Skip to content
BrightBlur

Privacy & Security

BrightBlur treats its own server as untrusted. All sensitive operations happen on your device — the server stores only encrypted data it cannot read.

What happens on your device

Section titled “What happens on your device”
  • Face detection — AI models run in your browser via WebAssembly. No image data is sent to the server for detection.
  • Face recognition — fingerprints (embeddings) are computed locally and encrypted before upload. Matching happens client-side against encrypted centroids.
  • Encryption — photos and face slices are encrypted before they leave your device.
  • Decryption — when you view a photo, your browser fetches encrypted blobs, decrypts them locally, and composites the faces in real time.

What the server stores

Section titled “What the server stores”

The server holds encrypted blobs (photos, face slices, biometric fingerprints, keys) that it cannot decrypt. It can read metadata: your email, group names, membership lists, photo captions, and timestamps. It knows the shape of your social graph but cannot see any face data, photo content, or biometric information.

Hybrid post-quantum encryption

Section titled “Hybrid post-quantum encryption”

BrightBlur uses two encryption schemes simultaneously:

  • X25519 — a classical, battle-tested elliptic curve scheme.
  • ML-KEM-768 — a post-quantum scheme standardised by NIST.

Both key exchanges happen independently and their shared secrets are combined. An attacker would need to break both to read your data. This means that even if a quantum computer capable of breaking X25519 is built in the future, data encrypted today remains safe.

Key storage

Section titled “Key storage”

Your private keys are derived entirely on your device from a seed. The seed is wrapped by your passkey’s PRF output and stored on the server — but the server cannot unwrap it without the PRF secret, which only your device’s biometric hardware can produce. Your 12-word recovery phrase is an alternative way to regenerate the seed if you lose access to your passkey.

During an active session, the derived key is cached in your browser’s IndexedDB. It is cleared immediately when you log out. The server never sees your private keys.