How We Secure Your Data

A plain-language breakdown of the encryption and architecture that keeps your information private.

🔐

End-to-End Encryption (E2EE)

When we say end-to-end encrypted, we mean it. Your messages and data are encrypted on your device before they ever leave it, and only the intended recipient can decrypt them. Not us. Not your ISP. No one in between.

What this means for you: Even if someone intercepts your data in transit, or if a server is compromised, they get unreadable garbage. The keys to decrypt your data exist only on your devices.

AES-256-GCM

Military-grade symmetric encryption used by governments worldwide. Encrypts the actual content of your messages and files.

X25519 Key Exchange

Elliptic curve Diffie-Hellman for securely establishing shared secrets between parties without ever transmitting the key.

🔄

Double Ratchet Protocol

Used in XecureCom, the Double Ratchet (the same approach used by Signal) provides forward secrecy and break-in recovery. Every message uses a new encryption key derived from the previous one.

Message 1
Key A
Message 2
Key B
Message 3
Key C
Future messages
New keys

Each message ratchets to a new key. Compromising one key doesn't expose past or future messages.

Forward Secrecy: If an attacker somehow obtains a key, they can't decrypt messages sent before or after—only that single message. Keys are ephemeral and constantly rotating.

🌐

Peer-to-Peer Architecture

Many Greenlyz apps use direct peer-to-peer connections rather than routing everything through central servers. Your data travels directly between you and the person you're communicating with.

No Central Storage

Messages aren't stored on our servers waiting to be hacked. They exist on your device and the recipient's device—that's it.

Ephemeral by Design

When a sender goes offline or blocks a recipient, the keys needed to read messages are gone. True deletion, not just hidden.

WebSocket Direct Connect

Real-time encrypted channels established directly between peers for instant, low-latency communication.

No Metadata Harvesting

We don't log who talks to whom, when, or how often. The less we know, the less can be subpoenaed or stolen.

🛡️

Self-Hosted Options

Apps like OneStop are designed to run on your own hardware. Your files, your server, your rules. No third-party cloud provider has access to your data because it never leaves your network unless you want it to.

Why it matters: Cloud providers can be compelled to hand over data, can suffer breaches, or can simply shut down. Self-hosting puts you in complete control of your data's lifecycle.

🔮

Future-Proof Security

We're actively researching and implementing quantum-resistant cryptography. As quantum computers threaten current encryption standards, we're preparing with algorithms designed to withstand quantum attacks.

CRYSTALS-Kyber

Lattice-based key encapsulation mechanism selected by NIST for post-quantum standardization. Already in testing for future releases.

Hybrid Approach

Combining classical and post-quantum algorithms ensures security against both current and future threats during the transition period.