Military-Grade Encryption — Right in Your Browser.

Your data never leaves your device. Not even encrypted.

Zero-knowledge by design. Encryption and decryption happen entirely in your browser. Your password and your plaintext never touch our server — not even for a millisecond.
AES-256-GCM. The same authenticated encryption standard used by governments, banks, and Signal. Every message gets a unique random key — brute-force is computationally impossible.
No accounts. No registration. No cloud. There is no backend to breach. No database to leak. No account to hack. Nothing stored anywhere — ever.
Contact keys, exchanged in person. For recurring communication, generate a shared key and exchange it face-to-face via QR code — the only method that guarantees no third party ever sees the key.
No tracking. No ads. No Google. No cookies. We don't know who you are. We don't want to.
Works offline. After the first load, CipherBot runs entirely without a network connection. The server is out of the picture completely.
Free. Forever. No subscription. No freemium. No strings.
Retroactive privacy — delete your key, erase all access. Forever. Once you delete a contact key, every message you ever sent with it becomes permanently unreadable. Not just for you — for everyone, everywhere, including any server that ever stored the ciphertext.

🔒 Crypto Shredding — A capability no messenger offers.

When you send an encrypted message via WhatsApp, Telegram, or any other medium, the ciphertext lives on their servers — potentially forever. You cannot delete it. You cannot control who accesses it tomorrow, next year, or under a future court order.

CipherBot changes this. Because decryption requires a key that only exists on your device, you hold a permanent veto over all past communication. Delete the key — and every message you ever sent with it becomes mathematically unreadable. Instantly. Permanently. Irreversibly. The ciphertext on WhatsApp's servers becomes meaningless noise.

This is not a feature. It is a structural property of how CipherBot works — and no amount of legal pressure, server access, or computing power can undo it.

Why client-side encryption changes everything:

Traditional encryption tools send your data to a server, encrypt it there, and send it back. That means the server — and anyone with access to it — can see your plaintext at the moment of encryption. Court orders, data breaches, rogue employees: the attack surface is enormous.

CipherBot works differently. The encryption key is derived from your password inside your browser, the plaintext is encrypted inside your browser, and only the ciphertext — the unreadable garble — ever exists outside your device. Our server delivers the application code and nothing else. It is structurally incapable of reading your messages.

That's not a policy. It's a technical impossibility.

About this project:

We are computer scientists spread over 4 continents. We use our engineering skills to protect your privacy without profit. Your privacy is simply nobody's business, period!

Governments and corporations are using technology to exploit us. Privacy has become all the more essential in the age of data exploitation. Their abuses of power threaten our freedoms and the very things that make us human. Privacy is how we seek to protect ourselves and society against arbitrary and unjustified use of power, by controlling what can be known about us and done to us, while protecting us from those who aim to exert control over our data, and ultimately all aspects of our lives.

We have taken a different approach to privacy than most. Instead of trusting infrastructure, we eliminated the need to trust it at all. CipherBot's encryption runs entirely in your browser — so it doesn't matter where our server is, who operates it, or what jurisdiction it falls under. A server that never sees your data cannot be compelled to hand it over.

Privacy is foundational to who we are as human beings, and every day it helps us define our relationships with the outside world.

That's why we created CIPHERBOT.