Security model

Private because of how it's built — not because we promise.

This page describes exactly how Cynth handles your data: how devices prove who they are, which paths your files take, what our servers can and cannot see, and what Cynth does not protect you from. No adjectives — mechanisms.

Identity & authentication

Every device proves itself. Both ways.

Each device generates an Ed25519 identity key when you set it up. That key never leaves the device. A TLS certificate is derived from it, and every connection — device to device, or device to relay — runs mutual TLS over QUIC: both ends cryptographically prove their identity before a single byte of your data moves.

There is no shared password, no session token that can be replayed from a server, and no account credential that grants access to your files. Pairing devices and adding contacts is an exchange of public keys; content is end-to-end encrypted between the paired endpoints.

What that means concretely

Transfer paths

Direct first. The fallback stays blind.

Cynth connects your devices in strict priority order and never silently downgrades privacy — every path carries the same end-to-end encryption:

01 · LAN direct

Same network

Devices find each other via mDNS and transfer at local speed. Traffic never leaves your network. Our servers aren't involved in the data path at all.

02 · WAN direct

Across the internet

Devices behind NATs punch a direct UDP path, coordinated by the signaling server. The signaling server sees connection metadata — never file data.

03 · Encrypted relay

Last resort

When no direct path exists, encrypted frames are forwarded through a DERP-style relay. The relay moves ciphertext between two authenticated endpoints. It cannot decrypt what it carries.

Visibility

What our servers can and cannot see.

Three services exist: an API server (accounts, device registry, contacts), a signaling server (presence, connection offers, hole-punch coordination), and the relay. Here is the honest inventory:

DataVisible to Cynth servers?
File contentsNever. End-to-end encrypted; keys exist only on your devices. The relay forwards ciphertext.
File and folder namesNever. Carried inside the encrypted transfer stream.
Stored copies of filesNone. There is no upload step and no server-side storage of transfer data — nothing to breach, subpoena, or lose.
Transfer size & timingRelay path only. Like any pipe, the relay can observe how many encrypted bytes pass and when. Direct paths expose nothing to us.
IP addressesYes, transiently. Signaling and relay need endpoint addresses to coordinate connections — inherent to making any connection work.
Account & device registryYes. The API server stores account data, registered device public keys, and your contact list — metadata needed for pairing, never content.
identity Ed25519 key, per device — never leaves it auth mutual TLS over QUIC, both ends verified paths LAN direct → WAN direct → blind relay content E2E encrypted on every path, no exceptions storage no server-side copies of transferred data
Threat model

What Cynth protects against — and what it can't.

Protected against

Not protected against — honestly

Cynth is proprietary software. We don't ask you to trust claims you can't check: run a transfer with a packet capture open. On LAN you'll see traffic that never leaves your network; on the relay path you'll see only TLS-protected QUIC between your device and d.cynth.app. The claims on this page are observable behavior, not marketing.

Reporting a vulnerability

Found something? Email security@cynth.app. Plain-text reports welcome; we respond to every substantive report and credit finders who want credit. No bug-bounty theater — just a direct line to the people who wrote the code.

Early access

Send with nothing in the middle.

Cynth is in active development. Join the list and you'll get one email when it's ready for your platform.

Get early access