Encryption for your own
Device to device. The server never sees what you wrote.
What is actually encrypted.
End-to-end encryption by default on all three main data streams. Each is encrypted right on your device, before anything goes up to the server.
Messages
MLS (RFC 9420) runs in every chat, including one-on-one. In groups we use TreeKEM: keys rotate in O(log N) operations instead of O(N). Every device is a separate leaf in the MLS tree, so multi-device does not break forward secrecy.
Photos, videos, files
Files, photos, and videos are encrypted on your device before upload. Only ciphertext reaches our storage. Per-media encryption keys are carried inside encrypted MLS messages, never as a separate server-side object. Thumbnails are generated and encrypted on the client too.
Calls
Voice and video go through our own LiveKit-SFU (a media server that forwards packets without decoding them). Encryption is applied right in the browser, on top of WebRTC (insertable transforms). Four transport layers: direct UDP, TURN/UDP, TURN/TCP 443, TURN/TLS 443.
What the server sees. And what it does not.
«Privacy here isn't a slogan. It's the list of what the server actually sees and doesn't.»
The server does NOT see
- Message content
- Photos, videos, files
- Audio and video streams during calls
- Your encryption keys
The server sees
- User and device identifiers
- Chat routing and group membership
- Message sequence numbers and key-rotation counters
- Timestamps and file sizes
- Safety logs without content
What encryption can't do.
Four real limits worth knowing up front.
- Encryption does not protect against a compromised device. If malware runs on your phone, or if someone has physical access to it, they see your chats right on the screen. That is a property of every E2E system, not something specific to Svoi.
- The server still sees metadata. It does not see message content, but it knows who is in which chat, when you signed in, and the sizes of your files. There is no way to hide this entirely: the server needs to know where each message goes.
- Privacy is not anonymity. Svoi protects the content of your conversations. But your IP address, the Telegram login you signed up through, and your invite chain are about identity, not content. If your goal is to hide the identity itself, Svoi is not the right tool for that.
- Encryption will not beat a hard network block. Four transport layers cover most unreliable networks. But if the network blocks TLS 443 outright, no call will get through. Encryption can't fix that; the wall is at the network level.
We state this openly so there are no unpleasant surprises.
What is on your device and how you got here.
Multi-device, no compromises
Every device is a separate leaf in the MLS tree. Remove the device and it is cut from the tree; future messages stay unreachable for it, even if older keys are compromised.
What is stored on your device
Native clients encrypt the local database with a key derived from your password or biometrics. The web client uses OPFS (a storage area inside the browser). Web storage limits are documented inside the app settings.
Sign-up by invitation
Invites are part of the model, not marketing. They reduce mass spam, keep infrastructure growth under control, and give us an internal 'who invited whom' record. That record is not a public social graph.
Tell us.
We are building a feedback form right here on the site. Messages from it will land in a dedicated Svoi account that a real person on the team reads. Until the form is up we are not publishing an email either: it would fill with spam in a day.
As soon as the form goes live, we will reply within 72 hours, properly, with no auto-responses.