Messages are encrypted at rest on the server using AES-256-GCM. Stored data is unreadable to anyone with disk or backup access without the server key.
AES-256-GCM
Symmetric
The server encrypts message contents before writing them to the database, so stored messages are never kept as plain text.
TLS 1.3 Transport
Let's Encrypt
All traffic is encrypted in transit via WSS/HTTPS with a verified Let's Encrypt certificate, protecting messages as they travel between you and the server.