Security by Design

Your Privacy, Our Priority

Krill is built on the principle that your data belongs to you. End-to-end encrypted, zero-knowledge architecture, open protocols.

How E2EE Works on Matrix

End-to-end encryption using battle-tested protocols

The Encryption Stack

  • 1 Olm Protocol: Double Ratchet Algorithm (same as Signal) for 1:1 sessions
  • 2 Megolm Protocol: Efficient group encryption for Matrix rooms
  • 3 Curve25519: Elliptic curve for key exchange
  • 4 AES-256: Symmetric encryption for message content

What This Means

  • Your sensor data (location, photos, audio) is encrypted before leaving your device
  • Neither we, nor your Matrix server, can decrypt your data
  • Only your verified devices and your AI have the keys
  • Forward secrecy: past messages can't be decrypted if keys are compromised

Key Management

Secure storage on every platform

iOS

Keys stored in the Secure Enclave — a hardware-isolated processor. Even if iOS is compromised, keys remain protected.

  • • Hardware-backed key storage
  • • Biometric authentication
  • • Keys never leave the enclave

Android

Keys stored in Android Keystore backed by TEE (Trusted Execution Environment) or StrongBox where available.

  • • TEE-backed storage
  • • Fingerprint/Face unlock
  • • Automatic key rotation

Server (Gateway)

Your OpenClaw gateway stores its Matrix keys encrypted at rest using PBKDF2 + AES-256.

  • • Encrypted at rest
  • • Memory protection
  • • Ephemeral session keys

Backups & Recovery

Your keys, your control

What Gets Backed Up

  • Message History

    Encrypted on your Matrix server (you control the server)

  • E2E Keys (Optional)

    SSSS backup encrypted with your recovery passphrase

  • Device Settings

    Stored locally, can be exported manually

Key Recovery

If you lose your device, you can recover your encrypted history using:

  1. 1. Security Key: A 48-character code you save when setting up E2E
  2. 2. Security Phrase: A memorable passphrase you choose
  3. 3. Another Device: Verify from an existing logged-in device

⚠️ Without your recovery method, encrypted history cannot be recovered. We cannot help you — this is by design.

Compliance Roadmap

Our path to independent verification

Q1 2026
  • GDPR compliant
  • Privacy policy published
Q2 2026
  • • Security audit (crypto)
  • • Penetration testing
  • • Bug bounty program
Q3 2026
  • • SOC 2 Type I audit
  • • ISO 27001 prep
  • • Threat model published
Q4 2026
  • • SOC 2 Type II
  • • Annual security report
  • • Enterprise certifications

Want to discuss enterprise security requirements? security@silverbacking.ai

Questions about security?

We're happy to discuss our security architecture in detail.

Contact Security Team Back to Home