Security

Signal Protocol

Privacy is the architecture, not a setting.

We designed Skycord so that even we can't read your messages. This page explains exactly how.

Get started free View source on GitHub

Signal Protocol (E2E)

AES-256-GCM at rest

TLS 1.3 in transit

Zero-knowledge architecture

Open source server

GDPR compliant

How it works

Four layers of protection.

Signal Protocol

End-to-end encryption

Every message, file, and voice call is encrypted using the Signal Protocol before it leaves your device. Not even Skycord can read your messages — ever.

Double Ratchet Algorithm for perfect forward secrecy
X3DH key exchange on every new conversation
Message keys are deleted after decryption
Encrypted at rest with AES-256-GCM

On-device keys

Key management

Your encryption keys never leave your device in plaintext. We store only public keys on our servers — the private key stays with you.

Private keys generated and stored on-device only
Public key registry for key exchange
Key rotation on device changes
Optional key backup with client-side encryption

Zero knowledge

We architect Skycord so that even a full breach of our servers reveals nothing. Metadata is minimised. Message content is inaccessible without your keys.

Message content never stored in plaintext
Minimal metadata collection
No message scanning or content moderation on our end
Transparency reports published quarterly

Open source

Self-hosting

Host your own Skycord instance on your own infrastructure. Full control over data residency, access, and backup. One Docker command to get started.

Open source server — audit every line
Your data stays in your datacenter
Full database access and ownership
No vendor lock-in, export at any time

Infrastructure

Built to stay up.

We run on redundant, geo-distributed infrastructure with automatic failover and continuous security monitoring.

Global CDN

Edge nodes in 30+ regions

Data residency

EU and US regions available

Uptime SLA

99.9% guaranteed for Business

SOC 2 Type II

Audit in progress (2026)

GDPR compliant

DPA available for Business plans

TLS 1.3

All transit encrypted

Responsible disclosure

Found a vulnerability? We pay for it. Reach out to security@skycord.space with a full report and we'll respond within 24 hours.

Critical (RCE / auth bypass)Up to $10,000

High (data exposure)Up to $5,000

Medium (information disclosure)Up to $1,000

Common questions

Can Skycord employees read my messages?

No. All messages are encrypted before they leave your device using the Signal Protocol. Our servers only ever see ciphertext. We have no technical ability to decrypt your messages.

What happens if Skycord gets hacked?

An attacker who breaches our servers would only find encrypted ciphertext, public keys, and minimal metadata. They would not be able to read any message content without access to users' private keys, which are never stored on our servers.

Is the server software open source?

Yes. The Skycord server is open source on GitHub. You can audit, fork, and self-host it. We believe transparency is a prerequisite for trust.

Do you comply with government data requests?

We comply with valid legal process. However, because of our zero-knowledge architecture, we can only provide public keys and connection metadata — never message content. We publish a transparency report each quarter.

What encryption does Skycord use for voice and video?

Voice and video calls use SRTP (Secure Real-time Transport Protocol) with keys negotiated via DTLS-SRTP. The media stream is end-to-end encrypted for 1:1 calls, and we're building E2E encryption for group calls in Q3 2026.

Your community deserves better.

Built on the same protocol that protects journalists and activists. Available to every Skycord community, for free.

Get started free Talk to security team

Loading…