Post-Quantum Encrypted

theSHFT

Private. Secure. Yours.

Messaging that belongs to you — not your carrier, not an advertiser, not us. No phone number, no email, no tracking. Just private conversations, encrypted end-to-end and built to stay private for decades.

X3DH + Double Ratchet + ML-KEM-768
Open Source Crypto
Server-Blind for E2E
Getting Started

How It Works

theSHFT keeps your conversations private and secure behind a PIN lock screen.

1

Open theSHFT

theSHFT opens to a secure PIN lock screen. Your private messages are always protected.

2

Enter Your Secret PIN

Enter your personal PIN on the lock screen. Only you know the combination.

3

Access Your Vault

Your encrypted messaging world opens. Send messages, photos, voice messages, make calls, and chat in groups with end-to-end encryption.

Features

Everything You Need

Powerful privacy features built into a secure messaging platform.

Post-Quantum Hybrid Encryption

X3DH key exchange, Double Ratchet, and ML-KEM-768 (NIST FIPS 203) lattice cryptography running natively on every device. Safe against today's attacks AND tomorrow's quantum computers.

Encrypted Voice & Video Calls

Free users: voice calls up to 5 minutes (1:1 and group). Pro users: unlimited call length. Video calls for Pro users. All calls end-to-end encrypted; we never see call content. Call signaling (caller, callee, duration) is retained for service-health monitoring and deleted on a short window.

Self-Destructing Messages

Set timers from 5 seconds to 24 hours. Messages auto-delete after being read, leaving zero trace.

Group Chats

Encrypted group conversations for up to 50 members with Sender Key encryption. Coordinate privately at scale.

Voice Messages

Record and send encrypted voice messages with live waveform visualization. Plays inline with full controls.

Anonymous Accounts

No phone number, no email, no personal information. Connect using only usernames and QR codes.

Screenshot & Recording Detection

Screenshots and screen recording are detected and flagged. Your conversations stay private.

Encrypted Photos & Video

Share photos and play videos inline with the same encryption as messages. Media self-destructs with your timer.

Contact Gating & Duress PIN

Nobody reaches you without approval. If coerced, a Duress PIN silently wipes all data. Irreversible by design.

Pricing

Choose Your Plan

Start free with unlimited messages, photos, and contacts, or unlock theSHFT Pro for unlimited call length, video calls, host voice rooms, longer timers, larger groups, and Duress PIN.

Free
$0
forever
  • Unlimited messages & photos
  • Unlimited contacts
  • Up to 3 groups (50 members each)
  • 10s & 30s disappearing timers
  • Voice calls (up to 5 minutes)
  • Join & listen to voice rooms
  • End-to-end encryption
Get Started

Free vs Pro

Feature Free Pro
Groups Up to 3 groups (50 members each) Unlimited groups (up to 100 members)
Message Timers 10s & 30s 5s to 24 hours
Voice Calls
Unlimited Call Length Up to 5 minutes Unlimited
Voice Rooms Join & Listen Host
Video Calls
Duress PIN
Compare

How We Stack Up

Every messenger has encryption now. Here's what they don't have.

Feature Most messaging apps theSHFT
End-to-end encrypted
Post-quantum encryption (ML-KEM-768)
No phone number or email required
PIN-locked vault (Face ID / Touch ID)
Screenshot protection (content blacks out)
Duress PIN (panic wipe)
Security

Uncompromising Security

Built from the ground up to protect your privacy with multiple layers of defense.

Duress PIN

An emergency PIN that instantly and silently wipes all data. Irreversible. For extreme situations.

Screenshot Detection

Screenshots and screen recording are detected; when a capture happens in a private conversation, your conversation partner is notified in real time. (iOS does not permit third-party apps to block captures at the OS level — but detection plus notification keeps the social contract clear.)

Server-Blind for E2E Content

Our servers only store encrypted blobs for direct messages, group chats, and calls. We cannot read your direct messages, group chats, or call media; we cannot see your contacts. (Community posts and Stories use server-readable encryption so they can be served to other community members and viewers.)

Recovery Phrase

Secure 12-word recovery phrase stored only on your device. The only way to restore your account.

Quantum-Safe Encryption

Every direct message is encrypted with both classical (Curve25519) and post-quantum (ML-KEM-768) cryptography. Group chats use classical Sender Key encryption (X25519). An attacker must break BOTH to read your direct messages — even with a quantum computer.

Open-Source Encryption Core

Don't take our word for it — theSHFT's encryption core is open source on GitHub: the Signal-compatible protocol implementation and the ML-KEM-768 post-quantum hybrid layer. The PQ implementation uses the PQClean reference C library — the auditable, public-domain implementation used by other PQ deployments — compiled natively on iOS for constant-time execution.

Privacy

Your Privacy Matters

We don't collect what we don't need. Your data belongs to you.

No Tracking

No IDFA, no cross-app tracking. Fully compliant with App Tracking Transparency.

No Email Required

Create an account with just a username. No personal information needed.

No Location Data

We never ask for or collect your physical location information.

No Contact Access

We never access your phone's address book or contact list.

