Security at PostMortem

PostMortem exists to hold the most personal messages you will ever write — so it is built on a simple rule: we must never be able to read them. Everything you put in a message box is encrypted on your device before it is uploaded, and only the recipients you choose can ever decrypt it.

Encrypted before it leaves your device

When you create a message box, your messages and attachments are encrypted locally on your phone using strong, industry-standard encryption. What travels to our servers — and what sits in our database — is ciphertext: scrambled data that is meaningless without the key.

This is different from services that encrypt data only 'in transit' and 'at rest' but hold the keys themselves. With PostMortem, the encryption keys are generated and kept on your side. There is no master key on our servers.

Zero knowledge by design

Because encryption happens on your device with keys we never receive, PostMortem staff cannot read your messages — not for support, not by court order, not even if our servers were fully compromised. An attacker with a complete copy of our database would learn nothing about what your messages say.

The honest trade-off of this design: if you lose your encryption key and your recipients lose theirs, no one can recover your messages. We think that trade is worth it, and we help you share access keys safely so it never comes to that.

How recipients unlock a message box

Each message box has access keys for its recipients. You share a recipient's key with them in advance — in person, or through any channel you trust. Holding a key alone does nothing: the box stays sealed until the check-in system determines you are unreachable and releases it.

When that happens, recipients open their box and decrypt it locally with their key. Delivery and decryption stay separate, so no single party — not even PostMortem — can both release and read a message.

What we store, and what we don't

We store only what the service needs to run: your account email, your check-in schedule and status, encrypted message boxes, and enough recipient contact information to reach them when delivery is triggered. We don't sell data, we don't profile you, and we can't mine content we're unable to read.

The details are spelled out in our privacy policy, and you can delete your account and all associated data at any time.

Your words, sealed until they're needed

Download PostMortem and create your first end-to-end encrypted message box for free.