Skip to content
BrightBlur

Privacy & Security

BrightBlur treats its own server as untrusted. All sensitive operations happen on your device — the server stores only encrypted data it cannot read.

What happens on your device

Section titled “What happens on your device”
  • Face detection — AI models run in your browser via WebAssembly. No image data is sent to the server for detection.
  • Face recognition — fingerprints (embeddings) are computed locally and encrypted before upload. Matching happens entirely on your device.
  • Encryption — photos, face slices, captions, and comments are encrypted before they leave your device.
  • Decryption — when you view a photo, your browser fetches encrypted blobs, decrypts them locally, and composites the faces in real time.

What the server stores

Section titled “What the server stores”

The server holds encrypted blobs — photos, face slices, biometric fingerprints, captions, comments, and keys — that it cannot decrypt. It can read a limited set of metadata: your email, group names, membership lists, and timestamps. It knows the shape of your social graph, but it cannot see any face data, photo content, caption text, or biometric information.

Hybrid post-quantum encryption

Section titled “Hybrid post-quantum encryption”

BrightBlur uses two encryption schemes simultaneously:

  • X25519 — a classical, battle-tested elliptic curve scheme.
  • ML-KEM-768 — a post-quantum scheme standardised by NIST.

Both key exchanges happen independently and their shared secrets are combined. An attacker would need to break both to read your data. This means that even if a quantum computer capable of breaking X25519 is built in the future, data encrypted today remains safe.

Key storage

Section titled “Key storage”

Your private keys are derived entirely on your device from a seed. The seed is wrapped by your passkey’s PRF output and stored on the server — but the server cannot unwrap it without the PRF secret, which only your device’s authenticator can produce. Your 12-word recovery phrase is an alternative way to regenerate the seed if you lose access to your passkey.

During an active session, your browser keeps the wrapped seed and the PRF key in IndexedDB; the unwrapped seed itself exists only in memory, never in storage. Both the wrapped seed and the PRF key are cleared from IndexedDB the moment you log out, and the server never sees your private keys at all.