Sealed

Private encrypted messaging. No phone number. No servers. Just keys.

Sealed is a private messaging app built on end-to-end encryption and blockchain technology. Your messages are never stored on any server — not ours, not anyone's.

── HOW IT WORKS ──

Every message is encrypted on your device before it leaves. The ciphertext is sent as a transaction on the Algorand blockchain — a public, decentralised ledger that no single company controls. Only the intended recipient, with their private key on their device, can decrypt and read it.

No phone number. No email. No password.
Your identity is a cryptographic keypair generated locally on your device. A 12-word seed phrase is the only thing that identifies you — back it up, and you're set.

── WHAT MAKES SEALED DIFFERENT ──

✦ Zero-knowledge server
Our indexer server facilitates message delivery and push notifications, but it never sees your message content. Ever. Even if compelled, we cannot hand over what we don't have.

✦ Blockchain transport
Messages ride on the Algorand blockchain. There is no centralised message server to take down, surveil, or subpoena for content.

✦ No identity required
Sign up without a phone number, email address, or any personally identifying information. Your wallet address is your pseudonymous identity. You may optionally claim a human-readable username on-chain.

✦ Military-grade encryption
AES-256-GCM with per-message ephemeral X25519 keys and HKDF key derivation. Messages are padded to a uniform size before encryption to prevent length-inference attacks.

✦ Stealth addressing
Recipients are identified by a 32-byte HMAC tag, not their public address — making it impossible for outside observers to link a blockchain transaction to a recipient without their private view key.

✦ Post-quantum ready (coming soon)
An upcoming upgrade will layer ML-KEM-512 (Kyber-512) hybrid encryption on top of X25519 for resistance against future quantum attacks.

── WHAT WE DON'T DO ──

✗ No ads
✗ No analytics or tracking
✗ No access to your contacts
✗ No location data
✗ No data sold to third parties
✗ No account linked to your real identity

── PRIVACY BY ARCHITECTURE, NOT JUST POLICY ──

Most apps promise privacy. Sealed enforces it mathematically. Your private keys and message plaintext never leave your device. Our server holds only what's strictly necessary to deliver notifications — your view key (which detects incoming messages, but cannot decrypt them) and your FCM push token. Both are deleted automatically after 90 days of inactivity.

── OPEN & AUDITABLE ──

The encryption protocol, key derivation, and message format are documented and verifiable. The smart contract program on-chain is public. There are no black boxes.

── IMPORTANT TO KNOW ──

• Your seed phrase is the only way to recover your account. Store it safely offline. We cannot recover it for you.
• Messages are transmitted as blockchain transactions, which are permanent and publicly visible in encrypted form.
• Push notifications require sharing a view key with our indexer. This key lets us detect incoming messages — not read them.

Sealed. Private by design.