Your Privacy. Our Promise.
Understanding our security model, from simple principles to implementation details that protect your conversations.
What We Protect Against
MicroChat is designed with a zero-trust architecture. We assume adversaries at multiple levels and protect against:
- Passive network observers (ISPs, backbone surveillance) see only encrypted ciphertext
- Compromised servers cannot decrypt messages or derive keys from stored state
- Malicious insiders with database access cannot read message content or metadata graphs
- Long-term key compromise via forward secrecy and post-compromise security (PCS)
We do not protect against endpoint compromise (malware on user devices) or coercive key extraction. Security depends on client integrity.
Data Retention & Privacy
We practice aggressive data minimization. If we don't have it, we can't lose it, sell it, or be forced to hand it over.
Messages
Server-side message storage is ephemeral. Messages are deleted immediately after successful delivery to all recipients. We never keep long-term message logs.
Retention: 0 days post-delivery
Authentication
Authentication uses WebAuthn (FIDO2) — your credentials are hardware-bound passkeys that never leave your device. No passwords, no biometric data stored server-side, no recovery questions.
Retention: Account lifetime only
Metadata
We do not log: IP addresses, contact graphs, message timestamps (beyond delivery), read receipts, or typing indicators. Telemetry is limited to aggregated error reporting.
Retention: None collected
Backups
Database backups contain only encrypted group state and hashed credentials. All backups are encrypted at rest with AES-256. Message content is never backed up on servers.
Retention: 30 days rolling
Independent Auditing
Our cryptographic implementation has been audited by Trail of Bits and our infrastructure undergoes quarterly penetration testing. We publish transparency reports and maintain an active bug bounty program.