Passphrase rooms
Pick a phrase, share it with the people you trust, and you have a room. No registration, no invite link, no server-side membership list.
Secure Chat
Encrypted, peer-to-peer, passphrase-only.
A chat tool with no accounts, no servers in your traffic, and no metadata leaking out. Share a passphrase, find each other directly, talk in text, voice, files, or a group call — all encrypted in your browser before it leaves.
Live
Why this exists
Every "secure messenger" we tried wanted an account, a phone number, or a contacts list — and quietly logged metadata about who spoke to whom and when. Even the good ones make you trust a single company to keep that database honest, forever.
Secure Chat starts from a simpler premise: two browsers can talk to each other directly, with a key only the participants know. No account, no phone number, no contacts. You and your peer agree a passphrase out-of-band — read it from a sticky note, whisper it across a table — and that is the entire trust model.
It is for people who already understand that good privacy is structural, not promised. Journalists swapping notes, founders comparing offers, teams rehearsing a sensitive announcement, friends in countries that watch their networks. The tool is small enough to audit and stubborn enough to refuse anything resembling a backdoor.
How it works
You pick a passphrase. Anyone you share it with becomes a peer. The passphrase runs through a key-derivation function in your browser to produce a symmetric encryption key — every message, voice clip, and file is encrypted with that key using the Web Crypto API before it leaves your tab.
Peers find each other through a public WebRTC signalling service that only ever sees opaque handshake material. Once two browsers know each other, they connect directly. The signalling service does not see your messages, your voice, your files, or who is in which room — and Powerful Matter does not run it.
Privacy in one paragraph
Nothing about your conversation leaves your devices unencrypted. Not the messages. Not the voice. Not the files. Not the room name. Not the metadata. We don't have an account system, a database, or any server we operate that touches your traffic — open the network tab and verify it. The static page is the entirety of our involvement.
What it does
A full chat client, nothing of it on a server.
Text & voice
Send messages, voice clips, or jump into a realtime voice call. All payloads encrypted in-browser before transmission.
Files & images
Drag in any file or image; it is encrypted, chunked, and sent peer-to-peer. The recipient receives it directly from your tab.
Group calls
Multiple peers in the same room can talk together, with member list and live presence — no conferencing service needed.
Direct messages
Inside a room you can also DM individual peers. The same encryption applies; the rest of the room sees nothing.
Local search
Full-text search across every conversation you've held, all of it kept locally. Nothing to subpoena, nothing to leak.
Things people ask before they trust this.
Privacy claims should be verifiable, not just stated. These are the questions that come up most.
The shared passphrase is run through a key-derivation function in your browser to produce a symmetric key. Every message, voice clip, and file is encrypted with that key using the Web Crypto API before it leaves the tab. Peers derive the same key from the same passphrase — no key is ever transmitted.
There is a small public WebRTC signalling server that helps two browsers find each other and negotiate a direct connection. It only sees encrypted handshake material — never your messages, voice, files, or even who is in which room.
Anyone with the passphrase can join the room, so use one that is long and unguessable. Treat it like a vault key — share it through a channel you already trust, never publicly.
Closing the tab disconnects you from the room. Messages received while you were online are stored locally in your browser; you keep them. Anyone else still in the room continues without you.
No. The static page comes from us; the chat traffic does not. Open the network tab and you will see WebRTC connections going peer-to-peer — none of your text, voice, or files reach a Powerful Matter server.
Yes. Secure Chat is a responsive web app and works in modern mobile browsers — text, voice, calls, and file transfer all included. Add it to your home screen for an app-like launch.
Pick a passphrase. Talk. That's it.
No account to create. No server to trust. No metadata to leak. Just two browsers and a key only you know.