> SECURITY_PROTOCOL
How Phantom Chat protects your privacy with military-grade security
$ SECURITY_SUMMARY
- [+]AES-256-GCM - Military-grade encryption
- [+]ECDH Key Exchange - Secure key negotiation
- [+]Zero-Knowledge - We can't read your data
- [+]Auto-Destruction - Data deleted on TTL expiry
- [+]No Logs - Zero IP or metadata retention
> END_TO_END_ENCRYPTION
How It Works
Every message is encrypted in your browser before being sent. The encryption process uses the Web Crypto API with the following specifications:
$Algorithm: AES-256-GCM
$Key Exchange: ECDH P-256
$IV Size: 96 bits (unique per message)
Key Exchange Process
- When you join a room, your browser generates a unique ECDH key pair locally
- Your public key is shared with the other participant through our server
- Both browsers compute an identical shared secret using ECDH
- This shared secret derives the AES-256 encryption key
- Private keys never leave your device - we only see public keys
> ZERO_KNOWLEDGE_ARCHITECTURE
Phantom Chat is designed so that we cannot access your data, even if we wanted to:
- [!]Messages: Encrypted before reaching our servers. We only see random-looking ciphertext.
- [!]Encryption Keys: Generated and stored only in your browser. Never transmitted in usable form.
- [!]User Identity: No accounts means no way to link rooms to individuals.
- [!]IP Addresses: Not logged. We use token-based authentication with no identifying metadata.
> DATA_DESTRUCTION
All data is ephemeral by design. Destruction happens in two scenarios:
TTL_EXPIRY
Each room has a countdown timer. When it reaches zero, the room and all contents are automatically purged from Redis storage.
MANUAL_DESTROY
Either participant can destroy the room instantly. This triggers immediate deletion and notifies the other user.
* Destruction is irreversible. We have no backups or recovery mechanisms.
QUESTIONS ABOUT SECURITY?
Check our FAQ or dive deeper into our encryption implementation