Privacy,with zest.

Zitrone is end-to-end encrypted messaging that disappears. No logs. No screenshots. No trace.

x3dh handshake · new key per message

Encrypted before it leaves your hands.

Signal Protocol. Every message gets its own key. We store nothing readable. Not because the law says so — because it's technically impossible.

Read it. It's gone.

burn-on-read · 600ms

Read it. Watch it go.

Burn-on-read. Timed destruction. 30 seconds to a week — your call. The server deletes the moment your recipient gets it.

ios / browser — blurred
Screenshot
blocked
android — blocked

Screenshots? We blur those.

Android blocks them entirely. iOS and browser blur your messages the instant a screenshot is attempted. We also watermark every conversation — if something leaks, we know who did it.

scan to connect · no phone number

No number. No email. No name.

Connect by QR code. Your identity is a key pair we generate on your device. We don't know who you are.

The flow

How it works

Five steps. Zero knowledge on our end, start to finish.

01

Generate keys

Your device creates your identity. Keys never leave your device.

02

Exchange codes

Share a QR or link. No personal info changes hands.

03

Send encrypted

Every message encrypted locally before sending.

04

Delivered and deleted

Server purges message the instant it's delivered.

05

Gone forever

Set to burn, or burn on read. Nothing stays.

Who it's for

Different reasons. Same guarantees.

Zitrone doesn't have a target demographic — it has a threat model. Four kinds of people lean on the same zero-knowledge, ephemeral architecture, each for a reason of their own.

Auditable

Privacy enthusiasts

You don't trust claims — you read the source. All of Zitrone is AGPL-licensed and public: the encryption, the relay, the apps. Zero-knowledge isn't marketing here — the server only ever holds opaque envelopes, and deletes them on delivery. And where something isn't finished, we say so; a known-limitations list ships with every beta.

Self-hosted

IT professionals

No vendor in the loop. The relay is a Go binary, a Postgres database, and a Docker Compose file — stand it up on your own box in minutes. The protocol is open, the source is public, and every release ships a SHA-256 checksum, so you can verify exactly what you're installing before it touches your network.

Data posture

Enterprise executives

The safest data is the data you never keep. Messages are store-and-forward only — deleted the instant they're delivered, with burn-on-read and expiry timers on top. No analytics pipeline, no ad model, no logs to subpoena. Data minimization isn't a slogan here — it's the architecture.

Ephemeral

Private investigators

Communication built to vanish: burn-on-read, timed destruction, and plausible-deniability vaults where a second passphrase opens a second world — with no cryptographic trace the first exists. Everything at rest is AES-256-GCM inside a fixed-size image that never records what it holds. We're honest about the boundary, too: no app can promise “unrecoverable” against a forensic lab holding your unlocked device — so we minimize what's left to find instead of pretending nothing is.

iOSAndroidLinux (.deb · .AppImage)Browser — no install needed
AGPL-3.0

We show our work.

Zitrone is open source. The encryption, the server, the apps — all of it auditable. Trust shouldn't require faith.

View on GitHub