GDPR CCPA LGPD PIPEDA
Under the Hood

Technical Architecture

Built on proven cryptographic primitives. No proprietary algorithms. No security through obscurity.

X3DH + Double Ratchet

Industry-standard protocol

Per-message keys with forward secrecy. Battle-tested, open primitives — nothing proprietary.

ML-KEM-768 hybrid

Quantum-safe 1:1 chats

Direct messages are wrapped in both Curve25519 AND post-quantum ML-KEM-768 (NIST FIPS 203). An attacker must break both.

Native C (PQClean)

Auditable implementation

Post-quantum crypto uses the public-domain PQClean reference library, compiled to constant-time native code on iOS.

Secure Enclave

Keys never leave the device

Local data is field-level encrypted with PIN-derived keys held in the iOS Secure Enclave. Never in iCloud backups.

Read the full security architecture

Key Exchange

X3DH (Extended Triple Diffie-Hellman)

Asynchronous key agreement protocol. Establishes a shared secret between two parties even when one is offline. Uses identity keys, signed pre-keys, and one-time pre-keys to prevent replay attacks.

Curve X25519
Key Size 256-bit
Forward Secrecy Yes

Message Encryption

Double Ratchet Algorithm

Every direct message and group chat is encrypted with a unique key derived from a continuously evolving chain. Compromise of a single key cannot decrypt past or future messages. Forward secrecy built into every message from the ground up.

Cipher XSalsa20-Poly1305
KDF HKDF-SHA256
Per-message Keys Yes

Post-Quantum Layer

ML-KEM-768 Hybrid (NIST FIPS 203)

Every direct message is protected by both Curve25519 AND ML-KEM-768 (CRYSTALS-Kyber). Group chats use classical Sender Key encryption (X25519). An attacker needs to break BOTH the elliptic-curve discrete log AND the post-quantum lattice problem to recover direct-message plaintext. Vendored PQClean reference C implementation, compiled to constant-time native code.

Standard NIST FIPS 203
Security Level Category 3 (~AES-192)
Implementation Native C (PQClean)

Data at Rest

XSalsa20-Poly1305 + Secure Enclave

All local data encrypted with keys derived from your PIN. On iOS, key material is stored in the Secure Enclave and never leaves the device. Database encryption at the field level, not just disk encryption.

Storage Field-level encryption
Key Storage iOS Secure Enclave
Backup Exposure None

How a Message Travels

1

Compose

Message created on your device

2

Encrypt

XSalsa20-Poly1305 with hybrid Curve25519 + ML-KEM-768 key

3

Transit

Encrypted blob over TLS 1.3

4

Deliver

Decrypted only on recipient's device

5

Destroy

Keys deleted after read, message self-destructs

What our servers see

  • Message content
  • Contact lists
  • Encryption keys
  • Phone numbers or emails
  • IP address logs
  • Encrypted blobs (unreadable)
  • Anonymous user IDs
  • Encrypted pre-key bundles

What stays on your device

  • Identity key pair
  • Message history (encrypted)
  • Contact list (encrypted)
  • PIN-derived encryption key
  • Recovery phrase (12 words)
  • Session ratchet state

All local data encrypted with AES-256-GCM. Keys stored in iOS Secure Enclave. Never included in iCloud backups.

FAQ

Questions & Answers

Everything you need to know about theSHFT.

Enter your secret PIN on the lock screen. You set your PIN during account creation.

If you saved your 12-word recovery phrase, you can restore your account and set a new PIN. If you've lost both your PIN and recovery phrase, your data cannot be recovered. This is by design for maximum security.

No — for direct messages, group chats, and voice/video calls. These are end-to-end encrypted on your device before transmission; only you and your recipient have the keys, and we cannot read them even if we wanted to. Community posts and Stories are not end-to-end encrypted (so they can be served to other community members and viewers) but they're encrypted at rest with per-asset keys.

A Duress PIN is an emergency feature. When entered, it silently and instantly wipes all data from the app. This is irreversible and designed for extreme situations where you need to protect your privacy immediately.

Set a timer per conversation from 5 seconds to 24 hours. After a message is read, it automatically deletes when the timer expires. Deleted messages cannot be recovered through normal means — narrow exception applies where we are required by valid legal process to preserve specific messages.

Screenshots and screen recording are detected. When a capture happens in a private conversation, your conversation partner is notified in real time so the social contract stays explicit. iOS does not permit third-party apps to block captures at the OS level, so detection plus notification is the strongest signal a messenger can provide.

Tap the plus button and enter your contact's exact username, or scan their QR code. Both users must approve each other before messaging begins. This contact gating means nobody can reach you without your permission.

Yes — theSHFT Pro is a subscription, available two ways: a $9.99/month subscription or a $109.99/year subscription (8% off — best value). Both auto-renew until you cancel, and you can manage or cancel anytime in your App Store account settings.

Blog

Privacy Deep Dives

Understanding the threats your current messenger won't tell you about.

Ready for True Privacy?

Download theSHFT and take control of your private communications.

Download on the App Store

Available on iOS · Requires iOS 16.0 or later · Age 17+