Zero-Knowledge Architecture
We engineered Varta so that we know nothing about your conversations. Your encryption keys are generated on your device, stay on your device, and are never transmitted to our servers. We cannot read your messages — by design, not by policy.
"Cannot" is stronger than "will not"
Most platforms promise they "will not" read your data. Varta is architecturally built so that we cannot — even if we wanted to, even under legal compulsion, even if our servers are fully compromised.
Data Transparency
What our servers see
Complete transparency about what data touches our infrastructure and what never does.
Stored (encrypted or public)
All message content is stored only as encrypted ciphertext. Public keys are required for the key exchange protocol.
Never stored or accessed
Keys that never leave your device
When you set up Varta, your device generates a set of cryptographic key pairs locally. The private keys are stored in your device's secure storage and are never transmitted, backed up to the cloud, or shared with Varta servers.
Only the public portions of your keys are uploaded to facilitate the key exchange protocol. This is the mathematical foundation of zero-knowledge: we help deliver messages, but we never hold the keys to read them.
Identity Key Pair
A long-term Curve25519 key pair generated at registration. The public key is your cryptographic identity; the private key never leaves your device.
Signed Prekey
A medium-term key pair rotated periodically and signed by your identity key to prevent forgery. Enables asynchronous session establishment.
One-Time Prekeys
A pool of single-use key pairs uploaded in batches. Each is used once during initial key exchange, then permanently deleted from the server.
Session Keys
Ephemeral keys derived during the Double Ratchet process. Exist only in memory, unique per message, and immediately discarded after use.
Threat Model
What happens if things go wrong?
Zero-knowledge is not just a feature — it is your safety net. Here is how it protects you in worst-case scenarios.
Server breach
Attackers obtain only encrypted ciphertext. Without private keys (which exist only on your device), decryption is computationally infeasible.
Rogue employee
No employee at Varta has access to plaintext. The system is architecturally incapable of producing decrypted content, regardless of access level.
Legal compulsion
Even under a court order, Varta can only produce encrypted blobs and minimal metadata. We cannot comply with requests for message content because we do not have it.
Network interception
Messages are end-to-end encrypted before transport. Even if TLS is compromised, the attacker sees only ciphertext encrypted with keys they do not possess.
Metadata minimization
Beyond message content, we also minimize metadata. Delivery receipts are ephemeral and purged after delivery. We do not log who talks to whom, when, or how often. IP addresses are not stored with message records. We retain only the absolute minimum needed to route encrypted messages.
Privacy by architecture, not by promise
Join Varta and experience messaging where the platform is mathematically incapable of reading your data.