Private. Secure. Yours.
Messaging that belongs to you — not your carrier, not an advertiser, not us. No phone number, no email, no tracking. Just private conversations, encrypted end-to-end and built to stay private for decades.
theSHFT keeps your conversations private and secure behind a PIN lock screen.
theSHFT opens to a secure PIN lock screen. Your private messages are always protected.
Enter your personal PIN on the lock screen. Only you know the combination.
Your encrypted messaging world opens. Send messages, photos, voice messages, make calls, and chat in groups with end-to-end encryption.
Powerful privacy features built into a secure messaging platform.
X3DH key exchange, Double Ratchet, and ML-KEM-768 (NIST FIPS 203) lattice cryptography running natively on every device. Safe against today's attacks AND tomorrow's quantum computers.
Free users: voice calls up to 5 minutes (1:1 and group). Pro users: unlimited call length. Video calls for Pro users. All calls end-to-end encrypted; we never see call content. Call signaling (caller, callee, duration) is retained for service-health monitoring and deleted on a short window.
Set timers from 5 seconds to 24 hours. Messages auto-delete after being read, leaving zero trace.
Encrypted group conversations for up to 50 members with Sender Key encryption. Coordinate privately at scale.
Record and send encrypted voice messages with live waveform visualization. Plays inline with full controls.
No phone number, no email, no personal information. Connect using only usernames and QR codes.
Screenshots and screen recording are detected and flagged. Your conversations stay private.
Share photos and play videos inline with the same encryption as messages. Media self-destructs with your timer.
Nobody reaches you without approval. If coerced, a Duress PIN silently wipes all data. Irreversible by design.
Start free with unlimited messages, photos, and contacts, or unlock theSHFT Pro for unlimited call length, video calls, host voice rooms, longer timers, larger groups, and Duress PIN.
No ads, ever · Cancel anytime · End-to-end encrypted
| Feature | Free | Pro |
|---|---|---|
| Groups | Up to 3 groups (50 members each) | Unlimited groups (up to 100 members) |
| Message Timers | 10s & 30s | 5s to 24 hours |
| Voice Calls | ||
| Unlimited Call Length | Up to 5 minutes | Unlimited |
| Voice Rooms | Join & Listen | Host |
| Video Calls | ||
| Duress PIN |
Every messenger has encryption now. Here's what they don't have.
| Feature | Most messaging apps | theSHFT |
|---|---|---|
| End-to-end encrypted | ||
| Post-quantum encryption (ML-KEM-768) | ||
| No phone number or email required | ||
| PIN-locked vault (Face ID / Touch ID) | ||
| Screenshot protection (content blacks out) | ||
| Duress PIN (panic wipe) |
Built from the ground up to protect your privacy with multiple layers of defense.
An emergency PIN that instantly and silently wipes all data. Irreversible. For extreme situations.
Screenshots and screen recording are detected; when a capture happens in a private conversation, your conversation partner is notified in real time. (iOS does not permit third-party apps to block captures at the OS level — but detection plus notification keeps the social contract clear.)
Our servers only store encrypted blobs for direct messages, group chats, and calls. We cannot read your direct messages, group chats, or call media; we cannot see your contacts. (Community posts and Stories use server-readable encryption so they can be served to other community members and viewers.)
Secure 12-word recovery phrase stored only on your device. The only way to restore your account.
Every direct message is encrypted with both classical (Curve25519) and post-quantum (ML-KEM-768) cryptography. Group chats use classical Sender Key encryption (X25519). An attacker must break BOTH to read your direct messages — even with a quantum computer.
Don't take our word for it — theSHFT's encryption core is open source on GitHub: the Signal-compatible protocol implementation and the ML-KEM-768 post-quantum hybrid layer. The PQ implementation uses the PQClean reference C library — the auditable, public-domain implementation used by other PQ deployments — compiled natively on iOS for constant-time execution.
We don't collect what we don't need. Your data belongs to you.
No IDFA, no cross-app tracking. Fully compliant with App Tracking Transparency.
Create an account with just a username. No personal information needed.
We never ask for or collect your physical location information.
We never access your phone's address book or contact list.
Built on proven cryptographic primitives. No proprietary algorithms. No security through obscurity.
Per-message keys with forward secrecy. Battle-tested, open primitives — nothing proprietary.
Direct messages are wrapped in both Curve25519 AND post-quantum ML-KEM-768 (NIST FIPS 203). An attacker must break both.
Post-quantum crypto uses the public-domain PQClean reference library, compiled to constant-time native code on iOS.
Local data is field-level encrypted with PIN-derived keys held in the iOS Secure Enclave. Never in iCloud backups.
Asynchronous key agreement protocol. Establishes a shared secret between two parties even when one is offline. Uses identity keys, signed pre-keys, and one-time pre-keys to prevent replay attacks.
Every direct message and group chat is encrypted with a unique key derived from a continuously evolving chain. Compromise of a single key cannot decrypt past or future messages. Forward secrecy built into every message from the ground up.
Every direct message is protected by both Curve25519 AND ML-KEM-768 (CRYSTALS-Kyber). Group chats use classical Sender Key encryption (X25519). An attacker needs to break BOTH the elliptic-curve discrete log AND the post-quantum lattice problem to recover direct-message plaintext. Vendored PQClean reference C implementation, compiled to constant-time native code.
All local data encrypted with keys derived from your PIN. On iOS, key material is stored in the Secure Enclave and never leaves the device. Database encryption at the field level, not just disk encryption.
Message created on your device
XSalsa20-Poly1305 with hybrid Curve25519 + ML-KEM-768 key
Encrypted blob over TLS 1.3
Decrypted only on recipient's device
Keys deleted after read, message self-destructs
All local data encrypted with AES-256-GCM. Keys stored in iOS Secure Enclave. Never included in iCloud backups.
Everything you need to know about theSHFT.
Enter your secret PIN on the lock screen. You set your PIN during account creation.
If you saved your 12-word recovery phrase, you can restore your account and set a new PIN. If you've lost both your PIN and recovery phrase, your data cannot be recovered. This is by design for maximum security.
No — for direct messages, group chats, and voice/video calls. These are end-to-end encrypted on your device before transmission; only you and your recipient have the keys, and we cannot read them even if we wanted to. Community posts and Stories are not end-to-end encrypted (so they can be served to other community members and viewers) but they're encrypted at rest with per-asset keys.
A Duress PIN is an emergency feature. When entered, it silently and instantly wipes all data from the app. This is irreversible and designed for extreme situations where you need to protect your privacy immediately.
Set a timer per conversation from 5 seconds to 24 hours. After a message is read, it automatically deletes when the timer expires. Deleted messages cannot be recovered through normal means — narrow exception applies where we are required by valid legal process to preserve specific messages.
Screenshots and screen recording are detected. When a capture happens in a private conversation, your conversation partner is notified in real time so the social contract stays explicit. iOS does not permit third-party apps to block captures at the OS level, so detection plus notification is the strongest signal a messenger can provide.
Tap the plus button and enter your contact's exact username, or scan their QR code. Both users must approve each other before messaging begins. This contact gating means nobody can reach you without your permission.
Yes — theSHFT Pro is a subscription, available two ways: a $9.99/month subscription or a $109.99/year subscription (8% off — best value). Both auto-renew until you cancel, and you can manage or cancel anytime in your App Store account settings.
Understanding the threats your current messenger won't tell you about.
Every app has encryption now. So why aren't we actually private? The answer lies in what encryption doesn't protect.
When you delete a message on most popular messengers, it doesn't actually disappear. Here's where it really goes.
Download theSHFT and take control of your private communications.
Download on the App Store