Even our own engineers can't access your data.
No 3rd parties can intercept your messages
Even physical access to your phone is insufficient for snooping
Voice and other exciting features coming soon
Here's what you need to know about Sly's encryption technology, and how it works.
All cryptographic technology used is open source and peer-reviewed. While Sly is a straight forward app to use, there's a lot going on behind the scenes to keep your communications private, encrypted, and secure.
When you create a Sly account, you must set a password. Your password is then used to encrypt all data relating to your account, such as your chat history, contact list, and shared/stored files. We do not have access to your password, and therefore we do not have access to your data. That's why Sly is so secure: your data is stored on our servers in an encrypted form only. Your device retrieves your encrypted data from our servers, and then your device decrypts this data using your password.
This means that we can never be compelled to give your data to anyone. However, it also means that if you lose your password, your data can never be retrieved. If you do lose your password, all we can do is reset your account, wiping out the old data and letting you store new data encrypted with a new password.
Upon registration, Sly quietly generates your account's KeyVault: a collection of private encryption keys and other secrets that will be used to:
Your Sly client also transmits your KeyVault to our servers in an encrypted form (it cannot be decrypted without your password) so that we can send it back to you when you install Sly on other devices or platforms such as Android, Windows, OSX, or Linux.
Once logged in, Sly gives you a list of your contacts who have also installed Sly. Your contacts who install Sly in the future will also be added to your list, in order to keep your Sly contacts up to date.
When you initiate a chat with someone, your device and their device automatically perform a "key exchange" (which takes place invisible to you in the background) which enables their device to decrypt the encrypted messages you send them, and enables your device to decrypt the encrypted messages they send you. This is known as end-to-end encryption, and it ensures that your messages cannot be intercepted. Our end-to-end message encryption uses an open source solution developed by Open Whisper Systems, which has been peer-reviewed and widely recognized.
On top of this end-to-end message encryption system, we add another layer of security using TLS version 1.2 and a highly secure cipher suite. This encrypts all communication from your device to our servers.
Since all encryption and decryption takes place on your device and on the devices of your contacts, your raw data never touches our servers. This means that even if we wanted to access your data, it would be impossible.