Security & Privacy

Nimbus is built with a privacy-first approach, ensuring that your messages, keys, and data are always under your control. This section explains the encryption layers, key management, and server security that make Nimbus a truly secure platform.

Encryption and Data Security

Nimbus employs multiple layers of encryption to safeguard your communication at every step:

  1. End-to-End Encryption (E2EE):

    • Messages are encrypted locally on your device before being sent.

    • Only the intended recipient, with the corresponding private key, can decrypt the message.

    • Homeservers in the Matrix network act only as encrypted relays—they cannot read or store unencrypted data.

  2. Encrypted Sync Protocol:

    • Messages remain encrypted even when synced across multiple devices.

    • Encryption keys are securely transferred to ensure seamless, private communication on all your devices.

  3. AI Data Security:

    • AI features like smart replies and translations process data locally.

    • All AI outputs are encrypted before being integrated into your messages, ensuring zero data exposure.

Key Management

Nimbus follows the principle of "Not your keys, not your messages", ensuring you have full control over your encryption keys.

  1. Local Storage of Keys:

    • Encryption keys are stored locally on your device.

    • Nimbus never stores or manages your private keys—only you have access to them.

  2. Encrypted Backups:

    • For cross-device sync or recovery, keys are encrypted and backed up securely.

    • Recovering access requires your unique backup passphrase, ensuring no third party can intervene.

  3. Key Recovery:

    • Nimbus provides secure, user-controlled recovery options to regain access to encrypted data in case of lost devices.

Server Security

Nimbus leverages the Matrix protocol’s federated model to eliminate reliance on central servers and improve resilience:

  1. Federated Homeservers:

    • Users can choose existing homeservers or host their own for complete control.

    • Homeservers act as encrypted relays and cannot access unencrypted messages.

  2. Protection for User-Hosted Servers:

    • Nimbus encourages self-hosted servers with guidance on securing them against unauthorized access.

    • Encrypted communication ensures that even if a server is compromised, user data remains protected.

  3. Resilience to Failures:

    • Federation ensures no single point of failure—if one server goes offline, messages can still be routed through others.

Why Security and Privacy Matter

Nimbus sets a new standard for secure communication by combining:

  • User-Controlled Encryption: You own your keys, and no one else can access your messages.

  • Zero Trust Infrastructure: Homeservers and Nimbus itself cannot access your unencrypted data.

  • AI with Privacy: Local processing ensures that smart features work without exposing sensitive information.

Nimbus ensures that privacy is not just a feature but a guarantee—your communication remains secure, decentralized, and under your control.

PreviousMatrix IntegrationNextAI Decentralization

Last updated