Client holds plaintext
Identity, conversations, and message contents stay local to the TapChat client.
Early public alpha
User-provisioned transport for private messaging.
Run your own inbox and storage, exchange share links, and test end-to-end encrypted messaging without a shared central delivery server.
Early alpha. Not audited. For testing and feedback.
How it works
TapChat separates the client that can read messages from the transport components that only store and route encrypted data.
Identity, conversations, and message contents stay local to the TapChat client.
Contacts append encrypted message envelopes to your user-provisioned inbox.
Attachments and large payloads are encrypted before they touch the storage layer.
Alpha scope
Desktop alpha, direct messages, attachments, Cloudflare reference transport, WebSocket sync.
Group chat is available for early testing while the membership and recovery paths harden.
Multi-device polish, backup and recovery, deployment productization.
Mobile wakeup bridge, external security audit, production-scale deployment guidance.
Security note
Plaintext messages stay in the client. Inbox and Storage handle encrypted envelopes and encrypted blobs.
Network timing, endpoint access, Cloudflare account-level metadata, and deployment choices can still reveal some metadata.
TapChat has not received a third-party security audit and should not be used for high-risk communication yet.