Pigeon

What does zero-knowledge mean?

iPhone
Web

Zero-knowledge means Pigeon's servers never hold your unencrypted keys to read your messages. Decryption is architecturally impossible for us, not just against policy.

On this page

  1. The keys never leave your device unencrypted
  2. Why a promise isn't enough

The keys never leave your device unencrypted

When you send a message in Pigeon, it's encrypted on your device before it goes anywhere. Your encryption keys are generated on first app install and stored in your device's secure storage (iOS Keychain). They never leave your device unencrypted, so no one else can use them to read your messages. Pigeon's servers receive encrypted messages with no way to open them.

That's zero-knowledge. Not that we choose not to read your messages, but that we structurally can't, because we never have the keys.

Most apps that describe themselves as encrypted still hold your keys on their servers. That means the company can decrypt your data to power features, respond to legal requests, or run AI across your history. The data is protected from outsiders but not from the platform itself.

Pigeon is different in that specific way: the server is a delivery and storage system for data it cannot interpret. See our Security for more details.

Why a promise isn't enough

"We don't read your messages" is a policy. Policies can change. Through a product update, a new owner, a legal order, or a quiet terms-of-service revision. Most users won't notice.

Zero-knowledge is an architecture. It doesn't change unless you rebuild the system. Here's what this means in practice for Pigeon:

A subpoena served to Pigeon produces encrypted ciphertext. Without your device keys, it's unreadable. The server doesn't have the keys to hand over.

A data breach on Pigeon's servers exposes ciphertext. An attacker gets the same thing a subpoena would: data they can't decrypt without keys that live on your device.

An AI feature can't summarize your messages or search your history because there's no plaintext on the server to process. This isn't a setting you have to find and disable. There's nothing to disable.

The value isn't that Pigeon is more trustworthy than other companies. It's that the architecture removes trust from the equation.

For more information on our use of end-to-end encryption, see Is Pigeon end-to-end encrypted?

On this page

  1. The keys never leave your device unencrypted
  2. Why a promise isn't enough
Pigeon Chat App

Make it yours

Navigation
HomePricingFAQ
Company
Privacy PolicyContact

© 2026 Pigeon. All rights reserved. Built by Merandian.

What does zero-knowledge mean? | Pigeon