabled, messages are encrypted client-side before being sent.

The server stores only ciphertext. Relay cannot read the content of encrypted messages.

E2EE is active when both parties have keys enabled. You'll see a lock icon on encrypted messages.

What Relay Stores

  • Wallet addresses (public identifiers)
  • Message timestamps and routing state
  • Ciphertext for encrypted messages (not readable by server)
  • Public encryption keys (for key exchange)

We store minimal metadata necessary for message delivery and routing.

Current Limitations

Note: This is an early implementation with known limitations.

  • Single-device key storage (keys are stored locally in your browser)
  • No forward secrecy yet (compromised keys could decrypt past messages)
  • No multi-device sync for encryption keys

Planned improvements: forward secrecy, multi-device support, and key backup options.

Safety Defaults

  • Links are hidden from unknown senders by default
  • Suspicious content triggers visual warnings
  • One-tap block for any sender
  • Unknown senders routed to Requests (not Primary)
See what's new →Back to app