Security Model

End-to-End Encryption

uunn uses the Signal Protocol for all private and group messaging. Your messages are encrypted on your device and can only be decrypted by the intended recipient.

Threat Model

We design our system assuming that the server could be compromised or subpoenaed. Even in these cases, your message content remains secure.

What we protect against:

Employer surveillance of network traffic.
Database leaks or breaches.
Subpoenas for message content (we don't have it).

Best Practices

Use a strong, unique password.
Use a pseudonym that doesn't identify you (e.g., "Blue Jay" not "John Smith").
Do not use work devices or work WiFi networks if possible.
Verify invite codes with your coworkers in person.

Responsible Disclosure

If you find a security vulnerability, please report it to security@uunn.app using our PGP key. We offer a bug bounty for valid findings.