Is Pigeon end-to-end encrypted?

Yes. Messages are encrypted on your device before they leave it. Not even Pigeon or Apple can read them.

Nobody can read your messages - including us

Every message you send using Pigeon is encrypted on your device before it goes anywhere. We store an encrypted copy of every message on our servers, but to us it's gibberish (ciphertext) so we can't read it.

This is end-to-end encryption. The "ends" are you and the people in your chat. Nobody in between — not Pigeon, not your network provider, not Apple delivering the messages, not anyone intercepting traffic — can read what you wrote.

End-to-end encryption protects your content from the time it leaves your device to the time it's unlocked by the other members of your chat. Pigeon adds zero-knowledge key architecture (so we couldn't read your content even if we wanted to) for additional security.

For more information about zero-knowledge for your messages, see What does zero-knowledge mean?

Legal requests

If someone subpoenaed Pigeon's servers, they'd receive the encrypted version of your messages but they are completely unreadable without your device keys, which only exist locally on your device. They won't even know who sent you the message because that information is only stored on your device.

What about Apple?

When a message is delivered to your device, it travels through Apple's push notification system. Apple handles the delivery — but they can't see the content. The message is still encrypted. Apple delivers the encrypted message and only your app on your device can decrypt and read it.

Your messages are readable only by you and the members of your chat. The way it should be.