Is Pigeon end-to-end encrypted?

Yes. Messages are encrypted on your device before they leave it. Not even Pigeon or Apple can read them.

Nobody can read your messages including us

Every message you send using Pigeon is encrypted on your device before it goes anywhere. We store an encrypted copy of every message on our servers, but to us it's gibberish (ciphertext) so we can't read it.

This is end-to-end encryption. The "ends" are you and the people in your chat. Nobody in between can read your message or file: not Pigeon, not your network provider, not Apple delivering the message notification, not anyone intercepting traffic.

End-to-end encryption protects your content from the time it leaves your device to the time it's unlocked by the other members of your chat. Pigeon adds zero-knowledge key architecture (so we can't read your content even if we wanted to) for additional security.

For more information about zero-knowledge for your messages, see What does zero-knowledge mean?

Legal requests

If someone subpoenaed Pigeon's servers, they'd receive the encrypted version of your messages but they are completely unreadable without your device keys, which only exist locally on your device. They won't even know who sent you the message because that information is only stored on your device. They will only know that you received a message at a certain time but not what is said, who sent it, or in what chat you both are members.

For a full breakdown of how we protect your privacy and security, see our Security page.

What about Apple?

When a message is delivered to your device, it travels through Apple's push notification system. Apple handles the delivery — but they can't see the content. The message is still encrypted. Only your Pigeon app on your device can decrypt and read it.

Your messages are readable only by you and the members of your chat. The way it should be.