Haven Logo
Haven
Request Access
Back to Haven

Trust · Security

Architected so we cannot betray you, even if compelled to.

Haven's security model assumes the worst about the network, the server, and the lawyer with a subpoena. The cryptography is designed so the answer to ‘what does Haven know?' is, by construction, almost nothing.

Last updated · April 2026

End-to-end by default

Every message, call, and file is encrypted on your device with keys we never see.

Hardware-backed keys

Private keys are bound to your device's secure enclave and never exported in plaintext.

Zero-knowledge servers

Our infrastructure stores ciphertext only — even a full server compromise reveals nothing.

Independently audited

Our cryptographic core is reviewed annually by third-party security firms.

01

The cryptographic core

Haven uses a modern double-ratchet protocol over X25519 key agreement and XChaCha20-Poly1305 authenticated encryption. Every conversation derives forward-secret session keys, so a key compromised today cannot be used to decrypt yesterday's messages.

02

Identity & device verification

Each member holds a long-lived identity key alongside short-lived per-device keys. Verifying a friend in person — or out-of-band over a trusted channel — pins their identity, and any new device they add will surface a clear, unmissable warning.

03

Data at rest & in transit

Beyond E2EE, all traffic is wrapped in TLS 1.3 with certificate pinning. At rest, our databases use envelope encryption with keys held in a hardware security module isolated from application servers.

04

Responsible disclosure

If you believe you have found a vulnerability, please write to security@haven.app. We acknowledge reports within one business day, work in good faith, and credit researchers in our public hall of thanks.

05

Government requests

We publish a transparency report twice a year. Because Haven holds only ciphertext and minimal metadata, the data we are technically able to provide in response to a lawful request is, by design, very small.