Encryption
Cirql uses end-to-end encryption (E2EE) for sensitive content. Data is encrypted on your device before being sent to the server, and only intended recipients can decrypt it. The service and employees never see the plaintext nor have the key to decrypt.
What IS Encrypted
Section titled “What IS Encrypted”The following data is encrypted on your device before it leaves — Cirql employees and services cannot read it:
| Data | Notes |
|---|---|
| Post content | Text, formatting, and mentions — all encrypted |
| Comments | Full comment text is encrypted |
| Media files | Images and videos are encrypted before upload |
| Polls | Questions, options, and vote counts are encrypted |
| Event descriptions & locations | Event body and location are encrypted |
| Real names | Encrypted per-recipient — only people you grant access can see it |
| Profile fields | Bio, location, website, email — all encrypted |
What is NOT Encrypted
Section titled “What is NOT Encrypted”Some data must remain readable by the service to function correctly:
| Data | Why it’s plaintext |
|---|---|
| Display alias | Needed for mentions, search, and display in lists |
| Cirql names & descriptions | Needed to display Cirql listings and manage membership |
| Event titles | Needed for notifications and calendar integrations |
| Post timestamps | Needed for feed ordering |
| Membership records | Server must know who belongs to which Cirql to deliver content |
| Reactions (emoji type) | Server needs to aggregate and display reaction counts |
How Search Works Without Reading Your Content
Section titled “How Search Works Without Reading Your Content”Cirql uses blind search tokens. When you create a post, your device generates cryptographic hashes of each word and sends them alongside the encrypted content. The server matches search queries against these tokens without ever knowing what the words actually are.
Encryption Modes
Section titled “Encryption Modes”During signup, you choose how your encryption keys are managed. This decision affects how you recover your account if you lose access to your device.
Effortless Mode — Recommended for Most Users
Section titled “Effortless Mode — Recommended for Most Users”- Cross-device login is straightforward
- Server-assisted recovery keeps you from losing access permanently
- Trade-off: relies on server-stored encrypted copy of your passphrase (the server still cannot read it without your identity information)
Self-Managed Mode — Maximum Privacy
Section titled “Self-Managed Mode — Maximum Privacy”- You receive a QR code backup during setup — print it or store it safely offline
- Two unlock options: passphrase (entered manually) or passkey (Face ID / fingerprint / security key)
- Trade-off: lose your backup and passphrase, and your data cannot be recovered by anyone
Switching Modes
Section titled “Switching Modes”You can switch between Effortless and Self-Managed mode later in Settings. The app walks you through a migration process to set up or remove server-assisted recovery.