For the past few months, every message sent through NathChat has been protected by an

encryption architecture we haven't talked about publicly until now. No announcement, no

banner, no press release. We wanted it running quietly in production first, carrying real

conversations, before we said anything about it.

It's been doing exactly that. So let's talk about what it actually does.

 

The short version

When you open NathChat, you're asked for a passphrase. That passphrase never touches our

servers. Not encrypted, not hashed, not in transit, not ever. It exists for a few moments in

your browser's memory, does its job, and disappears the moment you close the tab.

What that passphrase does is unlock a private key that lives only on your device. That private

key is the only thing on earth that can decrypt your conversations. We don't have a copy. We

can't generate one. If you lose your passphrase, we can't recover your messages — not because

of a policy, but because of mathematics. There is no master key sitting in a vault somewhere

that gets us around this. It simply doesn't exist.

That's the whole point.

 

Why most "encrypted" platforms aren't quite what they claim

A lot of messaging apps say they're encrypted. Fewer are encrypted in a way that actually

matters. The distinction comes down to one question: who holds the key?

If a company holds the key — even a key wrapped in policy promises not to use it — then a

court order, a compromised employee, or a breach can expose every conversation on the

platform. The encryption becomes a lock on a door where the company keeps a spare set of keys

in the drawer. It looks secure. It isn't, structurally.

NathChat doesn't keep a spare set. We built it so there's no drawer.

 

How it actually works

Here's the architecture in plain terms:

Your passphrase generates a key pair on your device. When you set up NathChat, your

browser or app generates a public key and a private key. The private key is encrypted using a

key derived from your passphrase through 310,000 rounds of PBKDF2 — a deliberately slow,

computationally expensive process that makes brute-force attacks impractical even with

significant computing power.

Only the public key — and the encrypted private key — ever reach our servers. A public key

is, by design, safe to share. It can encrypt things addressed to you, but it can't decrypt

anything. Your encrypted private key sits on our servers too, but it's useless without your

passphrase to unwrap it. We store it purely so you can log in from a new device without losing

access to your conversations — convenience without compromise.

Every conversation has its own encryption key. We don't use one key per user for everything

they've ever said. Each room — each conversation — has its own independent key. If one

conversation's key were ever compromised, it wouldn't expose anything else. When you add

someone to a conversation, your device encrypts that conversation's key specifically for them,

using their public key, before it ever reaches our servers. We coordinate the introduction. We

never see what's being introduced.

Your messages pass through a second, independent layer of protection on our infrastructure.

Even if someone compromised our servers entirely, what they'd find is ciphertext wrapped in a

rotating, self-defending encryption layer — one that invalidates itself automatically the

moment unauthorized access is attempted. Two completely independent systems would need to be

broken simultaneously, on both the server and a specific user's device, for a single message

to be read by anyone who isn't its intended recipient.

 

What this means practically

If you've used NathChat over the past few months, nothing about your day-to-day experience

changed. You still log in, you still chat, you still share files. The difference is everything

happening underneath that you never had to think about.

It means a server breach gives an attacker nothing readable. It means we cannot hand over your

message content to anyone — not because we'd refuse to, but because we genuinely don't have

it. It means your conversations with friends, your company's internal discussions, your

family's group chat, none of it exists anywhere as plaintext outside the devices actually

having the conversation.

It also means something we think matters: we don't have to be trusted with your privacy. We

simply don't have access to violate it. That's a stronger promise than any privacy policy

can make, because it doesn't depend on our good behavior. It depends on cryptography.

---

What we're asking of you

This kind of security comes with one real responsibility: your passphrase is yours alone to

remember. We built recovery flows for almost everything in NathChat — except this. We can't

build a recovery option for a system specifically designed so that we cannot recover it. That

would defeat the purpose entirely.

Write it down somewhere safe. Use a password manager if that's your habit. Treat it the way

you'd treat a key to a safety deposit box — because functionally, that's exactly what it is.

 

Why we waited to tell you

We didn't want to announce an encryption system and ask you to trust our description of it. We

wanted it to already be protecting real conversations, quietly, for long enough that if

something were wrong, we'd have found it before talking about it publicly.

It's been running. It's been holding up. Now you know what's actually happening every time you

open the app.

Your conversations were never ours to read. Now you know exactly why.

 

Have technical questions about NathChat's encryption architecture? Reach out to our team —

we're glad to go deeper into the cryptographic details for anyone who wants them.