Chromacrypt 1000 seats remaining
Access Portal Request Access
1000
total seats. ever. no exceptions.

The message was never there.

Not encrypted. Not encoded. Not hidden. Nonexistent. A messaging architecture where compliance is impossible -- by mathematics, not policy.

Request Access
0
servers storing messages
0
metadata traces
0
accounts required
1000
seats remaining. when they're gone, they're gone.
The Paradigm

Privacy is not encryption.

Every secure messenger encrypts the content but leaks the context. Who you messaged. When. How often. From where. Metadata is the real surveillance vector. Governments don't need to read your messages. They just need to know they exist.

Chromacrypt doesn't encrypt messages. It eliminates their existence. The same image decodes to a different valid message for every key. There is no "real" message to find. Not by you, not by us, not by any court on earth.

"We cannot comply."
Not a policy. A mathematical fact.

Messages are encoded as sub-pixel modifications in deterministically generated noise images. 0.049% of pixels are touched. 99.95% are pure entropy. Statistically undetectable. Forensically invisible.

Architecture

Nothing to subpoena.

The relay is a Cloudflare Worker running in ephemeral V8 isolates. No filesystem. No database. No logs. Here is what our infrastructure stores:

0
KV Bindings
0
R2 Buckets
0
D1 Databases
0
Durable Objects
0
Log Streams
AES-256
Key Encryption
100K
PBKDF2 Iterations
2496
Key Space
The Ceremony

Two phones. One code.
A key is born.

One device opens a session. A 6-digit code appears. Share it however you want -- speak it, text it, email it. It expires in 60 seconds and has zero cryptographic value to an interceptor.

The second device enters the code. Both devices generate 50-character IDs with 2247 bits of entropy each. The server computes a birthed key, encrypts it, pins it to IPFS, and destroys every input. The key never touches phone storage.

No certificate authorities. No key servers. No trust-on-first-use. No digital key exchange protocol to compromise. The only trust anchor is the person you chose to message.

847291
60s TTL · any channel · not a secret

"Hand over the data."
"There is no data."

A subpoena requires something to hand over. Our relay is a stateless function that processes and forgets. The birthed key is encrypted with a 495-bit password derived from IDs that no longer exist. The message self-destructs with a SHA-256 destruction receipt -- cryptographic proof it was received and destroyed, without revealing a single character.

Every message leaves behind exactly one artifact: a 64-character hash that proves nothing except that something once existed and no longer does.

Provable Ambiguity

1000 keys. 1000 messages.
Same image.

The encoded noise image is not a ciphertext with one correct plaintext. It is an ambiguous artifact that produces a different valid-looking message for every key applied to it. Key A reads "Meet me at 9pm." Key B reads "Buy milk." Key C reads "7xQ!m." Which is real?

Undecidable. Not by policy. By information theory.

Even if an attacker obtains the encoded image and a valid key, they cannot prove the decoded message is the intended one. This property is architectural, not a feature toggle. It exists because the compass maps pixels to characters deterministically for any key -- every key produces a grammatically arbitrary but structurally valid output.

Built in Belgium

European by architecture.
GDPR-native. Not an afterthought.

Not subject to the US CLOUD Act. Not built in Silicon Valley. Privacy is a fundamental right under EU Charter Article 8 and Belgian constitutional law. Chromacrypt doesn't comply with GDPR. It makes GDPR compliance irrelevant -- you cannot violate privacy rules for data that doesn't exist.

The message was never there.

1000 seats. Referral access only. When they're gone, they're gone.

Request Access