Private messenger · Pre-alpha

The server delivers.
It never remembers.

Encrypted on your phone, passed through a server that keeps nothing, and gone from the cloud within a day. Your conversations stay yours.

Request an invite Read the threat model →

No cookies, no JavaScript, no trackers — this page isn't watching you.

Here's everything our server sees.

One message is three fields: a random mailbox, a sealed blob, and a timestamp. No sender, no recipient, no names — there's nothing here to read.

mailbox_token	envelope	created
8f3a…c41e	aXQncyBqdXN0IG5vaXNl…	18:42 UTC
02bd…77f9	c2VhbGVkIHNlbmRlcg…	19:07 UTC

You won't find a sender_id, recipient_id, or user_id anywhere — they don't exist in the schema. If you can still piece together who talked to whom, that's a bug we'd want to hear about.

How it works

It's locked before it leaves you

Every message is sealed on your phone with its own key, meant for your friend alone. The server never sees that key — so it can never read a word.

The server just passes it along

It files your message under a random, rotating tag — never your name. Who each message is really for is something only you and your friend know.

Then it's gone

Within a day, the server wipes everything it held. The only copy that lasts is the encrypted one on your phone.

What we can't hide

Plenty of apps promise to hide everything. We'd rather be straight about what we can't.

The server can see timing, message sizes, and the IP addresses that connect to it.
Adding a friend briefly links two accounts, until that record is deleted.
If someone has your phone unlocked, nothing here can protect you.
We're pre-alpha: unaudited, solo-built, and still in closed testing.

The full threat model spells out every leak →

Where it's headed

Self-hosting. Run your own relay on your own server — it's a simple container, and Cloudflare R2's free tier covers the storage.
Open source. The code opens for review before we ask anyone outside testing to trust it.
More friends. The alpha caps you at five; that's a testing limit, not the plan.
More platforms. Android first, desktop later. No iOS, no app stores.

Straight answers

Why not just use Signal?

Honestly, for most people Signal is great — use it. Obsidian is a different shape: a relay that forgets, and a history that lives only with you. It's not trying to replace Signal.

Is it open source?

Not yet — but it will be, before we ask anyone outside testing to trust it. Until you can read the code, treat everything here as a claim, not proof.

Has it been audited?

No, not yet. An independent audit comes before any public release. In the meantime, the threat model shows you exactly how to test it yourself.

What if I lose my phone?

Your history lived only there, encrypted — so a thief gets nothing without your keys. There's no cloud copy to restore from, and keeping your messages off our servers is the whole point.

The alpha is small and invite-only.

Send a plain email — no forms, no waitlist. A real person reads every one and writes back.

Request an invite

The server delivers. It never remembers.