# Security & Privacy Nimbus is built with a **privacy-first approach**, ensuring that your messages, keys, and data are always under your control. This section explains the encryption layers, key management, and server security that make Nimbus a truly secure platform. *** ### **Encryption and Data Security** Nimbus employs multiple layers of encryption to safeguard your communication at every step: 1. **End-to-End Encryption (E2EE):** * Messages are encrypted **locally on your device** before being sent. * Only the intended recipient, with the corresponding private key, can decrypt the message. * Homeservers in the Matrix network act only as encrypted relays—they cannot read or store unencrypted data. 2. **Encrypted Sync Protocol:** * Messages remain encrypted even when synced across multiple devices. * Encryption keys are securely transferred to ensure seamless, private communication on all your devices. 3. **AI Data Security:** * AI features like smart replies and translations process data **locally**. * All AI outputs are encrypted before being integrated into your messages, ensuring **zero data exposure**. *** ### **Key Management** Nimbus follows the principle of **"Not your keys, not your messages"**, ensuring you have full control over your encryption keys. 1. **Local Storage of Keys:** * Encryption keys are stored **locally on your device**. * Nimbus never stores or manages your private keys—only you have access to them. 2. **Encrypted Backups:** * For cross-device sync or recovery, keys are encrypted and backed up securely. * Recovering access requires your **unique backup passphrase**, ensuring no third party can intervene. 3. **Key Recovery:** * Nimbus provides secure, user-controlled recovery options to regain access to encrypted data in case of lost devices. *** ### **Server Security** Nimbus leverages the Matrix protocol’s **federated model** to eliminate reliance on central servers and improve resilience: 1. **Federated Homeservers:** * Users can choose existing homeservers or host their own for complete control. * Homeservers act as encrypted relays and cannot access unencrypted messages. 2. **Protection for User-Hosted Servers:** * Nimbus encourages self-hosted servers with guidance on securing them against unauthorized access. * Encrypted communication ensures that even if a server is compromised, user data remains protected. 3. **Resilience to Failures:** * Federation ensures no single point of failure—if one server goes offline, messages can still be routed through others. *** ### **Why Security and Privacy Matter** Nimbus sets a new standard for secure communication by combining: * **User-Controlled Encryption:** You own your keys, and no one else can access your messages. * **Zero Trust Infrastructure:** Homeservers and Nimbus itself cannot access your unencrypted data. * **AI with Privacy:** Local processing ensures that smart features work without exposing sensitive information. Nimbus ensures that **privacy is not just a feature but a guarantee**—your communication remains **secure, decentralized, and under your control**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nimbuschat.ai/how-nimbus-works/security-and-privacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.