For journalists & sources

Source protection that doesn't depend on
a company keeping its word.

When the protection is a policy, it can change. When it's the architecture, it can't. Cipher is built so that even we cannot expose who you talk to or what you said.

No phone number to trace

Signal anchors every account to a phone number, even on desktop. That's a real exposure — to SIM-swaps, to telecom metadata, to anyone whose threat model includes a carrier. Cipher identity is a seed phrase. There's no number linking a source to a real-world identity at registration.

Subpoena-resistant by construction

We can't be compelled to produce what we never had the ability to read. A court can compel a company to hand over what it possesses — it can't compel us to invent a decryption capability we deliberately never built. What we'd hand over is unreadable ciphertext.

Metadata minimized, not just message content

The strongest legal protection is having little to seize. Cipher is built to store even less than the bare minimum — no social graph, no per-message metadata, no address-book uploads. The less that exists, the less any legal process can extract.

On-device threat & deepfake detection

Flags phishing and social-engineering before you respond, and spots AI-generated profile photos or cloned voices — useful when verifying a source's identity, and all without sending anything to a server to do it.

The same posture Signal proved works

When there's nothing readable behind the server, the subpoena yields nothing useful.

In 2016, served with a subpoena, Signal could only produce an account's creation date and last connection date — because that's genuinely all it stored. Cipher aims to match or exceed that: a centralized server is a single point of contactfor legal process, but if there's nothing readable behind it, that contact point doesn't hand anything over.

What we will not overclaim

We'll be precise about the limits — your safety depends on it.

Cipher closes the phone-number gap and removes us as a point of failure. It does not solve a seized, unlocked device or targeted spyware like Pegasus — no messaging app does, because those are device problems, not encryption problems. Anyone who tells you otherwise is selling you something. Operational security still matters; Cipher makes the cryptography one thing you don't have to worry about.

  • Encrypted to our gateway only on calls to regular phone numbers — the phone network can't do end-to-end.
  • Private, not anonymous: your contacts know it's you.
  • Independent cryptographic audit is the gate before launch — and we'll publish the findings.

Protect your sources at the architecture level.

Join the waitlist for early access and audit updates.

Join the waitlist →