Designed to be unreadable.
Your thoughts are the most personal data on the internet. We've built Mhisper so that — by default — we can't read them.
Encrypted everywhere
Everything that leaves your device is encrypted in transit; anything we keep on your behalf is encrypted at rest. An attacker on the wire — or further upstream — finds unreadable data either way.
Passkeys you own
The passkey that unlocks a memory file never leaves your device. We don't store it, can't recover it, and can't read what it protects. Lose it and the file stays locked — to you and to us alike.
Minimal attack surface
No analytics, no ad trackers, no session-recording scripts. Where Mhisper can work offline, it does. What we never collect can't be leaked, subpoenaed, or sold.
Boring infrastructure
We choose battle-tested vendors over flashy ones, run on a surface small enough to audit, and grant nothing access it doesn't strictly need. Excitement belongs in your bubbles, not the systems that carry them.
Operational practices.
- Strong authentication is required for anyone with access to production.
- Every change is reviewed by another engineer; production deploys can't be pushed by one person alone.
- Dependencies stay current and security fixes are treated as drop-everything work.
- Internal activity is logged and reviewed; access follows least-privilege and is revoked promptly.
- Vulnerability reports are welcomed, taken seriously, and rewarded — see below.
Found something? Tell us privately.
Email support@mhisper.com with details. We acknowledge within 24 hours and aim to resolve high-severity issues within 72. Eligible reports earn a bounty.